nexus_secure-design.jpg
Operational Technology
Industrial
Operational Resilience

Overcoming Inherent Design and Security Limitations of OT Devices

Juan Piacquadio
Tim Hall
/
Sep 19, 2023

In today's interconnected industrial landscape propelled by the emergence of Industry 4.0 and the need to converge information technology and operational technology systems, industrial automation and control systems (IACS) that once existed in isolated security bubbles now confront unprecedented threats. Operational technology (OT) devices, which are integral to overseeing and managing tangible processes in industrial arenas often come with inherent design and security vulnerabilities. To combat the intrinsic vulnerabilities of these cyber-physical systems, security experts should prioritize secure infrastructure designs, enhance remote access safety, maintain continuous security surveillance and assessments, employ strategic patch management, and implement comprehensive backup strategies.

Secure Architecture and Design Considerations 

In an era where operational technology (OT) devices underpin our essential infrastructures, their inherent design and security challenges, such as lack of support for encryption and authentication or restrictions in endpoint security due to hardware limitations, become increasingly critical. These issues have been discussed in our previous article “IT/OT Convergence Challenges, Part 1: Managing Vulnerabilities in your Industrial Automation and Control Systems.” 

Architectures that are both secure and resilient are essential in mitigating the vulnerabilities embedded in these OT devices. In the realm of IT cybersecurity, the CIA triad—confidentiality, integrity, and availability—is often cited. Yet, for OT, it shifts, presenting the AIC model, which includes safety, hence SAIC to reflect the different priorities of IACS. Regardless of whether safety stands first in these models or not, its integration into a robust and adaptive architecture is non-negotiable. Such architectural considerations encompass redundant devices, failover mechanisms ensuring high availability, backup equipment, sandboxed testing environments, digital twins, and dedicated disaster recovery sites. The extent of investments into these functionalities should be dictated by system prerequisites and overarching business objectives. 

Regardless of whether safety stands first in these models or not, its integration into a robust and adaptive architecture is non-negotiable.

Following an existing OT cybersecurity framework can help organizations identify appropriate security controls and benchmark their security posture against competitors and other industries. Seeking certifications not only fortifies the security stance but also elevates the organization's market standing. Examples of these standards include NIST 800-82 and the ISA 62443 series.

Central to the ISA 62443 framework's philosophy is the concept of security zones. Security zones are logical or physical network segments that should be separated by a firewall to reduce the impact and movement of potential threats within an IACS network. This includes the use of one or more demilitarized zones (DMZ) which separates the IT networks from the OT networks to control and monitor ingress and egress of data to and from control networks. Risk assessments can help determine the significance of the vulnerabilities of the IACS components and inform the design of the security zones.      

Secure Remote Access Complexities in OT

In the complex landscapes of IT and OT, the reliance on service providers and suppliers for system troubleshooting and maintenance is critical. Some systems may also have business use case requirements to enable remote access for end users to run reports, monitor alarms, or for other ongoing operations. A secure remote access (SRA) strategy is needed to ensure that only the right individuals can access systems, only at the right times, and solely for approved activities. Additionally, a SRA strategy should include the ability to track and audit the actions performed by both users and administrators. In short, SRA should facilitate the collection of authentication, authorization, and accounting, or AAA logging, in addition to other security controls based on business or industry specific requirements and regulations.

SRA solutions and strategies may leverage existing remote desktop jump boxes, cloud-hosted virtual desktops, or zero-trust IT platforms. Security leaders may also opt for an all-in-one SRA solution purpose-built to provide AAA logging, zero trust security controls, and role-based access, as well as security monitoring and response capabilities. 

Security Monitoring and Assessments a Foundation for Response

In the operational technology (OT) field, where devices and systems integrate to drive our most critical infrastructure, proactive risk management emerges as a keystone. By aligning risk mitigation strategies with organizational tolerances and business imperatives, entities can preemptively address threats, maintaining an upper hand rather than in response to an emergency scenario. Proactive identification and management of risk reduces impact, losses, and potential reputational damage. 

However, IACS and systems leveraging OT technologies may be sensitive to active monitoring and polling used in traditional IT monitoring solutions. Additionally, they may not incorporate security logging functionalities used to send data to a security information and event management (SIEM) or other security monitoring tools. Addressing this vacuum, a new generation of OT-specific security solutions has surfaced. These tools deliver unprecedented visibility into IACS, offering functionalities like passive automated asset identification, vulnerability scanning, and threat detection, all while ensuring there's zero intrusion or disruption to mission-critical processes. 

In addition to monitoring, periodic security assessments can help proactively identify risks to IACS and OT systems. As with secure architectures, there are multiple frameworks for conducting these risk assessments. The Cybersecurity and Infrastructure Security Agency (CISA) offers a variety of strategic and control-based risk assessments to US critical infrastructure organizations including resilience and external dependency management assessments, architecture reviews, and penetration testing. While private cybersecurity firms offer specialized services in this domain, organizations can also benefit from a large number of freely accessible tools designed to empower in-house experts in conducting rigorous security assessments of OT landscapes.

Patch Management Must Balance OT Needs, Overall Risk Tolerance

The established process of addressing vulnerabilities and managing patches in modern IT systems presents a distinct set of challenges when applied to OT systems. Given the specificities and sensitivities of OT environments, there's a compelling demand for specialized patch management and vulnerability mitigation strategies tailored for their unique operational demands, as discussed in our previous article “IT/OT Convergence Challenges, Part 2: Vulnerability Management Course of Action to Reduce Risk.” 

Addressing cybersecurity vulnerabilities in these cyber-physical interfaces is not just a matter of good practice—it's an imperative. Nonetheless, an inadequately executed patch management procedure or impromptu patch application can result in significant adverse impacts on IACS. The imperative, therefore, is a holistic patch management regimen, one that's cognizant of the unique challenges of OT systems, and that meticulously calibrates its tactics in alignment with an organization's risk thresholds, regulatory landscapes, and operational priorities.

Secure Backups Easy as 3-2-1

As we explore the intricate landscape of today's information systems, we're confronted with an array of threats that range from basic system glitches to complex scenarios such as natural disasters or cybersecurity attacks. Each of these issues carries the potential to destroy invaluable data and systems.

At the heart of a resilient architecture, a well-articulated backup strategy is needed—a safeguard against potential data loss and system disruption, ensuring swift restoration and the continuance of business-as-usual. A time-tested safeguard in this realm is the 3-2-1 backup solution: maintaining three iterations of data, stored across two different media, with one copy securely housed offsite. 

In an era where cloud technology reigns supreme, cloud backup strategies have evolved, presenting multiple viable possibilities. However, the threat canvas has also expanded, with ransomware outfits not just encrypting but actively seeking out and destroying backups. The need for "immutable backups" to address this threat has never been more pressing. These backups, resistant to tampering even by privileged users, have transitioned from being a luxury to an essential component of a fortified backup blueprint.

While the fiscal considerations of deploying state-of-the-art backup solutions can seem daunting initially, one must weigh this against the catastrophic costs of potential data or system losses. This is especially pertinent in sectors like healthcare, manufacturing, and critical infrastructure, where even transient downtimes could ripple through, jeopardizing supply chains, entire communities, or even life-saving medical procedures. In the modern age, a robust backup strategy isn't just an IT best practice; it's a critical linchpin for operational continuity and societal stability.

Recommendations

Navigating the complex landscape of modern information systems, especially within the sphere of OT devices, is both a challenge and a necessity for organizations. Throughout this article, we discussed the criticality to prioritize security and resilience amidst a landscape fraught with threats. From exploring the unique demands of OT systems and examining the foundational principles of backup strategies to ensuring proactive risk management, our journey underscored the essential balance between technological advancement and security mindfulness.

As we conclude, it's evident that the convergence of IT and OT, while presenting numerous advantages, also brings forth unique vulnerabilities. By harnessing best practices, leveraging established frameworks, and maintaining a proactive stance on security, organizations can not only protect their assets but also thrive in this digital age. The insights from this session serve as a testament to the ever-evolving nature of cybersecurity and the ongoing need for vigilance, adaptation, and innovation in safeguarding our digital ecosystems.

Operational Technology
Industrial
Operational Resilience
Juan Piacquadio
CIO & VP, Information Technology at Phlow Corporation.

Juan Piacquadio is the CIO & VP, Information Technology at Phlow Corporation.

Tim Hall
Director of Information Security at Phlow Corporation.

Tim Hall is the Director of Information Security at Phlow Corporation.

Stay in the know Get the Nexus Connect Newsletter
You might also like… Read more
Latest on Nexus Podcast