The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Most of the time, the advantages of technology overshadow the recognition of challenges. IT/OT convergence has given a boost to the industry, there are many cybersecurity considerations. Due to a lack of legislation, best practices are filling the void. This article will give an overview of industrial cybersecurity best practices.
According to a survey presented by Veracode in 2022, more than 75% of all software applications have security flaws that can serve as a gateway to larger environments. With the spread of industrial IT (Information Technology) / OT (Operational Technology) integration, it means that almost every infrastructure is in possible danger of cyberattacks.
The two sides of the IT/OT convergence coin
Industrial IT/OT convergence has been accelerated by the advantages it offers to the sector. These advantages have made production faster, cheaper, and more automated. The convergence has been advancing at such a pace that the flipside of its use has never been given serious thought until recently. With the obvious advantages, challenges have surfaced as well. The need for a comprehensive solution has already appeared in recent years, but until this day, best practices are routine.
Best practices for IT/OT converged environment
During the years of broad-scale IT/OT implementation, operational and cybersecurity experience has been gathered. This serves as the basis for industrial best practices and their practical implementation, which ranges from recommendations to practical steps.
Regulations. Industrial regulations and legislation should set standards. Though there are some governmental initiatives – like Executive Order 14028 – for building an overall framework, the bottom-to-top need has already surfaced.
CIS Controls (Critical Security Controls) Version 8 is one of those comprehensive cybersecurity bottom-to-top frameworks that are the most often referred to by legal, regulatory, and policy bodies. CIS has been developed by the global IT community to set up practical cybersecurity measures. Each version is an evolution of the previous, so it is constantly evolving as practice, and technological advancement require it.
Zero Trust. In every critical infrastructure, the basic approach should be the “zero trust principle.” According to this notion, entering data, and exiting data, users, and context should be treated with the highest distrust.
Risk-based approach. It is a strategy that assesses hardware and software status to prevent cybersecurity risks and mitigate possible consequences of a breach. The process has several compliance points. These include device version and patching date checkup, finding security and safety issues, and revealing the exploitation history of applied devices.
The strategy is only effective if it is completed with constant threat monitoring. In this case, operators are aware of system vulnerabilities if there is no or a delayed system update.
Passive scanning. It is the “listen, but don’t touch” method. Scanners watch the data traffic of the entire system from its perimeters. These are usually installed at routers that collect information at strategic listening points without interacting directly with the system. Because of this lack of direct intervention, passive scanning is usually used for monitoring sensitive environments.
The upside of passive scanning is that it understands the entering and exiting dataflows, monitors the entire system and the operating software, and can find parts of the network. The downside is that the collectible information is limited, so there is little or no complete picture of the vulnerability status of the environment.
Active scanning. Scanners constantly monitor, evaluate, and assess the weak points of the environment. They can simulate attacks on the network to uncover hidden security gaps. Some active scanners are even able to resolve some discovered security issues.
On the flip side, these scanners only focus on certain points of the system and particular situations. They can easily overwhelm the monitored nodes, so it can affect the speed, performance, and uptime of the given part of the system.
The takeaway message is that best practice solutions are not replacements for each other. They complement one another in an ideal industrial environment to fence off different attack vectors. Though each has its advantages and disadvantages, used as complementing solutions, their strengths can be combined while weaknesses alleviated. This way the possible maximum protection can be achieved.