OT systems are a critical piece of the US economy, Electrical Power Grids, Manufacturing Facilities, Water Supply, Food Production, plus much more. Some of the latest advancements in OT technologies take advantage of converged infrastructures allowing businesses to take advantage of operational efficiencies thus improving profitability.
In today’s environment OT leaders are not just focused on ensuring operations are functional but now have the added task of managing OT Cyber Security threats. According to a report provided by Fortinet 4 out of 10 OT Leaders lack the tools necessary to properly manage OT Security.
OT environments that depend on a converged infrastructure introduce new Cyber Security challenges that must be taken into consideration by the business. Unfortunately, this is one of the most vital pieces of Cyber Security that many organizations overlook or simply do not budget.
Here are a few of the basic items needed to help OT Leaders protect their environments.
First, the environment must ship OT device logs to a Security Information and Event Management solution (SIEM). The SIEM will collect all the data received then utilize AI to look for security events that could affect the environment. Example: A device in the OT environment has the Vulnerability Blue Keep running on its system. When the SIEM detects activities or signatures related to Blue Keep an alert can be sent to a SOC, NOC, or an organizations Security Operations Team for remediation.
Second, 85% of unique threats detected targeted Industrial Controls running OPC Classic, BACnet, and Modbus. Almost half of the data breeches in 2019 were due to software vulnerabilities exposed from unpatched environments. To understand your Cyber Security risk it is important to have an accurate inventory of the hardware and software living in the environment.
Your inventory will help you identify potential risks and develop strategies to patch the environment. For devices that cannot be patched it is important to develop a strategy that will allow you to place these devices behind some type of firewall so they can be protected from exposing their known vulnerabilities to the world.
Most of all, you need to have some type of endpoint protection installed on industrial systems. Endpoint protection will ensure only authorized software is allowed to execute in the environment. Endpoint protection can also alert when unknown software attempts to execute or a software abnormality is detected.
At the end of the day OT Leaders are working hard to keep operations running while increasing efficiencies through more automation. Unfortunately for most OT Leaders OT security is an afterthought or simply not on the table as OT Leaders struggle to obtain the talent, systems, or budget to manage the Security of their OT environments.
In my opinion budgets seem to be the biggest obstacle for many OT leaders. They simply do not understand how to measure or secure the OT environments they manage. This is where having a 3rd Party Cyber Security Expert can help.
As a Cyber Security Professional I can help businesses develop a strategy to identify risks, plan next steps to enhance their Cyber Security Posture, and ultimately help them develop Process, Procedures, and Standards that will ensure the OT environment is consistent, predictable, and secure.
Kip Kirchberg is an International Cyber Security Expert who has experience building World Class Cyber Security Teams. His experience has been leveraged by Multiple Fortune 500 organizations to help build, tune, and enhance their Cyber Security Posture.
Experience includes but is not limited to Building SIEM platforms, Endpoint Security, 3rd Party Remote Access, Industrial Control System’s, NextGen Firewall’s, Threat Hunting to Identify Cyber Security Risks, Generating Executive Reports that lead to actionable data, Build and maintain Incident Response Team’s, Draft and Adopt Corporate Cyber Security Governance, Internal and External Pen Testing, Team Building, plus much more….
You can reach out at 863-734-8060 or [email protected]
