you can’t see, these devices
can be used by attackers as an
entry point into the plant for
things like Industrial Control
System ransomware. And, when
companies get sent a screenshot of
a human-machine interface with
a threatening message, they are
paying the ransom – we are even
seeing many organizations simply
factoring this into their budgets.
With the ongoing challenge of
legacy equipment and the critical
need for continuous uptime, many
operators have struggled to close
the security gap. And, these gaps
are what have historically resulted
in a legacy approach to securing
Operational Technology (OT)
assets, which commonly was to
isolate the gaps through air gapping
– a practice of removing assets’
outbound Internet connectivity. Yet
today’s connected world makes this
approach increasingly difficult.
The Solution
Nobody wants to be stuck in this
position. The security of critical
national infrastructure and OT has
been firmly in the spotlight since
the NIS Directive – which aims
to raise EU network security and
resilience – came into force in May
2018. Many companies are looking
for ways to identify anomalies in
network traffic early and control
each device in real time to avoid
getting hacked.
Industry leader ForeScout has
been taking a proactive approach
to this issue, starting by working
closely with clients to build a
real-time asset inventory of IPbased devices without impacting
performance or reliability.
The company conducts nondisruptive asset discovery and
classification by integrating with
existing network, monitoring and
inventory sources.
These discovery and classification
techniques construct a
comprehensive asset repository
to ensure access to timely and
accurate device information. It
also allows you to respond to
service requests and security
incidents with knowledge instead
of guesswork. This asset inventory
integrates with most configuration
management database (CMDB)
platforms and builds a strong
security foundation to resolve:
• What is on the network and
how to classify and manage it
• Who can access the network
and under what context
• How to stay within
compliance for regulatory and
security frameworks
• How to orchestrate a security
response in the event of
an incident, and most
importantly,
• How to improve security
without compromising
operational uptime
This is vital for several reasons. As
Brichant explains it to Computer
Business Review: “The air-gap
approach is increasingly difficult
in today’s digitalised world. A
more holistic approach is required,
migrating from an assumed air
gap to more robust network
segmentation combined with
a set of hygiene-based security
controls, very similar to common
IT security controls, but tailored
specifically for OT.”
A commitment to network
segmentation, which significantly
reduces system attack surfaces,
is a large part of the answer. In a
segmented network, users only
“see” the workstations, automation
equipment and other devices
necessary to perform their daily
tasks. Segments are created by
grouping common user types and
limiting network access to those
resources that users require to do
their jobs. Users in this context can
be people or device types. Building
control systems or point-of-sale
(POS) systems should be put on
their own segments to increase
security.
Brichant adds:
Old-school segmentation required
IT staff to manually update network
access on multiple network devices, but the ForeScout solution uses
real-time device context to automate policy-based assignment and
enforcement of ACLs and VLANs.
The complexity of actually solving
the critical infrastructure security
challenge is a major influencer that’s
driving the convergence of IT and
OT. Issues like these are foreign to
most OT operators, so it only makes
sense to loop in IT resources that
have been solving similar issues.
The threat is real, airgaps are going
away, and solving today’s threats is
going to take the whole team. And,
ultimately, having policy-based,
automated response to address common security issues frees up personnel for more complex and sensitive
cyber-risk issues.”
Headquarters
190 W Tasman Dr.
San Jose, CA, USA 95134
Toll-Free (US): 1-866-377-8771
Tel (Intl): +1-408-213-3191
Support: +1-708-237-6591
Please complete the form to gain access to this content
