The 5 Best OT Cyber Security Transformation guidelines for 2023

For decades production environments and their control systems were totally independent of IT.For the past couple of years, the drivers like automation, industry 4.0, etc. had been cementing OT to IT and versa visa.This makes Manufacturing owners deal with the same type of cyber-attacks IT had been dealing with for the last 4 decades and without 4 decades of experience.Today cyber security for OT is no more afterthought or no thought.

Apart from asset owners and project managers, integrators, EPC, and control system vendors, all need to integrate cyber security tools and best practices.For an asset owner securing an OT is putting into action the key pillars of the Cyber security framework, tailored to their production environment.Good depth in defence i.e reducing the surface of vulnerability can be achieved by adding layers of security

·????????Best practices of cybersecurity framework which constitutes five functions that help secure the OT environment

1.??????Identify to understand the production environment.

2.??????Protect the OT environment from threats and contain the impact of a potential incident

3.??????Detect the timely discovery of cybersecurity events or incidents.

4.??????Respond to actions and incidents

5.??????Recover to maintain resilience and restore the services repaired by the treat incidents

·????????Another way to structure your defence in depth

1.??????Asset management: eventualities of all the assets and associated vulnerabilities

2.??????Access control to easy and secure access to processes and resources from users, devices, customers, vendors, etc

3.??????Network segmentation of the broadcasting domain from others

4.??????Logging and monitoring to identify patterns of activity on your networks, which in turn provide indicators of compromise

5.??????Risk management to evaluate what can go wrong before the incident actually happen.

Whatever best practices followed ,it is essential to address all of them to have defence in depth and to reduce the surface of vulnerability both in OT and IT.

Is Air gapping a myth or How Secure Are They?; Airgapping OT assets are nothing but physically separating OT and IT from any type of communication. The worst factor is the owner of OT Asset assumes it is air-gapped from IT and factually it is not.

Example – For any maintenance or upgradation, the designated vendor, field engineer or OT OEM needs to connect the critical asset remotely via VPN, technically the vendor might have only read-only access but the asset is no longer air-gapped. this may happen multiple times and might increase the chance of exposing the vulnerability…

Security through obscurity (or security by obscurity) is not a best practice, since IT will be in the dark of any incident on OT assets and it prevails in-house for a longer duration undetected.in such a scenario, the effects will be collateral damage to business and reputation. It is due to IT will have no logging and monitoring tool to detect any incident on the OT assets and perform remedial incident response, also there will be no up-to-date signatures for known vulnerabilities, both for the critical asset and traffic flow protection.

vulnerabilities propagated from USB had risen 19% to 52% and the most underestimate vulnerability are human error and dismantled employees.How to transform OT cybersecurity for any sized company: The key initiation will be from the leadership level since the convergence of cultural and business needs from the standpoint of OT verse IT is a very difficult step forward. It is a Teamwork starting CISO, CTO to project manager and network engineer and on the bigger sized company the team can extend to SOC - NOC log aggregate handlers and legal analyser.

The Step by Step approach for OT Cyber Security transformation can start with

1.??????Aboard the leadership with the appropriate Scope

2.??????Build the Team with OT, ITES, and IT specialist

3.??????Identify requirements concerning vulnerability, compliance, regulation, depth in defence, architecture, and inventory.

4.??????Constitute policies and processes considering best practices, security tools on hand or in need, and awareness.

5.??????Execute the plan with a continuous cycle of agile thinking approach and not in a linear and sequential approach

Cyber security maturity model is an ideal method to break up the security requirement of an organisation and understand where to put the focus on.

The capability-maturity cybersecurity model for any organisation can be transformed into simple steps

Stage 1: The customer is looking for a basic level of cyber security sufficient with a Firewall and endpoint. Network segmentation is very basic and depends heavily on human skills or system integrators’ skills to address any eventuality of the breach incident. The customers’ security level is technologically conservative and risk-averse, always seeking to control IT costs and this will result in low detection and will come to know only when operations are affected.?Our role will be to train the IT resource and continuously engage the customers’ leadership on the importance of secure inventory and identity management access.

Stage 2: In the corresponding year customers’ leadership will be ready to invest in basic level secure access, identity management, EDR, fully managed switches for networking, and basic NMS.IT resources should be trained in application controls, perimeter segmentation, device hardening, and Log collection and analysis. Such activity and planning will upgrade the cybersecurity posture to the next level of passive or reactive security. In this level customers’ security is to defend its assets but again depends heavily on the human skills

Stage 3: If the customer had imbibed the challenges on the cyber security in due course, will defiantly want challenges /threats to be contained. This will work with a documented process and procedures along with the security tools like orchestrated/synchronised endpoint protection, sandboxing, secured web application, advanced secure access, and application controls, micro-segmentation. The IT resources would be adequately skilled to support the organization's people, process, and technology. This marks the end of reactive /passive defence and organisations slowly move to Pro-Active defence.

Stage 4: The organisation involves in the collection and analysis of the data to improve cyber security outcomes using solutions like XDR, SOC, SIEM, Honeypot, continuous network availability monitors and sensors, anomaly and breach detection, etc. At this level, the organisation has clear roles and responsibilities for their IT professional, who are well-trained and experienced in due course of time. The organization will now explore automation opportunities to better respond to cybersecurity threats.

Stage 5: Cyber security is improved and optimised continuously from the experience gained from the existing process and adapted to protect the customer better. The solutions like MDR and SOAR automate the incident response to sustain the strong defensive layer and also to respond effectively to ever-changing threats/targeted attacks. This sustained defensive model creates a blueprint for organisations Cyber security maturity model.

When we approach an organisation as a cybersecurity solution vendor, it will be more appropriate to convey how they can better their protection level to have stable business continuity and how they can upgrade their defenses one step at a time. In this era of more sophisticated threats and vulnerabilities, there is no harm in advising the customer to update their defenses one step at a time since unlike the earlier days step by step approach will take more than a decade to mature and also with the limitation of budget. Today organisations are more aware and cybersecurity solutions have become handier to acquire.