LAN 2.0

Introduction:

From its inception, the internet has undergone numerous changes and advancements, transforming the way we communicate, learn, and do business. However, one aspect that has remained relatively unchanged is the Local Area Network (LAN), the private IP space that runs behind the scenes of our digital world. That is, until now. With the introduction of cloud technology and the convergence of non-traditional networked devices, the LAN is undergoing a significant migration that is redefining its role in the ever-evolving cyber landscape. This transformation has given rise to the concept of LAN 2.0, ushering in a new era of connectivity and security. In this white paper, we will explore the components of LAN 2.0, the factors driving its evolution, and the potential security concerns that come with this new frontier. From the increasing integration of Operational Technology (OT) and Internet of Things (IoT) devices to the pressing need for collaboration and best practices, let's delve into the captivating world of LAN 2.0.

The concept of the world wide web has morphed at a hyper rate of transformation throughout its existence. It has been classified into different stages such as the read-only Web 1.0, the more interactive Web 2.0, and the loosely defined decentralized Web 3.0. Currently, there is an ongoing development of the underground and ambitious idea of Web 4.0. However, while the internet has experienced this evolution, the private IP space, known as the Local Area Network (LAN), has remained relatively unchanged. This was until the emergence of cloud technology and the convergence of non-traditional networked devices. As a result, the LAN is undergoing a great migration and is becoming significantly different from its previous static nature.

Various organizations have adopted different approaches when it comes to implementing Wide Area Network (WAN) frameworks, hybrid cloud models, and merging their operational technologies. However, the future trend is heading towards a LAN that is distinct enough to redefine how we perceive and conceptualize it, which has led to the designation of LAN 2.0.

To provide clarity on these terms, we define Critical Infrastructure (CI) as vital assets on a WAN that are essential to the functionality of a region or nation. Operational Technology (OT) is defined as assets on a LAN that are imperative for the operations of a specific organization. Meanwhile, IoT includes LAN and WAN assets that are not crucial to an organization but are still connected to IP-based networks. For example, a surveillance camera system may not be crucial to a marketing company, but its outage could affect the safety of a prison.

LAN Migration:

During the early 2000s, those of us who were fortunate enough to work as network administrators had a deep appreciation for the security model of the Local Area Network. This fortified structure made it easy for us to understand the edges, boundaries, and location of our valuable assets.

We had a thorough understanding of the North/South and East/West traffic flow and were able to effectively segment our networks, managing access and objects with Access Control Lists (ACL) and Lightweight Directory Access Protocol (LDAP) system.

It truly was the good old days.

The first contributing factor to changes within the LAN is the great migration to the cloud. The migration to the cloud was activated with “cloud first” strategies and data center consolidation efforts like the Federal Data Center Consolidation Initiative. Then, COVID put the migration strategies into hyper speed.

Many organizations were forced to migrate quickly to maintain operations with Work From Home (WFH) technologies, then adapted security models such as Secure Access Service Edge (SASE) and Zero Trust. Many of these terms got blurred with vendor Go To Market (GTM) campaigns and proprietary technologies, but essentially, SASE extended the LAN into a WAN, and Zero Trust shortened the perimeter to the End Points. The result was data computing outside of the organizations traditional security stack in their “on-prem” data center to distributed home offices utilizing VPN’s, and Software as a Services (SaaS) platforms.

The convergence of Operational Technology (OT) and Internet of Things (IoT) devices connecting to the network is the second contributing factor to changes within the Local Area Network (LAN).

In recent years, OT and IoT have become increasingly integrated within traditional IT enterprises, resulting in significant changes to data and protocols transmitted over private IP networks. Terms such as "Critical Infrastructure" (CI) and "Operational Technology" (OT) to describe industrial systems that fall under the 16 critical infrastructure sectors designated by the Department of Homeland Security (DHS). These systems are considered vital to the United States and their incapacitation or destruction would have a detrimental impact on national security, economic security, public health, or safety.

Previously, many OT and IoT systems were isolated on analog networks. However, as companies adopt new systems, they are increasingly transitioning to IP-based systems. Vendors now primarily offer IP-based systems and it is too costly to maintain a separate network for OT/IoT systems. As a result, communication protocols such as Modbus, DNP3, PROFIBUS, PROFINET, BACnet, DMX, and others are now being found on LANs in the form of audiovisual systems, payment systems, kiosks, water systems, HVAC, closed-circuit television, surveillance and intrusion detection systems, paging systems, building management systems, industrial control systems, and supervisory control and data. The emergence of IoT smart technologies has further contributed to the connection of devices such as Tesla cars, robots, and audiovisual systems to wireless networks.

Cybersecurity Concern:

Cybersecurity concerns regarding OT/IoT have become a pressing issue. These systems are prime targets for several reasons, one of which is their impact on the physical world. This means that the risks involved are on a larger scale compared to information-only setups. The potential consequences include loss of life, ecological harm, theft of intellectual property, damage to a brand's reputation, and significant financial losses.

Moreover, OT systems are often used as a starting point to gain access to data networks, allowing attackers to pivot and exploit other areas. This was clearly demonstrated during the well-known 2013 Target breach, where Point of Sale (PoS) devices were used to steal credit card information.

The emergence of ransomware in LAN 2.0 has also contributed to the rise of cybersecurity concerns. Threat actors have shifted their focus from organizations with desirable assets, such as Protected Health Information (PHI), Personally Identifiable Information (PII), Proprietary Information (PI), and Classified Information, to networked systems that can be taken offline. In such cases, the attackers demand ransom in exchange for the decryption keys to bring the systems back online. Furthermore, there is a risk of double extortion, where the threat actors not only hold the system hostage but also threaten to release stolen protected data if their demands are not met.

Another factor contributing to the increasing vulnerability of OT/IoT systems is the rapidly expanding attack surface with the rise of the Internet of Things (IoT). The IoT industry is determined to deliver a multitude of devices to consumers in a market largely driven by affordability and user-friendliness. Threat actors are also targeting OT systems because they are consistently online and can be used for purposes such as crypto mining or gaining persistent access. Additionally, a significant portion of OT traffic is encrypted, making it challenging to conduct deep packet inspection and detect potential threats.

Concerns surrounding OT convergence are a result of significant differences between the development and implementation of cyber security in the Operational Technology (OT) and Information Technology (IT) realms. Despite the growing importance of securing OT systems, it is apparent that OT cyber security is markedly behind IT security in terms of organizational development, funding, available tools, and resources. The reliance on "air gaps" to protect industrial control systems from internet-based cyber-attacks highlights the physical isolation of OT systems, which has now being exposed to the entire internet.

In addition, many OT components were not designed with security considerations in mind, resulting in outdated systems, protocols, and priorities. This lack of foresight has left these systems vulnerable to newer cyber threats. While the IT realm has largely adopted the standardized TCP/IP protocol, the OT domain is lacking such uniformity. These differing protocols often lack compatibility with each other and do not align with the common protocols used in IT-based security tools.

Overall, the concerns surrounding OT convergence are significant and demand immediate attention. It is essential that the OT realm catches up to the level of cybersecurity preparedness that the IT realm has achieved. It is imperative for organizations to invest in the necessary resources and tools to secure their OT systems and bridge the gap between IT and OT cyber security. Without addressing these concerns, the risks of cyber-attacks on critical infrastructure and industrial control systems will continue to grow.

Human Resources:

One underreported yet crucial issue surrounding LAN 2.0 OT systems is that of ownership. In some organizations, the OT systems were typically owned and managed separately by each individual department, rather than being under the control of the IT department. This often resulted in a focus on functionality over security in the design and acquisition of systems. In other organizations, the responsibility fell on the IT department to design and acquire technology, despite them lacking expertise in these specific technologies and protocols.

LAN 2.0, it is crucial for ownership to align with the organization's cybersecurity risk management strategy. This requires a collaborative approach between mission owners and cybersecurity teams. It is important to recognize that individuals solely specialized in either OT or IT cannot fulfill all the security requirements on their own. To effectively reduce enterprise risk and safeguard the entire cyber domain, it is crucial to develop a strategic staffing plan that integrates IT and OT duties into the workforce development program. This will promote a more cohesive and comprehensive approach to cybersecurity within the organization.

LAN 2.0 will require network administrators to shift from technical knowledge of traditional on premises system administration to vendor management through the subject matter expertise of Service Level Agreements, Scopes of Works, etc… In some cases, admins will need to identify what level of telemetry logs they have access to with their cloud providers. They might need to justify the expense of paying for more depth of logs.

Another important issue to consider with the convergence of technology is the potential cybersecurity risks regarding the Internet of Things (IoT), peripherals, and supply chain. A concerning trend is that many IoT devices are shipped with disabled authentication, pre-set passwords, minimal security patches, and the communication with foreign IP addresses (referred to as “Diagnostic” features).

Vendors must take greater responsibility in ensuring that these devices are properly secured before reaching the customer's location. The concept of "security by design" is crucial, as it establishes security as a key objective throughout all stages of product creation and deployment. This is necessary because, historically, security considerations were often only addressed in the late stages of hardware deployment and IoT design. Addressing security from the beginning of the design and prototyping phases is crucial to mitigating potential risks and protecting customer data.

Best Practices:

Now that we have a better understanding of LAN 2.0 and its associated cybersecurity concerns, it is imperative to establish effective best practices for managing this new domain. In many cases, this means going back to basics. Here are eight recommendations for managing LAN 2.0.

1. Asset management is often overlooked and undervalued in operational technology. By improving organizations' visibility and control over their assets, potential vulnerabilities in the infrastructure can be identified.

2. Organizations must prioritize joint education and awareness sessions. These workshops bring together key leaders from both the OT and IT departments to exchange insights and establish effective communication and understanding threats and risk in LAN 2.0.

3. It is important to keep track of firmware and software versions to ensure timely application of security patches, reducing the risk of exploitable outdated software.

4. Utilize both agentless and agent-based vulnerability scanning technologies for flexibility in scanning various devices. OT specific network monitoring tools, such as the free NSA tool Grass Marlin, and vulnerability scanning tools that are less intrusive to OT/IoT devices.

5. Customizable scan policies are also crucial in adjusting scan intensities and minimizing disruptions to critical operations.

6. Incorporate EDR capabilities designed for scanning and assessing third-party devices with a focus on identifying potential security risks and vulnerabilities in operational technologies.

7. Understand when to leverage EDR, Network Detection and Response (NDR), Extended Detection and Response (XDR), and Security Information and Event Management (SIEM) technologies based on the business operations and enterprise architecture.

8. Authentication management will be different compared to the LAN 1.0 LDAP control, but new technologies have emerged to facilitate the administration. Controlling hybrid cloud access will require the use of Single Sign On (SSO), Cloud Access Security Broker (CASB) and password managers for systems that do not yet integrate with technologies such as Security Assertion Markup Language (SAML).

9. Multifactor Authentication will be another obstacle that will be bolted on until these technologies are built with more capabilities.

10. It is essential to keep all devices behind a firewall and only connect to them using secure connections.

11. Unnecessary ports, protocols and features should be disabled, and networks should be sub-netted to enhance security.

12. Regularly update firmware in a testing environment before implementing it in production.

13. Physical security measures such as locking racks, disabling ports on kiosks, using camera covers, and USB blockers should also be used.

14. Utilizing a device that is IoT SAFE-compatible, one can establish a secure connection to the cloud through a mutually authenticated TLS session, known as Zero Touch Provisioning.

15. A combination of macro segmentation and zero-trust security principles can be beneficial. Macro segmentation divides the OT environment into manageable segments.

Conclusion:

The Local Area Network (LAN) has traditionally been relatively static and unchanged throughout the evolution of the internet. However, with the emergence of cloud technology and the convergence of non-traditional networked devices, the LAN is undergoing a great migration and becoming significantly different from its previous form. This transformation has led to the development of LAN 2.0, with the integration of operational technologies (OT) and Internet of Things (IoT) devices, along with challenges such as cybersecurity risks and ownership. To effectively manage these changes, it is crucial for organizations to prioritize collaboration and joint education between IT and OT departments, establish asset management protocols, and implement networking best practices and zero-trust security principles. As LAN 2.0 continues to evolve it is imperative for organizations to adapt and innovate to secure their networks and protect against potential cyber threats.