What are the top three pieces of advice you would give a CISO to make the plant OT/ICS environment more secure from cyber attacks?
One of the great challenges in securing OT systems in the power generation and distribution industry is the age of system components. “The average lifespan of a typical ICS device is about 30 years,” says Brian Foster, an OT/ICS cybersecurity consultant at Portland General Electric. “And, of course, 30-year-old equipment was not built with cybersecurity in mind.”
In this environment of critical infrastructure controlled by a large variety of new and older ICS, Foster believes there are three essential actions the person responsible for OT security must do:
1. Take the time to understand your OT space. It’s essential to know what is in the environment before you can understand what it needs, but Foster points out that every environment is different. “It’s never the same from place to place in OT, and there’s going to be many different varieties of equipment,” he says. Part of understanding your environment is having a comprehensive inventory of control system assets as well as asset configurations and their changes. There are solutions available to help discover and monitor OT assets, but they are different than those used in IT environments.
2. Recognize that safety trumps all other concerns in an OT network. This is a fundamental cultural difference between OT environments and IT security, and it affects security strategy. For example, the traditional CIA model (confidentiality, integrity, and availability) is not meaningful in an OT network. “Our number one concern is safety, and any security in our networks has to be designed in a way that is safe. We can’t have a machine fail and kill someone. That’s just not an acceptable outcome. We approach everything with that safety mindset,” Foster says.
3. You must have visibility into the network. This means being able to see data packets that are moving around and executing the many controls in an OT system. For critical networks like those in the power generation and distribution infrastructure, scanning tools are more likely to be passive than active because of the risk of active tools interfering with a process. “Passive tools are unlikely to affect anything,” says Foster. “With active tools, you run more of a risk. Could it cause traffic on your network that causes a control signal to be missed, which is completely unacceptable? Whether it’s passive or active, these tools must be carefully evaluated before anything is put into place.”
This blog is one of many essays in the eBook Advice for CISOs: How to Approach OT Cybersecurity. Download the full eBook for more strategies from experts who are on the front lines of OT cybersecurity risk mitigation.
Download » Advice for CISOs: How to Approach OT Cybersecurity