What are the top three pieces of advice you would give a CISO to make the plant OT/ICS environment more secure from cyber attacks?
Jose Mendez is responsible for formulating and deploying a cybersecurity strategy around the industrial networks in the mining industry. According to Mendez, the mining industry is starting to pay closer attention to OT security, due in part to a kind of “creeping” OT/IT convergence that is happening, often without IT’s knowledge. “In my experience, the OT network was independent from IT,” he explains. “The IT people never considered OT because there was this gap between OT and IT. They didn’t have to worry. But when we started documenting OT systems, we found cases where OT brought in a vendor to install something that would send out telemetry over the Internet. This was happening without the control or knowledge of IT.”
Mendez recommends taking these steps:
1. Document everything. “The IT network gets audited and you’re forced to keep and maintain a level of documentation about systems that you use, and the controls that you use to protect them. It should be the same for OT systems,” Mendez says. He suggests using a vendor who can make a complete assessment and report on all your PLCs and controllers, and then move forward from there.
2. You need to have visibility into your assets and what’s moving in the network. “By visibility, I mean being able to see system detail, all traffic coming in and out, all the nodes that are there and their patch levels, and the types of communications that are happening. The ultimate goal is to have a service similar to an IT network SOC,” says Mendez. “If you’re not monitoring, you’re leaving yourself exposed.” But he also cautions that the monitoring constraints are different for OT. “You have systems controlling things at the nanosecond and microsecond level. Any type of latency introduced by monitoring could have a potential impact.
3. You must apply network controls to the OT network. “What I mean by controls is applying the same type of processes that you have for your IT network into the OT network,” says Mendez, who is passionately committed to improving OT security. “You want to have proper onboarding when it comes to new systems. You want to have proper patching, updates, backups, and antivirus. You need to establish processes that are standard operating procedures, fine-tuned for the OT network.”
This blog is one of many essays in the eBook Advice for CISOs: How to Approach OT Cybersecurity. Download the full eBook for more strategies from experts who are on the front lines of OT cybersecurity risk mitigation.
Download » Advice for CISOs: How to Approach OT Cybersecurity