t cht lk
“
John Madisson, Senior Vice President,
Products and Solutions, Fortinet
recently they have been traditionally isolated
from the Internet. One of the reasons for
this is because these systems are often
tasked with monitoring and managing
the highly sensitive processes associated
with critical infrastructure. The other is that
these systems can be notoriously delicate.
Something as benign as an active system
scan can cause these devices to fail; any
failure or compromise can have serious if not
catastrophic results.
However, new requirements, such as
connected power grids, active inventory
control, smart environmental control
systems, just-in-time manufacturing and
interactive systems tied to Big Data have
begun to change all of that.
In addition, companies are looking for
productivity improvements and cost savings
by implementing such changes as optimising
plant operations, deploying a more flexible
operating environment or establishing a
more proactive inventory control system that
requires real time online data. As a result,
many of today’s OT systems are transited
or tunneled over corporate networks,
leverage common internet protocols, run on
general-purpose hardware and mainstream
operating systems and are increasingly
connected via wireless technologies. These
critical infrastructure systems are also
increasingly targeted by cybercriminals, with
a reported 51% of critical infrastructure
88
INTELLIGENTCIO
A FAILURE IN
ONE OF THESE
SECTORS
ALSO HAS THE
POSSIBILITY
OF CAUSING A
CATASTROPHIC
EVENT AFFECTING
BOTH HUMAN LIFE
AND PROPERTY.
enterprises reporting an OT/SCADA/ICS
security breach within the past 12 months.
Targeting and taking out a critical
infrastructure system has huge appeal
for many cybercriminals, especially
cyberterrorists or criminal organisations.
Motivations include holding systems
hostage for a ransom, stock price
manipulation (short sell, attack and
reap a ‘clean’ profit), denial of asset or
production for strategic or tactical reasons,
political awareness or impact or corporate
malfeasance (illegal competitive action).
Unfortunately, not only are many of these
now-connected systems quite vulnerable to
compromise, unlike IT networks, a failure in
one of these sectors also has the possibility
of causing a catastrophic event affecting
both human life and property.
The consequences of a successful attack can
lead to the disruption, and even destruction
of physical assets and essential services like
water, electricity and fuel.
As the utility, oil and gas, transportation and
manufacturing sectors increasingly adopt
connected control systems and Industrial
IoT devices, the CI attack surface is rapidly
growing. The connected nature of these
devices and systems poses serious challenges
as they begin to utilise traditionally IT owned
network infrastructure, wireless access points
and mobile networks. At the same time,
the specialised nature of OT infrastructure
technologies means that most IT security
and threat intelligence solutions don’t have
visibility into, let alone the ability, to defend
against attacks on critical infrastructures.
While securing OT systems requires an
integrated approach similar to IT, its
objectives are inverted, with availability
being the primary requirement, followed by
integrity and confidentiality. OT systems are
necessarily focused on delivering a particular
essential service, such as electricity or water
or maintaining safety systems at chemical
plants or dams and cannot afford to be
disrupted even momentarily.
Conversely, IT systems are primarily focused
on the collection, correlation and distribution
of data, with a primary focus on protecting
confidential or personally identifiable
information or trade secrets.
Addressing the requirements of an OT
network requires an integrated approach
comprised of the following elements:
• Segmentation and Encrypted
Communications: Perimeter security
alone is inadequate. Security needs to be
driven deep into the OT infrastructure,
segmenting systems and devices,
actively monitoring east-west traffic
and isolating compromised devices. In
addition, applications and data should
be encrypted in order to prevent the
injection of malware into that traffic
• Access Control: Access to OT devices
needs to be strictly managed and
monitored for devices, users, applications
and protocols
• Secure Wireless Access: Industrial IoT
(IIoT) devices communicate using a wide
variety of communications protocols.
Securing Wi-Fi connections only solves
part of the problem. There are now
thousands of vendors building IoT devices
using a wide variety of connectivity
and communications technologies in
addition to Wi-Fi, including Bluetooth,
NFC, Zigbee and RFID. And this doesn’t
include IoT devices hardwired into the
network behind the firewall. Security
resources need to be committed to
identifying, segmenting and securing
these connections
• Vulnerability and Patch Management:
www.intelligentcio.com