By Dr Rajiv Shah, BAE Systems Applied Intelligence general manager Australia
Now, with an increasing need for automation to lower costs and increase efficiency, and the advent of the Internet of Things (IoT),
many organisations are converging their information technology systems and their OT/ICS. This delivers productivity improvements and lets companies remotely monitor and manage essential equipment for increased uptime. At the same time, it opens these companies up to a new wave of online threats.
Protecting OT systems is not as simple as protecting IT systems, although some of the same principles apply. Most OT systems are legacy systems and were never designed to be IP-connected. With an increase in both the prevalence and the possible severity of physical and digital security threats, it is essential to ensure operations are resilient to cyber threats. Organisations that fail to do so can open themselves up to significant risks.
THREE WAYS TO PROTECT CONVERGED SYSTEMS
Make using the internet less risky
‘Internet separation’ removes web browsing from enterprise IT and puts in into a separate ‘sandbox’ environment outside of the enterprise LAN. At its most secure, employees access the web using a completely separate, physically-detached infrastructure. Alternatively, organisations can use virtualisation to provide internet connectivity via an externally-hosted, secure browser.
Users can view documents securely in the virtual workplace and any malware would be restricted to the sandbox, which could be repaired and refreshed easily. If the user wanted to download the document into the enterprise LAN, it would pass through a security content gateway that examines the content for malware.
Secure network segments and assure communications integrity
Breaking down existing architectures into logical groups for access control means each process and its physical assets or components are ring-fenced and segregated. Doing this minimises the visible attack surface available to a hacker and ensures communications and processes that take place within a functional zone are relevant and authorised for that zone – activity that does not relate to the functional zone would not be permitted. For example, some IP-based protocols have no relevance in most parts of supervisory or control networks. Likewise, the protocols used with control loops and SCADA systems (such as Modbus/ICCP/DNP3) are relevant only to those areas and should never be found on an enterprise LAN. This requires a solution that enables assured information exchange between segmented networks so that business processes can operate securely. Such solution needs to enable a remote supervisory network to communicate securely with, and control elements within, the control system or field systems, and facilitate secure communication between industrial systems and business networks/the enterprise or corporate LAN.
Monitoring enterprise LANs, ICS and OT to detect the presence of malware or any unusual system behaviour
Increasingly, a cyber attack will consist of a series of seemingly unrelated events, which are deliberately conducted across an extended period of time so as not to raise suspicion. To detect these, cyber analysts need to look for anomalous behaviour that could herald future attacker intentions. Organisations need a solution that helps analysts build an overview of control processes, establishing a baseline of normal activity and behaviour in OT environments, and allowing security managers to overlay policies on top of this observed activity. For example, if a clever attacker or malicious insider manages to alter, inject or control commands, the safeguards provided by the management system may be lost. However, an independent monitoring device, which understands the operating policies for specific devices, could generate an alarm if a value is changed or a command instructs a device to function outside of an authorised zone of operation.
Converging IT and OT/ICS offers energy companies tremendous opportunity to enhance productivity, and increase efficiency and Competitiveness. However, enterprises need to recognise that the risk of cyber attack and other security violations has increased, opening up many new security challenges.