Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

3 Ways to Secure IT and OT Environments in the Era of Convergence

If you touch any part of operational technology (OT), you’re likely well-aware of the mounting cyber threats facing critical infrastructure, which inherently runs on OT. OT drives our global economy, from treating the water we drink and making modern medicines to powering the lights in our homes. OT is essential, and cybercriminals are overtly aware of this dependence.

To make matters worse, the attack surface is expanding. We are now in the era of converged IT and OT environments, where previously isolated OT devices are now internet-accessible. Today’s adversaries are entering OT environments and critical infrastructure from all bases, even by traversing from IT to OT. The recent Activity Alert from the U.S. National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) warned of increased malicious activity targeting critical infrastructure and urged facilities to take immediate action to secure OT assets. A recent study from Forrester Consulting, commissioned by Tenable, supports this, citing that 65 percent of U.S. organizations experienced business-impacting cyberattacks or compromises that involved operational technology systems in the past year. 

The underlying message here is to be preparedbut how?

Listen to Your Network

The majority of modern converged industrial environments contain “IT-like” devices, such as Windows workstations. Traditional methods to track network vulnerabilities with static, point-in-time visibility aren’t designed for converged environments, increasing the likelihood of blind spots. It's time to make changes to level the playing field and reduce cyber risk.

Cybercriminals move fast, and today’s interconnected devices have provided a number of entry points. Organizations can benefit from equipping security teams with tools built to scan and assess IT and address OT through real-time, passive monitoring. Utilizing passive monitoring provides security teams with holistic visibility into which hosts (computers or devices) are active on the network, when new hosts become active, which ports/services are active, and which inter-asset connections. If a cybercriminal attempts to exploit a vulnerability and instigates a network attack, passive monitoring is key for teams to stay aware and swiftly take action to remediate.

Maintain Device-Level Visibility

While passive monitoring can illustrate the propagation of an attack, leveraging active querying in tandem can identify an attack at the outsetat the device level.

Active querying is a proactive approach to securing operations that brings timely insights about the OT devices on your network. It takes into account all operating systems, firmware and configurations and delivers vital, real-time data on all assets, vulnerabilities, and security risks. If successful, an attack on control devices could cause imperfect or dangerous medicines to be made in a pharmaceutical production facility, or allow for a faulty vehicle to leave the assembly line. Maintaining device-level visibility to remediate vulnerabilities and monitor changes for anomalies can stop a cybercriminal in his or her tracks, before affecting operations.

Embrace Risk-Based Vulnerability Management

Though passive monitoring and active querying provide the schematic of your environment and alert you of vulnerabilities to remediate, nothing can change the deluge of vulnerabilities security teams must assess. There will always be new attack vectors in both IT and OT environments that cybercriminals are looking to exploit, but they are most often looking to exploit the vulnerabilities that can result in the biggest impact, whether it’s halting operations or stealing sensitive data.

Instead of using precious time to sort through low-risk vulnerabilities, security teams should prioritize remediation of the vulnerabilities that pose the most risk to the business. This can be achieved with tools that leverage data science, predictive analytics, and research to predict which vulnerabilities should be prioritized based on the likelihood of actual exploitation. Taking a risk-based approach to vulnerability management can streamline operations to improve security posture.

Just as cybercriminals are often ruthless in their attempts to break into networks, organizations operating OT and critical infrastructure should act in-kind and continuously secure all access points. A proactive over reactive approach to cybersecurity is essential to keep the pace to face the threats in today’s converged environments. A combination of passive monitoring, active querying, and risk-based vulnerability management helps security teams seal all virtual doors and windows, and raises the alarm during potential attacks. With this peace of mind, industrial organizations can focus on what matters most: the critical operations driving the global economy and welfare.

 

Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.

Marty Edwards, Tenable
Marty Edwards, Tenable
Marty Edwards is a globally recognized Operational Technology (OT) and Industrial Control System (ICS) cybersecurity expert who collaborates with industry, government, and academia to raise awareness of the growing security risks impacting critical infrastructure and the need to take steps to mitigate them.

As Vice President of Operational Technology Security at Tenable, Edwards works with government and industry leaders throughout the world to broaden understanding and implementation of people, process and technology solutions to reduce their overall cyber risk. As industry Co-Chair of the Control Systems Interagency Working Group (CSIWG), he works to promote and advance OT security across the public and private sectors.

Prior to joining Tenable in 2019, Edwards—a 30‐year industry veteran—served as the Global Director of Education at the International Society of Automation (ISA). While at ISA, he was recognized by his industry peers with the SANS ICS 2019 Lifetime Achievement Award. Prior to ISA, Edwards was the longest‐serving Director of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS‐CERT).

Edwards also served as a program manager focused on control systems security at the Department of Energy’s (DOE’s) Idaho National Laboratory (INL) and has held a variety of roles in the instrumentation and automation fields. Edwards holds a diploma of technology in Process Control and Industrial Automation (Magna cum Laude) from the British Columbia Institute of Technology (BCIT), and in 2015 received the institute’s Distinguished Alumni Award. In 2016, Edwards was recognized by FCW in its “Federal 100 Awards” as being one of the top IT professionals in the U.S. federal government.

Related Posts

Practical Insights for Implementing Control System Security

Introduction In this blog post, we’ll share practical insights from operational experience in managing cy...
Pinakin Gokhale Nov 29, 2024 7:00:00 AM

Innovations in R&D: How AI Is Transforming Industrial Cybersecurity Operations

Industrial control systems are becoming more complex as evolved cyberattacks threaten industry functions....
Devin Partida Nov 15, 2024 7:00:00 AM

In Conversation with Authors of ISAGCA White Paper on Zero Trust and ISA/IEC 62443

The ISA Global Cybersecurity Alliance (ISAGCA) recently published a white paper exploring the application...
Kara Phelps Nov 8, 2024 12:00:00 PM