The benefits of industrial IoT are clear: improved productivity and energy efficiency at the same time. IIoT integration enables industrial companies to achieve greater efficiency even in the face of volatility (such as changing consumer demand and market trends) and stringent regulatory requirements. Yet given the need for speed with digital adoption, we all must take a moment to consider what could make or break any industrial enterprise: cybersecurity.
As information technology (IT) and operational technology (OT) converge, a much wider cyber-attack surface has opened up. What previously was protected by proprietary OT protocols and hard-wired connectivity across the factory floor is now open game to hackers trying to do their dirty work through targeted IoT endpoints — whether a smartphone, field engineer’s tablet, connected variable speed drive, or any IoT-enabled asset.
Seventy-nine percent of CEOs say their digital adoption is happening faster than they can attend to security issues. As Cisco’s Senior Vice President of Product for Cisco’s Security Business, Jeff Reed points out, “Unfortunately, attackers have caught on. They’re designing threats specifically to get around traditional preventative tools, and it’s up to us to augment the security of industrial systems.”
How can industrial companies strengthen the security of operational technology (OT) infrastructure to avoid disruption and downtime, while protecting people, processes, and technology?
Although the motivation to attack the OT layer vs. IT layer may be very different (disruption vs. data theft), the cyber defense practices are quite similar. In fact, IT security experts who know the networking layer inside out, such as Cisco, play an important role in helping to bring OT stakeholders up to speed. We can take away three key lessons to secure and protect the fast-growing web of industrial endpoints.
3 ways to improve security for IT/OT convergence
- Make patching a regular practice
This lesson may seem obvious. In reality, it’s an IT habit that has not transferred to OT yet. Hackers understand OT’s common “set it and forget it” mindset. Making sure connected systems are patched to close any known vulnerabilities is a dose of cyber risk prevention that goes a very long way. Driving this best practice may take a change in behavior. Hackers know they have a foothold to exploit risks, so make it a regular practice to review vulnerability updates and notifications from vendors. Doing so is imperative to safeguard uptime and protect communities where operations take place. You can find Schneider’s notifications here. No one can afford to let in hackers.
For example, “Last year, Cisco discovered a major campaign that took control of 500,000 routers in 54 countries; it was also listening for modbus traffic, a common control protocol for equipment around the globe. Control of the communications gateway and access to an Industrial Control System (ICS) is a very bad combination that was quickly addressed”, Reed states. Read more from Jeff about best practices for security at the convergence of IT and OT.
- Map out OT indicators
Take another best practice from IT security: map out what constitutes normal behavior across your industrial infrastructure. The IT approach to profiling predictable behaviors is transferrable to OT, but only after defining what “normal” should be across the machine-to-machine infrastructure. This exercise is very different for OT, as risk indicators can be unique across systems. A meshing of IT skills with specialized domain expertise, therefore, is essential for knowing which signals demand immediate attention. With such time-sensitive environments where machines share and coordinate activity, real-time visibility is imperative. Schneider is also partnering with Claroty for extreme visibility and real-time ICS/OT network monitoring across our manufacturing facilities.
Protecting remote OT infrastructure is just as critical. Schneider Electric and AVEVA have partnered with Cisco to create Smart Connected Pipeline Solutions to enable this holistic visibility of oil & gas pipelines, for example, to produce more cyber-resilient systems. The solution leverages predictive analytics to provide end-to-end insights in a single view.
- Adopt a Defense in Depth approach
In our hyper-connected world, the mindset should be one of “zero-trust,” meaning that you assume that no environment is 100 percent trustworthy. Authentication measures, which provide specific users with certain privileges, give you a way to detect the anomalous escalation of privileges (e.g., reading basic data, writing data in a session, etc.) and/or red flag indicting abnormal access (e.g., logging in from unusual locations or during unusual hours). Be sure to institute strong logging practices as a forensic record should an incident occur.
We know that no one can secure decades of legacy infrastructure and history in one fell swoop. Adopt a Defense in Depth approach where you defend at the perimeter and then add layered protection and practices across your digital ecosystem. See how Schneider approaches security in this way in our Cybersecurity at Schneider Electric white paper.
Connect with IT system integrators
Like the convergence of IT/OT infrastructure itself, industrial cybersecurity needs to bridge IT security experts (such as Cisco integrators who understand interoperability nuances) and OT domain specialists. Our joining the Cybersecurity Coalition, moreover, affirms Schneider’s role in securing the digital economy.
Working together, IT and OT experts can secure and protect the digital trust of our shared digital economy, now and well into the future.
Learn more Schneider Electric’s Industrial Cybersecurity Services.
 Wolfgang Schwab and Mathieu Poujol, “The State of Industrial Cybersecurity 2018 White Paper,” commissioned by Kaspersky Lab, June 2018. https://ics.kaspersky.com/media/2018-Kaspersky-ICS-Whitepaper.pdf