2021 has seen a number of high-profile cyberattacks on critical infrastructure. Incidents like the City of Oldsmar water plant hack and Colonial Pipeline hack have raised the attention of many about the gaps that currently exist in the security posture of many critical infrastructure operators, especially when it comes to their operational technology (OT) assets.
Security teams for critical infrastructure operators have a daunting task. Even a single breach on their OT network can interrupt production, stop operations at energy providers, or ultimately impact the safety of employees and customers.
Let’s look at why OT assets are harder to secure and what critical infrastructure operators can be doing now to improve their cybersecurity posture.
Why Are OT Assets Harder to Secure?
OT assets operate in different environments than typical IT assets. IT assets enable employees and customers to access the systems and data they need to do their job or interact with the business. Because of this, IT security focuses on data privacy and protection.
OT networks are built to run machinery or operate mechanical equipment. In critical infrastructure organizations, these systems include things like supervisory control and data acquisition (SCADA) systems that control electric transmission substations, or pumps that move water through a treatment plant. OT network administrators value safety and availability above all else.
Additional challenges include the myriad of legacy and contemporary assets, with both proprietary and contemporary protocols and the limited resources available on assets (memory, processing), constrained and controlled network access, inability to rely on agents and network scanners, and more.
What Should Critical Infrastructure Operators Be Doing Now?
In late July, the Biden administration issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. This memo outlines an Industrial Control Systems Cybersecurity Initiative that will include voluntary metrics for critical infrastructure operators. The metrics will be announced sometime in September.
The U.S. Senate recently passed a $1 trillion infrastructure bill that includes funding to improve cybersecurity for transportation, water, and electric operators, as well as a $1 billion grant program to assist state and local governments to respond to the growing level of ransomware attacks.
Clearly, cybersecurity of the systems that support critical infrastructure is of increasing importance to lawmakers in D.C. What can critical infrastructure operators do now to help protect their OT assets and networks from attacks?
1. Gain an Inventory of All OT and IT assets
You can’t secure what you can’t see. Security teams looking to secure OT assets may struggle with visibility into what assets exist on their OT networks. Many OT assets run on a platform that’s outdated or not capable of running an endpoint agent or other security solutions.
Moreover, the existence of older systems with proprietary communications protocols adds complexity. A comprehensive inventory of the assets, software, and users on OT networks will give security teams new levels of visibility into these critical assets.
Cybersecurity asset attack surface management (CAASM) platforms help operators by correlating the data collected at the network layer (by routers, switches, etc.), SCADA historians, device management tools, security agents, and more, to help gain a comprehensive OT asset inventory without impacting the performance of critical infrastructure.
2. Identify Opportunities for Improvement
Use the correlated asset inventory to identify where security initiatives can have the largest impact. For example, you can discover which devices in your OT environment that should have an agent installed, are missing that agent.
The asset inventory can also help prioritize which assets and devices should be updated or replaced. Many newer OT assets are better equipped to support modern operating systems and security agents.
3. Align Your IT and OT Policies
As discussed earlier, patching and updating OT assets can be disruptive. However finding opportunities to align other standards, policies, and tools to the point they are feasible will uplevel the security posture of OT networks and is a critical part of an IT/OT convergence strategy.
CAASM Solutions Can Help
Gartner recently introduced the category cyber asset attack surface management. CAASM tools, like Axonius, use API integrations to connect with existing data sources, to automatically validate security controls, and remediate issues.
