Four cybersecurity technologies, concepts can reduce industrial network risk
Explore the qualities and benefits of zero trust, principle of least privilege and other methods of improving cybersecurity. Four key technologies and security concepts are highlighted.
- Operational technology (OT) systems are more vulnerable to cybersecurity attacks.
- A zero-trust approach is very demanding, particularly for brownfield applications, but it is also the most secure.
- Active and passive network monitoring, principle of least privilege and SIEM integration also can help keep OT networks secure.
- Companies need to ask how they can adapt to the cybersecurity landscapes and provide support without slowing down the company’s initiatives.
- More operational technology (OT) networks are connected thanks to the Industrial Internet of Things (IIoT), which creates greater vulnerabilities from a cybersecurity standpoint.
- The end goal is to reach a zero trust posture, which is considered the best program because it demands the most attention and awareness from everyone in a company. Getting there requires a lot of time and consistency from everyone involved.
Cybersecurity used to be something in the information technology (IT) realm. Those folks with computer science degrees would batten the hatches, lock down the precious goods and keep intruders out of the IT network. Since the IT network was seen as the only way into the operational technology (OT) network, this was deemed sufficient for a lot of companies.
New OT network architectures: 4 technologies, concepts
In recent years, OT networks are more connected than ever. Some organizations are running a flat network topology (“Kansas” networks), while others are adding Internet of Things or Industrial Internet of Things (IoT/IIoT) devices and systems that communicate with the cloud. These newer OT setups have caused significant changes by bypassing network layering or Purdue models.
Companies need to ask how they can adapt to these changing landscapes and support these networks without slowing down the company’s digital transformation initiatives. They also need to ask how they can achieve desired business outcomes while remaining vigilant on the cybersecurity front.
Using the right technologies can reduce risk. There are four key technologies and security concepts companies and users should be familiar with today.
- Zero trust
- Principle of least privilege
- Passive and active network monitoring
- Security information and event management (SIEM) integration.
1. Zero trust.
One of the most important security philosophies to have emerged in the last decade, this is seen by many as the new gold standard of the security space. It’s been adopted by industrial companies and military networks around the world. The idea of zero trust is assuming an attacker could already be on the network, undetected. Because of this, companies should have no trust in any communication coming into devices, servers and software.
Zero trust is hard to implement for brownfield industrial networks. Many programmable logic controllers (PLCs) and remote terminal units (RTUs) have communication written in a way that leaves all their windows and doors open. Talking to a controls engineer, it becomes obvious which PLCs are insecure by design. If users can connect to a PLC or RTU from a supervisory control and data acquisition (SCADA) system with a native protocol, using just its IP address, chances are it’s insecure. It’s reasonable to assume many PLCs and RTUs are insecure by design, including most being produced today.
If companies are securing these networks and want to employ a zero-trust philosophy, there are two options. One is replacing the existing PLCs. The other is eliminating their insecure communication, normally by isolating them behind devices that can be secured. Many folks are using simple industrial PCs running edge software to keep these systems off the main controls network and to provide data and communication from them using secured protocols like MQTT Sparkplug and OPC UA.
这种情况对于新建网络来说要容易得多。一些以安全为重点的现代plc默认被锁定并支持零信任策略。MQTT Sparkplug和OPC UA等协议和Ignition等软件具有强大的内置认证和安全性。在配置安全设置时使用现代设备、协议和软件，可以简单地采用最佳实践并真正实现零信任体系结构。
2. Principle of least privilege.
This principle is simple in concept. The idea is a user’s account should only have access to the things the user needs to do. Many organizations have engineering teams who have admin access to all the systems. If a company is following this principle, then that won’t be the case. A junior engineer will only have access to a limited number of systems and a limited set of functionality. Managing this takes more work, but it also reduces risk if a user’s account is compromised or a disgruntled employee decides to take actions that might harm the business.
3. Passive and active network monitoring.
Many IT teams have monitoring tools for the IT network. It can be a good idea to employ these on OT networks as well. An intrusion detection system (IDS) provides passive monitoring, which means it watches network traffic without adding anything to the network itself. These systems are often backed by artificial intelligence and machine learning (AI/ML) to identify patterns and attempt to locate anomalies.
Sometimes an IDS also employs active network monitoring, which sends communication on the network and attempts to talk to devices as part of its monitoring. Active monitoring systems are sometimes pointed at PLCs or other devices to monitor when they change or what the contents of those changes look like.
If a zero-trust system is in place and working well, it’s likely a bad actor won’t be able to do anything once they’re on the network. However, these monitoring systems are intended to help IT identify those bad actors and kick them off the network to keep them from trying to find a vulnerable system. Some of the active monitoring can also identify unexpected changes and flag those, as well.
4. SIEM integration.
Most companies’ IT departments use a security information and event management system. It’s easy to overlook these tools on the OT network, but they can be valuable for several reasons. As a log analysis system, they can help identify hot spots and trace back problems that happen. These systems are focused on security, but they also are sometimes useful for general troubleshooting and IT support for live systems. If a company has a SIEM, and the OT systems aren’t sending a secure feed, it would probably be worth exploring adding the SCADA or other OT systems as contributors to the SIEM.
Security is a complex topic and moving toward zero trust and better security in general is needed for manufacturers today. The more familiar companies and users are with the concepts highlighted here, the better decisions we can all make together. Most companies have a long way to go, but better security is a marathon, not a sprint. In the end, better security on the industrial side helps everyone.
Keywords: cybersecurity, zero-trust approach
Which of these你们在工厂实施了网络安全方法，结果如何?