To say that 2020 has been an unexpected and transformational year would be an understatement. As COVID-19 forced enterprises worldwide to quickly embrace distributed workforce models and the convergence of IT and OT networks to maintain productivity and drive competitive advantage, OT security has become increasingly foundational to resilience and operational continuity. Unfortunately, a combination of legacy devices connected to the internet, a growing number of attack vectors, and opportunistic adversaries has created a perfect storm that exacerbates cyber risk.
As we enter the home stretch of 2020, the future remains uncertain. Recent news of multiple vaccines coming to fruition brings hope for a return to normalcy. And yet, as global figures for new cases spike to their highest levels and lockdowns are reinstated in many parts of the world, it’s clear that organizations must be prepared to continue remote operations indefinitely.
The following recommendations can help CISOs securely accelerate IT/OT convergence to propel their organizations forward—now and after the crisis fades:
Focus on OT Security as a Business Enabler
The more heavily an enterprise relies on OT to conduct its core business activities, the greater the importance of security as a business enabler for ensuring operational success and continuity. Attempts to bolster OT security with traditional IT security best practices and technologies is highly ineffective, while often introducing unnecessary complexity. This is especially true because OT networks rarely have security controls in place that are suitable to the cyber threats they are increasingly exposed to because of digital transformation.
To overcome these challenges, security leaders should first determine what can be done immediately to achieve the maximum possible risk reduction, and then act accordingly. The first step to achieving this is gaining full visibility into the OT environment, including granular details of all assets, sessions, and processes. Next, these details can be correlated with known threats and corresponding risk levels to inform an effective course of action for ensuring operational continuity and process integrity.
Monitor and Understand Threats
One of the biggest challenges for those tasked with securing OT environments is a lack of telemetry, and therefore, visibility into OT networks. OT assets communicate and share far more information than is typically shared among IT assets—including the software version they are running, firmware, and serial numbers. In most cases, OT network traffic can provide all the security information required for comprehensive threat monitoring. As such, decision makers should evaluate OT-centric asset visibility and continuous threat monitoring solutions based on their ability to be quickly implemented and integrated into IT systems and workflows to immediately increase preparedness and mitigate risk.
Improve Collaboration Between IT and OT
The unprecedented circumstances of the COVID-19 pandemic have exposed security gaps and pushed IT and OT personnel to work together to drive resolution. That being said, good intentions only go so far.
Differing—and often competing—priorities have long stood as a barrier between IT and OT teams. Specifically, IT teams typically prioritize the CIA triad, which encompasses the principles of confidentiality, integrity, and availability in the context of data or information and corresponding IT systems. Meanwhile, OT teams typically prioritize the principles of availability, reliability, and safety in the context of physical processes and corresponding OT systems.
Another IT/OT distinction that presents a challenge is the different way in which organizations and adversaries view IT and OT networks. Organizations tend to regard IT and OT as separate networks—but to adversaries, a network is a network, so attacks are intertwined.
Despite these differences, IT and OT security teams share an overarching desired outcome: risk reduction. Solutions that enable security teams to view IT and OT environments holistically and start to identify deviations from established behavioral baselines, unauthorized connections, and the presence of adversary techniques bring the full power of the organization’s resources to bear on risk mitigation.
Working together toward a common goal while recognizing and respecting differences enables collaboration to become concrete—not just philosophical—and organizations to become more resilient, faster.
Build Coalitions Across the Organization
As security teams reassess what risk looks like and develop plans that focus on resilience within a new structure, strong coalitions are essential to moving forward quickly. The events of the past eight months have forced IT and OT personnel to make rapid progress that can serve as the groundwork for sustained efforts to strengthen cybersecurity over the coming years.
There is no better time for cybersecurity leaders to rally executive-level support for the work the security teams are doing. Many board members have been hands-on at an operational level when it comes to adapting to the COVID-19 pandemic, and they have seen how preparedness and having the right technologies and processes in place are essential to enabling IT/OT convergence and creating a more resilient business. This dynamic puts CISOs and other security leaders in a strong position to garner cross-organizational support.
As 2020 draws to a close, the world is a very different place than it was one year ago — and it’s likely that many aspects of how we go about our daily lives will never be the same. One silver lining: as organizations pivoted to a more remote workforce and IT and OT networks converged, many decision makers have increased their focus on OT security, and those that didn’t have a plan to deal with a similar crisis have quickly put one in place. Even so, IT and OT security professionals continue to report challenges collaborating as they face higher threat levels.
By leveraging this period of uncertainty as a time to focus on OT security, understand the relevant threats, improve collaboration, and build coalitions, organizations can accelerate IT/OT convergence with greater confidence and unlock new business value.
To learn how Claroty can help your organization adapt to its current OT security challenges and build a more secure and resilient OT environment moving forward, request a demo.