As an increasingly complex and hostile environment builds around cybersecurity, Australia, along with the rest of the world must navigate how to defend against cyber threats while maintaining resilience and growth. In a recent podcast with Cyber Security Uncut, Claroty’s VP of Cyber Safety Strategy, Joshua Corman, sheds light on how cyber criminals exploit remote access to breach medical devices and critical infrastructure — threatening human health and safety. And, provides guidance on how critical infrastructure organizations and governments can do their part to reduce the threat surface and keep people safe.
The Path to Security
The world is becoming more dangerous as IT and OT devices and networks become interconnected, exposing ourselves to accidents and adversaries. Hacks that used to be about losing money or privacy now cost much more, leading in some cases to the loss of life. As Joshua explains, we are living in a world “where bits and bites meet flesh and blood”. He emphasizes that the time is now for organizations to be safer sooner, and to prioritize their cyber-physical systems (CPS) security.
In the last few years, we have seen successful cyber compromises of the food we put on our table, the oil & gas pipelines that fuel our cars, homes, and supply chains, the schools our children attend and timely access to patient care with the first proof of loss of life. These incidents prove that cybercriminals do not discriminate, and that governments and organizations across all industries must raise their defenses. In response to these incidents in the United States President Biden issued a cybersecurity executive order (EO). This EO provides detailed guidelines on how federal departments, agencies, and contractors doing business with the government must secure their software, and includes a requirement for a “software bill of materials” (SBOM).
An SBOM is a key building block that has emerged in software security and software supply chain risk management — and can be defined as a nested inventory or list of ingredients that make up software components. This list can include the names and versions of software components, the licenses that apply to those components, and any known vulnerabilities or security issues associated with those components. The purpose of this list is to provide transparency and visibility into the software supply chain and help developers and vendors ensure that their customers have the information they need to make informed decisions about the software they are using. SBOMs are becoming increasingly important tools for managing software supply chain risks and ensuring the security of software systems. Their requirement in President Biden’s EO will likely set the standard for all software moving forward, not just in the U.S. but internationally — and, has already started in Australia, where they have begun to lift the nation's security posture and take ownership of cyber threat resilience.
Where to Begin
You can’t defend what you can’t see. As Joshua comments, organizations “need broad visibility into [their] environments”, and this starts with a detailed asset inventory. Many times, organizations are unaware of the number of managed and unmanaged internet and network connected devices that reside in their environment. Furthering the issue are the unpatchable devices both known and unknown in the environment that are not threat modeled correctly. These devices have known exploited vulnerabilities that go undetected until a breach happens, and even well staffed teams can’t defend these threats, lacking the visibility and threat detection capabilities they need to successfully protect their environment from attacks. Joshua then goes on to reiterate that organizations need to be safer sooner as many critical infrastructure and healthcare delivery organizations (HDOs) are “target rich and cyber poor”.
To achieve complete asset visibility, organizations need to understand their gaps and risks. By gaining complete visibility critical infrastructure organizations can determine not only what devices are connected to their environment, but the context of each asset. The ability to capture granular attributes, — such as model, firmware version, and configuration information — understanding how the assets are communicating in the network, and having specific details about the application-level process-automation conversations are key in determining what vulnerabilities are present in your environment. As threat predators become more brazen with their attacks and the type of critical infrastructure they target, building a foundation of extreme visibility is an essential first step in protecting critical assets.
The Right Tools for Protection
During Joshua’s discussion on Cyber Security Uncut, he makes it evident that at Claroty our mission is to bring CPS security to the same level as IT security. Currently, cyber-physical systems in critical infrastructure organizations face some of the following challenges that have caused CPS security to lag behind and make it difficult for organizations to stay on top of emerging requirements:
Proprietary protocols: Operational technology (OT), building management systems (BMS), and other types of assets use proprietary protocols that are incompatible with — and thus invisible to — generalized IT security tools.
Mix of new and legacy devices: In critical infrastructure environments assets can have decades-long lifespan, this mix of new and legacy devices in your ecosystems operate and communicate differently. Which makes achieving visibility more complex than in an IT environment where all assets run on the same operating system
Network complexity: In critical infrastructure organizations often comprise complex network architectures that include serial or air-gapped sections and are widely distributed across multiple physical sites.
No one-size-fits-all approach: Complexities found in most environments limit the effectiveness of any single method for discovery. The belief that passive monitoring is 100% effective is not true for critical infrastructure organizations with a diverse range of assets.
Claroty can help organizations achieve a comprehensive, detailed view of all assets, processes, connections, network topography, and user activity. With over 450+ proprietary protocols, we ensure that our portfolio is compatible with all protocols spanning your OT, BMS, IoT, and other XIoT assets. We also offer multiple methods for discovery, and understand that every environment is unique. Once armed with accurate inventory and device discovery, organizations can then start on the implementation of threat detection and vulnerability management and begin to prioritize remediation efforts based on which assets they deem too critical to fail. Having full spectrum visibility into your environment will allow organizations to apply their finite resources to the areas that need it most — allowing them to reduce outages, detect and mitigate threats before they can impact operations, and enabling continuous security posture management and compliance.
Follow along here for future Cyber Security Uncut episodes with Claroty experts for more insight into how your business can secure their cyber-physical assets.
