Over the past two years, we've seen a series of dramatic developments that highlight the risks to operational technology (OT), as well as the Extended Internet of Things (XIoT) within industrial, healthcare, and commercial enterprise networks:
Digital transformation accelerated.Connectivity – from OT to IT and up to the cloud – for business efficiency and profitability has taken off. But this hyperconnectivity has created a much larger attack surface and exposes vulnerabilities that are a boon for threat actors.
Ransomware went corporate.No longer satisfied with locking-up someone's personal data and laptop, threat actors shifted their focus to locking up a factory or pipeline. The lack of a highly visible response from the U.S. government emboldened hackers to continue to move the line they are willing to cross in a bad direction.
Craftiness of nation states grew.A flurry of supply chain attacks against companies such as SolarWinds, Accellion, and Kaseya to name a few, impacted millions of users downstream. The scope and stealthy nature of these attacks demonstrated the advanced capabilities and backdoors in use and woke us up to our own cyber insecurities in the world.
Cyber warfare on critical infrastructure is out in the open.As tensions continue to intensify between Russia and Ukraine, intelligence indicates that critical infrastructure companies need to prepare for potentially disruptive and damaging attacks targeting OT networks. The U.S. federal government and other governments are launching initiatives and legislation focused on better securing critical infrastructure.
The biggest advantage defenders have as risks to critical infrastructure networks evolve, is to know their networks better than the adversary so they can enhance their security posture and have contingencies in place in the event of an incident. Claroty is here to help.
What you can do to mitigate risk
Claroty has some of the worlds' most experienced IT and industrial cyber security experts who have been studying and working within the industry for decades. We know the threat landscape and unique requirements, challenges, and opportunities to protect critical infrastructure and we put that into practice every day. We partner with CISOs and other security leaders to help identify vulnerabilities, mitigate risk, and build resilience in today's dynamic environment. Here are six tangible steps we work through with our clients to ultimately arrive at more secure and intelligent operations.
Contextualized Visibility into Assets and RiskHaving visibility into all assets with context so you can understand your risk posture, is an excellent first step to prepare proactively and focus on addressing likely paths of attack. This includes everything from vulnerabilities and misconfigurations to poor security hygiene, untrustworthy remote access mechanisms, and connected devices you are not aware of or monitoring. Action: Passive intrusion detection system (IDS) deployment with risk assessment aligned to IEC 62443 and organizational risk appetite.
OT Cybersecurity Strategy & Program DesignIT and OT teams prioritize the confidentiality, integrity, and availability (CIA) triad principles differently. Respecting priorities, identifying tools and processes to meet the objectives of different teams, and centralizing responsibility with the CISO are best practices designed to foster alignment between IT, corporate, and OT stakeholders. Action: Security strategy and architectural design of OT program, including CSMS design and governance framework.
OT Threat AssessmentA security posture assessment allows you to evaluate the state of your OT network's security and the delta with where you need to be to mitigate risk. Mapping the findings to actions and sharing with the key stakeholders including the board will help the organization address initiatives like remote work, use of XIoT devices, and the OT environment itself, to help achieve strategic business outcomes securely. Action: Assessment of business risk in your organization's own terms, aligned to overarching business drivers.
Incident Response ReadinessIdeally, you've proactively protected your most important systems and critical processes against pertinent threats. But even the most effective cyber-defense strategy cannot fully eliminate risk, so you should always proactively prepare for an incident so that you know every step that will be taken, and the people, processes, and technology involved in the response. Action: Development of playbooks and testing response capabilities.
Secure Remote Access & Network SegmentationNew attack vectors are emerging because many systems and devices that enable business processes and applications to communicate across environments were not necessarily designed to co-exist and interoperate securely. Organizations need to be empowered to identify connected devices, control user access to devices and processes granularly, and be alerted to non-trusted communications and behavior across the network to accelerate response time. Action: Implementation of meaningful and prioritized security controls, such as secure remote access (SRA), privileged access management (PAM) and virtual segmentation, leveraging a zero-trust framework.
Integrated Managed SecurityThreat detection and monitoring must be a continuous process to remain effective – there is no set it and forget it. It also requires an integrations ecosystem that enables seamless connectivity between the OT and IT security programs, empowering CISOs to execute a holistic, enterprise-wide risk management strategy more efficiently. Action: Identification and establishment of robust and repeatable managed security services for ongoing monitoring and alerting aligned to the threat management program. Integrations are an essential component for secure and intelligent operations.
No matter where you are in your process of better securing your operations, Claroty can help ensure you have the right building blocks in place. To learn more, request a demo.