Blog / 5 min read
Over the past two years, we've seen a series of dramatic developments that highlight the risks to operational technology (OT), as well as the Extended Internet of Things (XIoT) within industrial, healthcare, and commercial enterprise networks. These threats have highlighted the importance of securing critical infrastructure and ensuring cyber and operational resilience. Without the implementation of the fundamental cybersecurity building blocks, organizations will find it difficult to successfully mitigate risks and protect their organizations from increasingly sophisticated attacks.
Connectivity – from OT to IT and up to the cloud – for business efficiency and profitability has taken off. But this hyper connectivity has created a much larger attack surface and exposes vulnerabilities that are a boon for threat actors.
No longer satisfied with locking-up someone's personal data and laptop, threat actors shifted their focus to locking up a factory or pipeline. The lack of a highly visible response from the U.S. government emboldened hackers to continue to move the line they are willing to cross in a bad direction.
A flurry of supply chain attacks against companies such as SolarWinds, Accellion, and Kaseya to name a few, impacted millions of users downstream. The scope and stealthy nature of these attacks demonstrated the advanced capabilities and backdoors in use and woke us up to our own cyber insecurities in the world.
As tensions continue to intensify between Russia and Ukraine, intelligence indicates that critical infrastructure companies need to prepare for potentially disruptive and damaging attacks targeting OT networks. The U.S. federal government and other governments are launching initiatives and legislation focused on better securing critical infrastructure.
The biggest advantage defenders have as risks to critical infrastructure networks evolve, is to know their networks better than the adversary so they can enhance their security posture and have contingencies in place in the event of an incident. Claroty is here to help.
Claroty has some of the worlds' most experienced IT and industrial cyber security experts who have been studying and working within the industry for decades. We know the threat landscape and its unique requirements, challenges, and opportunities to protect critical infrastructure and we put that into practice every day. We partner with CISOs and other security leaders to help identify vulnerabilities, mitigate risk, and build resilience in today's dynamic environment. Here are six tangible steps we work through with our clients to ultimately arrive at more secure and intelligent operations:
Contextualized Visibility into Assets and Risk
Having visibility into all assets with context so you can understand your risk posture, is an excellent first step to prepare proactively and focus on addressing likely paths of attack. This includes everything from vulnerabilities and misconfigurations to poor security hygiene, untrustworthy remote access mechanisms, and connected devices you are not aware of or monitoring. Action: Passive intrusion detection system (IDS) deployment with risk assessment aligned to IEC 62443 and organizational risk appetite.
OT Cybersecurity Strategy & Program Design
IT and OT teams prioritize the confidentiality, integrity, and availability (CIA) triad principles differently. Respecting priorities, identifying tools and processes to meet the objectives of different teams, and centralizing responsibility with the CISO are best practices designed to foster alignment between IT, corporate, and OT stakeholders. Action: Security strategy and architectural design of OT program, including CSMS design and governance framework.
OT Threat Assessment
A security posture assessment allows you to evaluate the state of your OT network's security and the delta with where you need to be to mitigate risk. Mapping the findings to actions and sharing with the key stakeholders including the board will help the organization address initiatives like remote work, use of XIoT devices, and the OT environment itself, to help achieve strategic business outcomes securely. Action: Assessment of business risk in your organization's own terms, aligned to overarching business drivers.
Incident Response Readiness
Ideally, you've proactively protected your most important systems and critical processes against pertinent threats. But even the most effective cyber-defense strategy cannot fully eliminate risk, so you should always proactively prepare for an incident so that you know every step that will be taken, and the people, processes, and technology involved in the response. Action: Development of playbooks and testing response capabilities.
Secure Remote Access & Network Segmentation
New attack vectors are emerging because many systems and devices that enable business processes and applications to communicate across environments were not necessarily designed to co-exist and interoperate securely. Organizations need to be empowered to identify connected devices, control user access to devices and processes granularly, and be alerted to non-trusted communications and behavior across the network to accelerate response time. Action: Implementation of meaningful and prioritized security controls, such as secure remote access (SRA), privileged access management (PAM) and virtual segmentation, leveraging a zero-trust framework.
Integrated Managed Security
Threat detection and monitoring must be a continuous process to remain effective – there is no set it and forget it. It also requires an integrated ecosystem that enables seamless connectivity between the OT and IT security programs, empowering CISOs to execute a holistic, enterprise-wide risk management strategy more efficiently. Action: Identification and establishment of robust and repeatable managed security services for ongoing monitoring and alerting aligned to the threat management program. Integrations are an essential component for secure and intelligent operations.
Claroty has a proven track record of helping organizations achieve unmatched visibility, protection, and threat detection across the Extended Internet of Things (XIoT) and cyber-physical systems. By helping organizations implement the above six steps, they can rest assured that their critical infrastructure is protected from the top cybersecurity threats that are plaguing OT today. And, can keep up with the ever-evolving threat landscape by ensuring cyber and operational resilience.