One thing security leaders have struggled with against the C-Suite is the perception that security is a cost center. This rationale isn't the same barrier it was a decade ago, given the rash of breaches and regulatory progress made in the industry since then, but in some cases, that mentality still hampers some IT investments in cybersecurity.
Meanwhile, industrial enterprises operating in oil & gas, energy, utilities, manufacturing, food & beverage, and many other sectors are now starting to run into this familiar refrain. With more researchers looking at ICS devices and network protocols for vulnerabilities—and headline-grabbing cyberattacks gaining mainstream attention—industrial networks are critical components to the business, to run not only product lines, but also to run important infrastructure, such as building management systems (BMS).
And yet, winning over those who sign purchase orders with scary stories about the Oldsmar water hack or threat actors killing power grids across an entire country remains a non-starter. Like their predecessors, leaders inside industrial enterprises must instead learn to convince executives that cybersecurity is an enabler.
The more important industrial networks are to your business, the more essential effective industrial cybersecurity is to the success of your operations. It can enable your business in these three ways:
For organizations whose industrial networks are the lifeblood of their business, revenue is generated and customers' lives are improved when those systems are up and running. Any risk that threatens availability and uptime can have significant financial impact when systems must be shut down and restarted. Attacks can also be devised to put product delivery at risk, creating changes in a product that aren't desirable in many different ways, such as tampering with machinery to change recipes, or contaminating water supplies used in the production process. Finally, and most importantly, OT environments often include safety systems to protect people inside or near the facility in case of machinery malfunctions. A compromise to these systems could have devastating effects on the lives of workers, their families and local communities.
Action: The OT network has been a blind spot for IT security professionals for decades, but now the urgency is escalating to drive visibility, continuity, and resiliency in the industrial economy. Because most critical infrastructure environments have no modern security controls you have an opportunity to design a security program from scratch–without having to worry about existing security technology. You can prioritize the most important use cases and focus on gaining full visibility into your OT environment. With granular details of all OT, IoT and IIoT assets, processes, and connectivity paths in your network, as well as definitive insight into what normal looks like, you can identify threats in the network to mitigate risk and assure continued operation of critical processes.
Connecting OT networks to IT systems has unlocked tremendous business value – enabling improvements in operations efficiencies, performance, and quality of service. However, it has also increased risk. Following the SolarWinds attack, any organization running affected versions of SolarWinds Orion software should be on alert, including critical infrastructure, industrial control systems (ICS), and SCADA operators. Once inside the environment, it's likely that the threat actor has been able to move laterally on Orion customer networks to gain access to other network domains in order to steal data or exploit other vulnerabilities. Unfortunately, many enterprises are finding that accurately identifying–much less reducing–risk in their industrial environments is exceedingly complex and resource-intensive largely due to fundamental differences between OT and IT. Action: As a security professional, chances are you've worked hard and made strategic investments to build a strong cybersecurity foundation on the IT side to support your company's digital initiatives. Now you have an opportunity to do the same on the OT side by using the differences between OT and IT networks to your advantage. OT network traffic provides all the security information you need to monitor for threats–the software version that assets are running, firmware, serial numbers, and more. Taking advantage of this, The Claroty Platform combines all the core cybersecurity capabilities for industrial networks in one agentless solution that you can quickly implement to reveal, protect, and manage all of your OT, IoT, and IIoT assets.
Industrial network administrators need to provide secure remote access to more workers than ever. In addition to manufacturers who typically have contracts to service machines remotely, they have an influx of new users they need to support. The attack of the water treatment facility in Florida demonstrated that adversaries are leveraging unsecured connections to gain unauthorized access to critical infrastructure. However, OT remote access isn't just about security. OT engineers need frictionless, reliable access to accelerate mean time to repair and mitigate the risks associated with asset issues and maintenance.
Action: As every organization has reduced staff on site, the need to safeguard OT networks from threats introduced via unmanaged and unmonitored access by remote users, and minimize delays in repairs that can increase exposure to risk, is a "must have." Consider Claroty Secure Remote Access (SRA), a core component of The Claroty Platform, that delivers frictionless, reliable and highly secure access to OT environments.