State sponsored cyberattacks are headline news across the globe. Speculation about geo-political motives may attract eyeballs, but it’s important to maintain perspective here. Hackers attack for three reasons – to make a mess, to make money, and, yes, to make war. All three have potentially devastating consequences.
According to a joint study published in June 2016 by Genpact Research, Industry Week and Penton Publishing, 58 percent of business executives surveyed feel that the Industrial IoT increases their company’s susceptibility to cyberattacks.
Fortunately, some of the best cybersecurity minds in the industry are working around the clock to help us protect critical infrastructure on a broad scale. In 2016, the Industrial Internet Consortium published a Security Framework for its Industrial Internet Reference Architecture. With this landmark work, the IIC developed a common best practices approach to security along with a rigorous methodology to assess security in industrial systems.
In parallel, version 1.1 of the National Institute of Standards and Technologies (NIST) Cybersecurity Framework will be released for public review and comment early this year. Like all NIST work, the Framework will have a prioritized, flexible, repeatable and cost-effective approach designed to help owners and operators of critical infrastructure manage their cybersecurity related risk. And many in the North American energy industry are already intimately familiar with NERC’s nine mandatory standards for Critical Infrastructure Protection (CIP). This rapidly evolving spec requires that maximum security management controls and best practices are in place to protect critical cyber assets underlying the grid.
In Bayshore’s interactions with these organizations and our Operational Technology (OT) customers, we have learned a great deal about how hackers attack, and how to thwart their efforts. We’ve distilled our experience into five simple steps that we urge every owner of critical infrastructure to pursue:
As each of these standards bodies have recognized, any new security effort should begin with an assessment of risk. This is particularly important for OT security, because every environment is different. Understanding OT security risk must involve not only the logical cyber risks and the physical risks, but their intersection.
Every organization with industrial infrastructure should have logical digital and physical security requirements defined for its OT devices.
In addition to defining security requirements for OT devices, it is also an absolute necessity to define safety requirements. The combination of logical digital and physical worlds may introduce new safety concerns for OT devices or at least make certain unsafe conditions more likely to occur. Security and safety risks must be considered together so that the organization’s requirements cover both realms.
An IT/OT gateway monitors all network communications to and from OT devices, as well as the security events happening within those devices, to look for any signs of attacks or compromises. IT/OT gateways understand OT protocols, including specific OT commands and their data values, so they can identify and block commands that should not be permitted for security or safety reasons.
Many OT security considerations will be documented in security policies, as discussed under Action 2 (Develop security requirements for OT devices). However, there are other enterprise documents that may need changed, or at least reviewed, to ensure that they support OT security as well.
Security professionals must be educated and trained on OT security so that they are prepared to do their jobs with OT security in mind. It’s important to provide OT security education and training to others within and outside the organization.
To help reduce your vulnerability to industrial cyberattack, we recommend you start now. The team at Bayshore Network has decades of experience navigating these waters and can enable the Actions that make sense for your IT and OT organizations.
Bayshore Networks®️ is a registered trademark. The Bayshore Networks logo, Industrial-Strength Cybersecurity™️, Enable IT/OT Convergence Safely and Securely™️, Enable the Industrial IoT Safely and Securely™️, Bayshore IT/OT Gateway™️, Bayshore IC™️, Bayshore SE™️, Bayshore SingleView™️, Bayshore SingleKey™️, Bayshore SCADA Firewall™️, Bayshore Pallaton™️, SCADAfuse™️, SCADAwall™️, and OT Access™️ are trademarks of Bayshore Networks, Inc. All other trademarks are the properties of their respective owners. Copyright ©️ Bayshore Networks 2019