Consortium of Leading Cyber Technology and Insurance Providers Announce the Launch of SafeHouseInitiative.org
January 17, 2023
No Comments
Menu
· PLC: Programmable Logic Controllers
· SCADA: Supervisory control and data acquisition
· DCS: Distributed Control Systems
· CNC: Computer Numerical Control Systems, including computerized machine tools
· BMS/BAS: Building Management and Building Automation Systems
· Lighting controls both for internal and external applications
· Energy monitoring, security, and safety systems for the built environment
In the past, much of the operational technology in an organization was isolated from the corporate network. It used proprietary control protocols, a proprietary OS, and specialized hardware to function. All that’s changed. Today, operational technology is often bridged into corporate networks using common internet protocols, and much of it consists of general-purpose hardware running mainstream operating systems. The IT and OT convergence has introduced increased risk that cannot be ignored.
Incidents such as Stuxnet and the Colonial pipeline highlighted the importance of Operational Technology Cybersecurity – the Stuxnet worm infected over 20,000 devices in 14 Iranian nuclear facilities and ruined around 900 centrifuges, while the attack on the Colonial pipeline resulted in $90 million in financial losses. Meanwhile, evolving cybersecurity regulations are putting pressure on cybersecurity professionals to ensure compliance across the entire technology estate – operational technology included.
With all that’s at stake, technologies and processes for increasing Operational Technology visibility are essential – you can’t protect, update or manage devices you don’t know you have. Unfortunately, those responsible for keeping all of the Operational Technology up and running often don’t have complete visibility into their hardware and software – and therefore cannot maintain, update or replace it when needed. Decades-old technology can linger in the OT environment, outdated and unprotected. Not only can outages impact business continuity and cause financial losses, but these devices are also sitting ducks for cybercriminals…
With Operational Technology Asset Management – a complete inventory of all operational technology assets, organizations can map possible attack vectors to secure their business better and create up-to-date, accurate, and in-depth reporting on all technology assets in the business.
The goal is to create a list of all OT assets and keep it up to date, reducing workload through preventive maintenance and protecting assets through the timely discovery of asset vulnerabilities. Devices that receive updates and maintenance also run more efficiently and reduce the risk of production outages. But more often than should be the case, a full overview of all devices an organization has under management is lacking and companies don’t have the necessary staff to service them properly. Deploying an automated solution to create an always up-to-date list of all OT assets would go a long way in helping organizations tackle this challenge.
Creating an Automated OT Asset Inventory by deploying an OT Scanner
OT Scanning and Discovery enables organizations to create up-to-date, accurate, and in-depth inventory & vulnerability reports on their OT assets. Technologies that enable Selective Probing provide a deeper understanding of the OT environment and all devices on that network. To understand why this is important, let’s take a look at the various types of scanning technologies available:
Passive Scanning records device information when the device activates to communicate with the network or other devices. In other words, it simply listens for devices that emit a signal and then logs them. While the most critical assets on your production line – and those that are used the most – will be recorded, this method omits devices that don’t use the network to communicate. On top of that, passive scanning is limited to capturing the traffic being communicated over the network by the device. If some essential data, like firmware version, for instance, is not part of the package you will not capture it. Another disadvantage of this method is that it’s architecture-dependent and not centrally managed, so if it’s not perfectly configured, you’ll miss out on traffic and won’t have complete network visibility.
Active Scanning proactively pings and contacts devices to get hardware and software information. Anything connected to the network is discovered – even Shadow IT, idle devices, and rogue devices that only touch the network briefly. However, it creates additional network load and when improperly used can cause failed package delivery, produce communication errors, and can ultimately cause disruption of OT Devices & networks. Active scanning is more suitable for IT systems, which are often more robust than OT devices.
Specifically for scanning OT Devices, there is a new way of scanning called Selective Probing, which provides a middle ground ideal for discovering Operational Technology assets. It creates a perfect balance between risk-free, passively recording communication and the richness of active scanning. With Selective Probing, the most important assets of your production line are recorded alongside devices that don’t communicate over the network.
It’s like active scanning, but more careful. Selective Probing can query multiple devices in the network, but a single device will only be queried serially, with sufficient time between queries and only with validated, safe communication.
Using these advanced protocols can provide a complete and accurate inventory of all OT devices across the business. With this information on-hand, operational technology security professionals can easily plan and manage updates and maintenance, remediate any vulnerabilities, and have complete visibility of the expanding and increasingly diverse technology landscape.
