As the Internet of Things (IoT) promises powerful business outcomes from connected sensor-based solutions, the Operations Technology (OT) business challenge is that cyber attacks on operational environments threaten both safety and productivity. Asset owners, system operators and system integrators need to protect against these threats to ensure operational safety and maximum uptime.

With automated production systems becoming more interconnected, the exposure to cyber incidents increases and attacks and disruptions on critical infrastructure put reputation, production, people and profits at risk.

This has left us with a new reality: If it’s connected, it needs to be protected.

Abalto can help you to defining a Security Posture Baseline as it is important to understand the steps required to implement a security strategy. We identify and initiate these steps to review a security maturity model, with clear actions outlined in a business environment:

Stage 1 Assess

Identify immediate security issues that can impact operations, even if the environment is thought to be “air gapped.” Common findings from expert assessments include unapproved wireless access points or unsafe software, vulnerabilities that attackers can easily exploit. Many immediate issues can be fixed quickly to reduce cyber threat risk.

Stage 2 Protect

Implement security monitoring and defensive layers to comply with standards and strengthen the security posture. Lower the risk of security exploits by using technical solutions, such as purpose-built industrial control security equipment. Set up automation and patch management tools to simplify and expedite security administration. Train teams on what to look for and how to respond to cyber activities, just as training is mandatory for operations safety.

Stage 3 Prevent

For sophisticated organisations, pursue proactive and predictive security measures such as running attack scenarios on cloud-collected data. “Digital twins” can replicate operating environments and simulate defences to measure threat impact and improve security. Regular assessments and security health checks can monitor dynamic environments. Across all stages, it is critical to maintain a constant vigilance to ensure basic security hygiene is implemented and cyber security policies are enforced.

Here are our 4 steps for better OT network resilience:

Step 1 – Select an advanced OT focused ICS vulnerability protection suite

Select a security vendor that offers an extensive set of Integrated Control System (ICS) specific vulnerability signatures, designed to thwart exploits and exploit variants. These should be more powerful than traditional IT threat signatures. The proper OT focused security solution should be able to defend against unknown threats, including zero-day attacks, that exploit a root vulnerability.

Step 2 – Establish baseline for network communications

Observe and record all OT network communications to establish traffic patterns to determine “what’s normal.” This becomes the baseline for OT network communications whitelisting, the strongest form of cyber security policy creation. Having a baseline allows system operators to make informed decisions about communications integrity across their controls networks.

Step 3 – Conduct network communications whitelisting

Building on the baseline, leverage OT network communications whitelisting to enable operators to block, allow or simply alert on all traffic that isn’t match an established policy. Operators gain more control and reduce complexity associated with unnecessary traffic. This approach prevents attackers from misusing protocol commands, such as “shutdown,” “scan,” or “factory reset,” as well as parameters such as “set point.”

Step 4 – Segment the OT network

The OT security solution should utilise a drag-and-drop interface that allows an operator to quickly segment an OT network, without the need to reconfigure or re-engineer. Zone specific whitelist policies also help minimise unexpected downtime by preventing lateral movement of ICS infections. This methodology is unlike traditional VLANs or other segmentation techniques.