Converged OT/IT Networks Introduce New Security Risks

There’s no denying that the “Industry 4.0” revolution has dramatically transformed how manufacturing and other industrial companies operate. Industrial IT teams, which traditionally performed manual operations supported by “dumb” electronic controls, are now data-driven units that rely on analytics and automated operations to drive efficiency, product quality, business decisions and bottom-line performance.

At the core of the “Industry 4.0” trend, is the convergence of operations technology (OT) and information technology (IT) networks. Or, put another way, industrial and traditional corporate networks.

While this union of these formerly disparate networks certainly facilitates data exchange and enables organizations to improve business efficiency, it also comes with a host of new security concerns.

Until recently, industrial control systems (ICS) and other OT devices were deployed in isolation and without security measures. There was no reason for IT professionals to worry about security, as technologies were closed off from traditional IT networks. But now, as OT and IT networks converge and devices become IP-enabled and part of the network ecosystem, the protected walls around these formerly isolated devices are coming down.

This means that industrial control systems, sensors and other controllers are now industrial internet of things (IIoT) endpoints on the converged IT/OT network, and this has dramatically expanded organizations’ attack surface and opened them up to increased security risk. 

In fact, ICS attacks are becoming more frequent, not only for the traditional reasons (e.g., industrial sabotage, critical infrastructure attacks, etc.), but also because a penetration of either the OT or IT network can introduce the possibility of moving laterally to compromise assets on the other. In other words, a successful attack on a control system could result in a corporate data breach, and an infiltration of an enterprise IT network could end in an ICS attack.

This is particularly frightening because many of these OT-related networks handle critical functions, such as electric power, clean running water, manufacturing processes, live-saving healthcare treatments, etc. – and if they were compromised, the results would be catastrophic.

In this new threat landscape, industrial IT teams now find themselves struggling to secure assets and environments that were initially deployed without security in mind. As a result, two main security challenges have emerged:

  • Lack of visibility. Most industrial IT security teams do not have a complete picture of all the endpoints on their IT and OT networks and in the cloud. In today’s dynamic business environments, new networking technologies and development processes are implemented all the time, and the current network state has a miniscule shelf life – making it difficult for security teams to achieve real-time visibility. In fact, Lumeta’s research in production environments shows that, on average, more than 40% of today’s dynamic networks, endpoints and cloud infrastructure are unknown, unmanaged, rogue or participating in shadow IT. 

In addition, most IT teams are unaware of what’s happening on the networks themselves. Is infrastructure being properly managed? Are there leak paths to and from the internet that could be compromised by malicious actors? What other vulnerabilities are present? Without real-time visibility into networks and endpoints, organizations can’t answer these questions, and, therefore, can’t accurately understand their risk profile – leaving them vulnerable to attack.

  • Lack of control over security policies. Thanks to “Industry 4.0” and other digital transformation technologies, industrial business requirements have accelerated beyond IT teams’ ability to secure them. As a result, security policies often are not properly enforced and poor policy hygiene has become the norm (organizations are battling a chaotic mess of rules that are outdated, unused, redundant and out-of-compliance). This means security policies, which are meant to mitigate risk, actually introduce it through unnecessary security and compliance gaps.

Securing the Converged OT/IT Environment
Because OT devices were traditionally closed, it’s not possible to go back and simply add on security software to mitigate risk ? they simply do not have the computing capacity to run security software. This makes real-time visibility into and control over complex networks that much more important, because threats must be identified and stopped before reaching the OT endpoints. To maintain a strong security posture, IT security professionals must be able to answer questions such as: What devices are on the network? What are they doing? What are the traffic patterns? Are there anomalies indicating a vulnerability or compromise?

The good news is that organizations can easily and quickly answer these questions by adopting technology that helps them identify all assets across networks and monitor activity in real-time. With real-time visibility into endpoints across IT, OT and cloud infrastructure, IT security teams can master policy management across hybrid environments by ensuring everything on the network falls under security policy, so the right rules and configurations are applied to every asset in all computing environments.

Network segmentation, which, as its name implies, breaks networks into isolated segments, is also a critical component of IT/OT network security, as it limits lateral movement in the event of compromise.

By segmenting the network by type, purpose, access rights and solution type, even if cyber-criminals or unauthorized users are able to compromise an asset, they’ll be confined to that specific network segment rather than being able to move freely across other adjacent networks.

In other words, using our earlier example, an attack on a control system would be contained rather than resulting in a corporate data breach, and, if an enterprise IT network were compromised, the ICS would be spared.

The last piece of the puzzle is active network infrastructure monitoring, which provides real-time change monitoring capabilities that detect segmentation and communication violations, leak paths, and anomalous activity and threats. Armed with this information, IT security teams can immediately act to remediate security risks before they can disrupt critical operations.

Security from the Start
More and more industrial companies are marrying OT and IT networks to remain competitive, make better business decisions and drive growth. But, to achieve all of the business benefits the “Industry 4.0” trend has to offer, organizations must put security at the forefront of new initiatives, rather than leaving it as an afterthought. Only then can organizations reap the rewards of digital transformation, IIoT and other next-generation technologies without introducing enterprise risk. And then, organizations will finally view security as a business enabler, rather than a bottleneck. 

What’s Hot on Infosecurity Magazine?