Fighting for Holistic OT/IT Security

Wednesday, April 26, 2017 @ 12:04 PM gHale


By Thomas Nuth
When it comes to industrial cybersecurity, governments know they need to improve it, industry knows it needs to better understand it and system integrators and automation vendors know they need to offer it.

The truth is while the need for cybersecurity is very apparent, enterprise and industrial networks are still often managed without a cohesive security strategy. And, even after years of being an acknowledged problem, integrated solutions are not in sight.

RELATED STORIES
ICSJWG: New Reality for Safety, Security
ICSJWG: Malware Having ICS Impact
Defense from Tainted Mobile Devices
SANS: Know the Security Mission

What’s the reason? First and foremost, there is a lack of expertise in the workforce. Secondly, today’s technologies have focused on modularized solutions for either the enterprise network or the industrial environment, without paying attention to the integration between the two.

Skills Shortage
Cybersecurity for industrial processes suffer partly due to a skills shortage and a lack of integrated IT/OT solutions.

The reason for the cybersecurity deficiency is largely attributed to a general expertise shortage of skilled workforce. There were more than 209,000 unfilled cybersecurity jobs in the U.S. in 2016, up 75 percent from 2015, according to an article in Forbes. From a global perspective, the number is greater than one million. With the huge demand for cybersecurity professionals, even the world’s largest banks, energy companies, and governments can’t seem to find them.

Forbes also found despite the high unmet demand for cybersecurity talent, the market for cybersecurity solutions is expected to continue its growth from $75 billion in 2015 to $170 billion by 2020. All sectors of the economy will have to find innovative ways to scale the expertise of their limited workforces to bring security to extensively connected systems, operations and networks. Innovative cyber tools must lead the way by automating learning of baseline behaviors, network monitoring, and cybersecurity management so few may do the work of many, for corporate and Industrial Control System (ICS) security.

Siloed Security
While the staggering number of unfilled jobs mentioned in the Forbes article speak for themselves, technology is partially to blame for the cybersecurity deficiency companies and governments face today. This is especially true in non-enterprise sectors such as utilities, oil and gas and industrial manufacturing.

From an industrial and enterprise networking view, cybersecurity ended up addressed from two diverse perspectives. From either direction, cybersecurity has been shortsighted by an approach that limits the focus to the reach of each group’s network domains. The reason for this shortcoming is the industrial automation space (OT) and the enterprise software space (IT) are being forced to connect with one another in terms of solutions delivery, operations management and customer outreach, but security integration has not always followed suit.

Automation, Integration Keys
As the backbone of critical infrastructure, ICSs are ubiquitous in all industries including transportation, water/wastewater, energy to name a few.

With this said, threat management needs to scale to endpoints throughout the industrial network – such as sensors, PLCs, data loggers and HMIs. Furthermore, as the use of desktops, laptops, tablets and smartphones have come into play, the reach of the ICS domain has grown rapidly. A solution that combines automated anomalous detection of ICS security issues, along with proactive threat remediation and containment, is required if security is to scale beyond the OT/IT divide.

When it comes to cybersecurity, less attention needs to be paid to the categorization of OT vs. IT, and more on holistic integration between the two. Leaving ICS without highly-scalable, automated, real-time cybersecurity visibility means our largest industries and government services will continue to be vulnerable to cyber threats.

The good news is automated machine learning and rapid evaluation of data using artificial intelligence is coming into play. These tools meet the needs of securing industrial networks and processes yet integrate with IT security infrastructure to bridge the OT/IT divide.
Thomas Nuth is a product director at Nozomi Networks. He is an expert in industrial networking and enterprise middleware technologies and was the first chair of the Industrial Internet Consortium (IIC) Energy Charter. This is an excerpt from a Nozomi Networks series of blogs.



Leave a Reply

You must be logged in to post a comment.