Building a Comprehensive Industrial Cyber Security Program

One of the main OT challenges faced by majority of industrial organizations is assets and network visibility. A recent study conducted by DRAGOS revealed that 90 percent of their clients had limited or no visibility into their industrial networks. Under many circumstances, network analysts were blind to critical network traffic, and centralized logging was not in place. Identifying your crown jewels and monitoring what is going on in your ICS network are critical steps for developing a full picture of what occurs across industrial assets and sites. Luckily, there are many products in the market that offer network visibility, threat detection,and operational insight capabilities. Implementing such solutions goes hand in hand with digital transformation and business modernization journeys. Such solutions will enable your cyber security team to deeply monitor the OT environment and create specific use cases to quickly react on suspicious activities. IT and OT teams will be able to confidently secure the OT environment and detect cyber risks as well as mitigate them, and finally this can enable and prepare for the conversions between IT and OT which will become a reality because it will be easier to manage both environments. Many companies have not yet implemented such solutions; but why? Well, because of their ways of working, typically organizational culture reasons. Usually, such companies do not react before a breach, enforcement of a regulation, or a mandate by the C level or board of directors. As per a study prepared by NOZOMI, 60 percent of the companies are still at this stage, 30 percent of the companies have started a POC of a certain product, they came to know the vulnerabilities they have in their OT environment, and they started taking some actions to remedy those vulnerabilities. Only 10 percent of the industrial companies are at the optimization phase, in where they have a centralized SOC along with security streamlining and orchestration in place. The rule of thumb is “Threats can be mitigated through a well-maintained defense in-depth strategy”. Industrial environments are no different. Data, application, host, OT network, edge and boundary, in addition to physical security layers must be carefully assessed before relevant security controls can be implemented. The most important factor is the governance aspect and management support, employee’s awareness, existence of solid policies procedures, in addition to having resilient incident response and business continuity plans. My advice to corporate cyber security teams is to go to their plants, understand the process well, learn the language of the OT people, and build relationship with them as this will help tackling cyber security concerns more efficiently.