By Stefan Rabben*
When it comes to cyber security, the focus is usually on classic IT infrastructures. But what about the security of operational technology (OT) environments in companies? These must also be effectively protected against threats and attacks from cyberspace. Seven steps show OT managers the way to raise the level of security here to a new level.
Step 1: Develop an effective governance model
To effectively protect against cyber risks, companies need a well-thought-out construct of security policies and corresponding procedures. These are designed to detect security incidents in a timely manner, respond properly and, ideally, prevent them. Such security governance models in combination with state-of-the-art technologies to secure OT devices improve transparency and responsiveness across the entire OT ecosystem. Roles and responsibilities for controls, monitoring and incident response need to be explicit and written down.
Step 2: Ensure you have the necessary device and network topography.
Manufacturing companies usually have a large number of interconnected industrial facilities that generate data streams for the production, monitoring and control of industrial processes. To keep track of this, special solutions are needed for the visualisation of network topography. For this purpose, there are numerous tools with which networks can be regularly scanned and displayed. This makes it possible to reliably determine the efficiency as well as the weak points of the respective network.
Step 3: Segment the network
A two-step approach is recommended here, starting with IT/OT segmentation. It is important here to closely control the data exchange between business tools and IT/OT systems and to keep it to a minimum. The second step is process-oriented segmentation to partition the data flows and components according to the existing business applications. In the process, the security of the segmentation is enhanced by identity and access management (IAM) and a public key infrastructure (PKI).
Step 4: Centralise remote accesses
Remote access to corporate networks is essential for end-to-end work processes. Therefore, appropriate tools are needed to manage interactions in an OT environment. However, this also entails security risks. To minimise these, it is recommended to implement a simple and centralised remote access solution. This should optimise privileged access to critical production systems regardless of their different network topologies. Privileged Access Management (PAM) solutions provide maximum security.
Step 5: Secure user access
Setting up user accounts and credentials, as well as authentication and authorisation measures, ensures that only legitimate employees can access systems. This also applies to maintenance. Secure access to the production line must be possible at any time and from any location via multi-factor authentication (MFA). This is supported by a PAM solution in which sensitive information such as the login or password of a specific component is stored. The solution establishes the session and grants the user only the rights he needs to perform his action – which ensures maximum security.
Step 6: Secure the endpoints
Functioning workstations are critical to production. Therefore, they need to be especially carefully protected from internal threats. When securing these endpoints, restrictions typical of an OT environment must be taken into account. PAM solutions also provide support here: They can restrict rights and the behaviour of users on the target devices. In this way, bouncing, the extension of privileges and the execution of certain applications, such as changes to the registry, can be prevented and warnings can be generated if necessary.
Step 7: Comply with regulatory requirements
OT managers face the challenge of complying with a growing number of norms and standards when it comes to cybersecurity governance. These include, for example, the EU General Data Protection Regulation (GDPR) and the EU Network and Information Security (NIS) Directive. With a governance-based cybersecurity programme, compliance guidelines can be reliably adhered to and risks mitigated. By implementing the above solutions, companies are on the safe side in terms of regulatory compliance.
The convergence of OT and IT systems is associated with several risks. The decentralised configuration of OT networks across multiple sites and devices increases the number of potential security vulnerabilities that cyber criminals can exploit for unauthorised access. With its PAM4ALL solution, WALLIX supports operators of production facilities in securing their OT environments and protecting them from cyber threats.