Guest Blog: Converging IT and OT Cyber-Security
Contemporary Cyber Security and the Energy Sector: Converging IT and OT Cyber-Security
Last week at techUK's Cyber Innovation Den we explored the current trends in the cyber security sector, including the impact of and challenges brought about by COVID-19. In this piece Raj Badiani, Head of Digital at Raytheon UK, one of the event's sponsors, looks at the challenge of converging IT and OT Cyber-Security.
Regulators and governments have long considered what effect a national crisis might have on the UK’s critical national infrastructure and its ability to maintain business continuity. As is the case with a range of different businesses, digital transformation, accelerated cloud adoption, the rate of technological change and the subsequent expanded threat surface are making us rethink how we manage cyber risk to protect critical assets and data.
Though advancements in digital technology offer previously unprecedented levels of dynamism, agility and efficiencies, the spectre of widely dispersed, inter-connected networks and the Internet of Things pose new challenges for security teams who now need to protect data perceived as residing in environments they do not necessarily control. As organisations adapt to these new ways of working, so too must they adopt innovative and proactive cyber-security strategies.
This is especially concerning for operators of essential services, as inevitable complexity is introduced when owners of Operational Technology (OT) embrace internet connected capabilities to deliver real-time, scalable practice. When legacy Industrial Control Systems and networks are connected with internet facing devices in a converged environment, industrial IT functions that traditionally perform electronic or manual operations are more dependent on data-driven capabilities leveraging advanced analytics and automation. This facilitates more efficient, optimised processes to better inform decision making; however, exposes critical systems to more frequent cyber-attacks.
Cyber resilience is therefore a growing concern for operators of essential services. For example, in the energy sector operational technology devices were traditionally deployed in isolation. Closed off from traditional IT networks and infrastructure, there was no requirement for security teams to consider these devices in their cyber defence strategy. As more devices become internet connected, a converged network eco-system emerges with more than a blurring of boundaries from a cyber-security perspective. Threats, vulnerabilities and associated risks must therefore be considered holistically.
The existing IT cyber-security market, despite challenges, is relatively well-developed; however, is not yet sufficiently capturing requirements for internet connected operational technology devices. Subsequently, cyber-security maturity for operational technology remains comparatively under-developed. There is a lack of integration, placing critical systems like the electricity grid at risk as they become more interconnected. This is a key area that must be addressed in order to achieve an end-to-end, holistic cyber-security posture in the energy and utilities sector.
Modern cyber-security operations should assume compromise and accept that technologies and controls in place will, at some point, be bypassed. This isn’t accepting defeat, it is acknowledging reality. Traditional methods are over-reliant on pre-configured rules and signature-based detection techniques. These countermeasures should be complimented by proactive threat hunting to rapidly detect suspicious activity based on anomalous behaviour. Such an approach within critical national infrastructure is vital in order to monitor and assess threats to known vulnerabilities, whilst also analysing behavioural patterns to enable early detection of an advanced threat already in the environment.
This proactive approach must recognise the convergence of IT and operational technology. Critical assets and data must be identified across both networks and correlated in a risk management plan. Security operations should provision for real-time monitoring and visibility across all IT/OT endpoints and network traffic, underpinned by security analytics and threat intelligence. Security teams must apply consistent rules and configurations across all infrastructure and environments. Active defence and proactive monitoring combined with a common security posture across the entire network will enable rapid detection, immediate response and early remediation. The ultimate goal will be to minimise business impact and disruption of services regardless of whether the attack targets the IT or operational technology environment.
Operators of essential services must now consider both IT and OT systems and networks and not treat either in isolation when protecting against cyber vulnerabilities and risk. This is an increasingly challenging task with the proliferation of digital technologies. However, with a universal IT/OT cyber-security strategy, organisations can reap the benefits of digital transformation, internet connected devices and other next generation technologies and do so securely. With security at the forefront of new initiatives and “baked” in from the start, it can become a powerful enabler to assist organisations to realise their digital vision.