The sixth “New technology and cybersecurity” meeting took place as a video conference on Tuesday, 21.09.2021. Our Security Consultant Sarka Pekarova presented the keynote «IIoT, data infrastructure, smart factory: IT-OT cybersecurity», where she focused on the progress of Industry 4.0 and the increasing use of IIoT. As explained during the conference, the industrial production environments (smart factory) require a different approach when it comes to cyber security than typical IT networks. Sarka highlighted the importance of securing ICS (Industrial Control Systems) to ensure that they remain operational and enable their full potential, as well as keeping them safe.
Below, there is a short summary of her keynote along with a few recommendations:
Industrial control systems are vital; as life sustaining technology in hospitals, technology that provides us with heat, water, and electricity, or as business sustaining technology that if rendered unavailable would cause a fatal business loss. The OT (Operational Technology) environments are getting faster (perhaps too fast!), "smart" and more precisely connected, and the lines between OT and IT are blurring. While bringing many advantages, they also represent a wider attack vector and demand more complex configuration when linked to the automation networks that were by nature not internet connected. So how can these increasingly connected networks be protected in a smart way?
How To Be Smarter – Knowing Yourself: Internal Threat Landscape.
This will help to address vulnerabilities such as weaknesses in network segmentation, use of insecure protocols, use of obsolete software and lack of patches, credential management inside the OT network as well as in the IT, and principally the isolation between IT and OT.
How To Be Smarter – Knowing Yourself: Human Threat Landscape.
Humans are our strongest assets, when they are provided with the correct support in terms of security awareness, technology, policies and procedures e.g. policies for the use of USB and personal devices. While 60% of insider incidents are caused by malicious insiders and about 40% involve negligence, insider threat is a real issue that can be mitigated by awareness, whilst also being reduced by simply being kind!
How To Be Smarter – Knowing Yourself: External Threat Landscape.
In highly connected environments, this attack vector becomes far larger and needs much greater attention, understanding and monitoring. A smart approach must consider all connected devices, their interfaces, configuration and the software bill of materials (SBOM) to ensure that the connected devices are used securely for their intended purpose.
How To Be Smarter – Knowing Yourself: Prioritise.
Now that the internal human and external attack threat landscape are understood, then further questions should be asked. What processes and functions must be maintained? How is the network defended, or are certain network segments or assets valued higher and thus deserve a higher degree of protection? What are the crown jewels?
How To Be Smarter – Who to Trust: Supply Chain of Trust.
Supply chain attacks have been on the rise, from supplier services and systems, as well as insecure libraries in devices and protocols. It is important to decide to who and what, and to what level, trust can be given.
How To Be Smarter – Know. Don’t Guess: Assessment / Audit.
Whilst exercises such as defence gap analysis , failure scenarios, and training using adversary emulation with frameworks such as MITRE ATT&CK for ICS, should be performed internally. It is vital to use an external party for assessment of your own controls, technology, configuration, processes, and procedures.
How To Be Smarter – Get One Step Ahead: Active Defence.
This can only come once a certain level of maturity is reached, as it requires detailed knowledge, control, and monitoring of the network, together with a clear understanding of local and international laws. However, this is the ideal objective: a position where both defensive and offensive skills can be leveraged to obtain actionable threat intelligence, to be one step ahead of the attackers and to significantly increase the amount of work a potential attacker needs to do, even before launching any attack.