The ‘air gap’ between critical IT and OT environments is disappearing.
Networks generally are becoming more connected, forming flatter structures. There are a variety of reasons for this, ranging from cost benefits to the changing requirements of Industry 4.0 and the smart factory. But that’s not what I want to talk about here. My point is that it’s happening, and it’s far more important to focus on the ‘what now’, working out how to best manage the consequences.
It’s sensible to assume that there are IT assets connected to OT networks and OT assets connected to IT networks that are not properly managed. After all, nothing’s perfect, and there won’t always be a custodian of record to have possession of and responsibility for the care and control of network attached assets. This can create security vulnerabilities that apply to all converged networks.
As a result, there are three things every organisation should do immediately to protect their assets.
1. Use visibility to gain control
Security vendors often talk about visibility and its importance. And it’s true: you can’t protect what you can’t see. But this misses the point somewhat because visibility isn’t the end goal – control is. Without control, visibility creates liability. You can never ‘unknow’ something, so you’ve got to be prepared to address any insights the tool provides. The good news is, many tools that provide visibility can also be used to provide control.
Act today: Start by making the most of data collection points and data control points that already exist in your environment before shopping for new ‘silver bullets’.
2. Recognise the importance of identity
Human identity in the IT world takes up a lot of resource and capital: HR, security, operations, provisioning, entitlements, directory services, authentication, automation, accounting, passwords… the list goes on. Get it right, and your humans are ‘happy campers’. But get it wrong, and your business could come to a screeching halt.
In the OT world, the identities of different network elements are also important, but take the form of IP/Mac address, vendor specific identifiers and protocols, certificates and other ‘non-human friendly’ bits. If identity is the new perimeter in a flattened network, then getting it right plays a big part in successful convergence.
Act today: Look for opportunities to join up your IT and OT IP Address Management (IPAM) databases. Remove complexity whenever possible and identify hidden dependencies that can cause cascading failures.
3. Bring Zero Trust into the OT environment
Adopting an adaptive Zero Trust approach in an OT environment means removing trust whenever possible. You must assume you’re operating in a hostile environment where the aim is to eliminate an adversary’s ability to pivot and move laterally. A successful adaptive Zero Trust implementation can mathematically reduce your OT’s attack surface and doesn’t necessarily need new technology.
Act today: Make the most of latent capabilities already in your environment without the need for major investment. Layer 1,2 and 3 segmentation along with very narrow access lists could be a fruitful first step on your Zero Trust journey.
Start protecting your assets
It’s time to accept the futility of trying to maintain air-gaped environments in a modern world. So, it makes absolute sense to plan accordingly and act now - or risk your network becoming someone else’s.
To find out more about how to protect your networks as they flatten, please get in touch with your account manager or watch the replay of our recent webinar on ‘When two worlds collide: How to define your IT/OT Security strategy’.