//////////////////////////////////////////////////////////////////// t cht lk
With availability as a primary concern
for OT networks and devices, patch
management has historically not only
been overlooked but actively avoided.
Operators may specifically decide not
to patch systems that are operational
“
THE
CONSEQUENCES
OF A SUCCESSFUL
ATTACK CAN
LEAD TO THE
DISRUPTION,
AND EVEN
DESTRUCTION OF
PHYSICAL ASSETS
AND ESSENTIAL
SERVICES
LIKE WATER,
ELECTRICITY
AND FUEL.
www.intelligentcio.com
and cannot afford to be taken offline
for an update. But as these devices
are connected to the IT network and
Internet, this approach can no longer
remain the status quo. Cybercriminals
target known vulnerabilities, so
tracking devices and vulnerabilities and
implementing an aggressive patch and
replace programme is essential. For
systems that cannot tolerate any down
time, it is critical to deploy redundant,
active-active devices, alternate data
routes, or strict segmentation and active
signature and behavioural-based security
to protect unpatchable devices
• Behavioural Analytics and tracking:
Advanced threats require more than
passive security systems, especially
when protecting critical infrastructure.
Fortunately, the behaviour of most OT
systems can be pretty easily defined,
which means that unusual or aberrant
behaviour should be likewise relatively
easy to detect and block with a UEBA
(user and entity behaviour analytics)
system in place
• Ruggedised devices: Traditional
OT devices are often required to
operate in industrial environments,
exposed to extremes in temperature,
weather, vibration and impact. As
IT and IoT devices are introduced
to this environment, it is critical that
organisations select those devices that
have been tested and rated to function in
extreme settings. The same is true for the
security technologies used to protect OT
devices and networks
• Deep Packet Inspection: Malware is
increasingly successful at hiding and
obfuscating attacks inside applications
and data. Given the sensitive nature of
industrial control systems (ICS) and the
potential for devastating results should
they be compromised, it is essential that
organisations implement a combination
of signature and protocol/behavioural-
based inspection of traffic travelling
to, from and between OT systems to
prevent the abuse of particular industrial
protocols. Such an approach is also
better suited to the OT environments as
it can provide critical protections without
requiring frequent updates
The transition to hyperconnected networks,
such as smart cities and connected utility
services, is driving the convergence of IT,
OT and IoT networks. To successfully defend
these integrated networks, organisations
need an architecture that scales across
the entire infrastructure to provide
unified visibility and control, distributed
segmentation and integrated protection.
Protecting and defending today’s critical
infrastructures requires a single, unified
approach that integrates security solutions
into an interactive security fabric capable
of adapting to and spanning distributed
IT environments, while simultaneously
providing the advanced capabilities needed
to defend their critical OT infrastructure. n
INTELLIGENTCIO
89