OCTOBER 20249MANUFACTURING TECHNOLOGY INSIGHTSenterprise and industrial operations. Due to the growing need to link and integrate IT and OT systems for real-time information and integrating platforms, it's time to understand the risks and start planning to secure your environments.It is critical to note that this convergence between IT and OT carries risk because Industrial Control Systems (ICS), used in almost every machine or infrastructure ­ handling physical processes ­ are often unpatched and do not play nice with anti-virus software, so they are highly susceptible to attacks. Any hint of compromise must be taken very seriously for OT organizations responsible for critical infrastructure. This is why it is time to get down to business to start planning to secure your environment. While IT systems are mostly standardized, UDP/TCP/IP, OT systems use a wide array of protocols, many of which are specific to function, industries, geography, etc. As IoT devices become more common, external partner products present significant challenges to creating secure environments: there is a larger challenge to secure legacy systems. In effect, digital transformation efforts generate these structural problems, exacerbated by poor IT security hygiene practices within OT environments. This is mainly due to the insecure deployment of IoT devices, a lack of visibility of the devices, or their interface of them through networks to business systems.You must understand that the enormous presence of unprotected IoT devices provides opportunities for threat actors. The terrifying part is that most of these devices are plug-and-play without passwords or configurations, which essentially makes security optional. Many of these devices are shipped with commonly known default passwords to provide easy access to configuration panels. You might be able to imagine that it is not so difficult for hackers to create botnets to trigger distributed denial-of-service (DDoS), which freezes or disables systems. From a technical point of view, these attacks have elaborate mechanisms that are difficult to detect because they are encrypted and designed to profile processes. These attacks can enter your poorly secured OT environments into your business systems to exfiltrate organizational data and threaten to leak or steal proprietary information. We know that the devices are not secure and pose threats to organizations, but additional concerns need to be mentioned. The first is the accidental insider who is on a quest to create greater efficiencies and productivity but lacks security awareness; they may accidentally introduce conditions that make environments more susceptible through ill-advised configuration changes. Secondly are external actors: As most organizations need help from external partners to set up these new shiny things, accidents can happen. Third is a malicious insider: a trusted person with technical knowledge and access who manipulates systems. The fourth is a malicious outsider, whether an external partner or a hacker, the lack of security controls puts organizations at unnecessary risk. All these points should alarm you, and you should not take these risks. So, what do you do? The best answer is planning a physical separation of devices and networks. For example, do not co-locate IT and OT applications on the same physical infrastructure. Having a centralized infrastructure for IT and OT applications and infrastructure looks more economical, but they should be separated. OT lower-level devices should be on-premise and not have access to the internet, and controls can manage who has access to those devices using the local OT infrastructure. Secondly, evaluate your firewalls to ensure you have a separation between IT and OT; this way, the firewalls can prevent OT devices from going through the IT networks and vice versa. Thirdly, segregate internal networks: IT and OT systems should have separate VLANs so that individual switch ports can be configured to that VLAN. Separate internal PLC networks from external and cutoff reverse SSH connections; instead, build a VM in the iDMZ.There are a lot of considerations to plan for. Many solution providers use PCs as managers for their systems, but they are far less secure than a physical server, so the device must be placed on the lower level and accessed through a Jump Host. There are also considerations on the failover devices, clusters versus high availability, methods and devices to scan OT environments, and the big one ­ Support Processes. So do yourself a favor and get educated to lead to architecture discussions, leading to system needs.
< Page 8 | Page 10 >