Securing operational technology (OT) systems—those systems that monitor and control physical devices, processes, or events 1 —is increasingly a priority. Two trends are driving this. First, the explosion of the Internet of Things (IoT) is expanding the landscape of cyber-accessible and potentially vulnerable devices. Second, traditional information technology (IT) and OT networks are rapidly converging. Attackers are targeting non-enterprise devices and industrial control systems (ICS) at an alarming pace, putting our most critical infrastructures and the vital services they provide to support our economies—and lives—at risk. Unfortunately, most OT asset owners are not equipped for this changing landscape.
As a testament to this challenge, talk of securing OT environments was everywhere at the RSA Conference in March 2019. For the first time, the conference dedicated a sandbox to ICS, and numerous panels discussed the convergence of the IT and OT networks, the challenges brought about by this convergence, and implications of today’s threats for legacy industrial environments that run mission-critical systems.
What is IT-OT convergence? It’s when the IT systems used for data-centric computing are integrated with OT systems used to run industrial operations. What happens in one environment can now affect the other, therefore organizations need to cohesively monitor events, processes, and devices across both. When taking steps to reduce risk, it’s now important to keep both enterprise and industrial operations in mind.
During an interview with theCUBE, Brad Medairy described some of the many challenges involved in securing OT networks. For one, at the outset, many organizations face a “vocabulary mismatch” between the chief information security officers (CISO) organization, which is focused on threat actors and attack vectors, and the manufacturing organization, which prioritizes uptime, availability, and reliability. Although we often find that initially they talk past each other, over time both groups accept that there is a real and imminent threat to their organizations’ continuity of operations, and they begin to cooperate.
Both Forescout and Booz Allen have customers facing the challenge of integrating cutting-edge cybersecurity solutions to protect and secure the mission-critical systems in legacy OT environments. Brad referred to such legacy environments as “The Smithsonian of IT” because some of the devices are truly museum pieces. Forescout and Booz Allen begin by helping our customers first understand what is in their environments in a passive, non-intrusive manner. We then apply controls and policies to secure these systems without disrupting them. Recently, Forescout announced the industry’s first unified device visibility and control platform for IT and OT security. By integrating recently acquired SecurityMatters technology into Forescout’s core platform, Forescout will deliver robust visibility and control capabilities to manage cyber-risk across both IT and OT domains.
For its part, Booz Allen has a globally recognized ability to help organizations move beyond point-in-time compliance toward an approach that focuses on continually understanding and assessing risk. As Brad noted in his interview, those who are focused on compliance are “looking in the rear-view mirror.” Booz Allen is a leader in the Department of Homeland Security’s Continuous Diagnostic and Mitigation (CDM) program, helping federal departments and agencies better understand their IT and OT environments, assessing risk in real-time, and continuously mitigating it over time. As IT and OT environments continue to converge, continuously assessing what is in these networks and the risk they pose is imperative.
Are you struggling to address the kinds of challenges described above? Are the outcomes we have identified ones you would like to achieve? Contact us to discuss how Booz Allen ([email protected]) and Forescout ([email protected]) can help.
1 Gartner Research Note, “Market Guide for Operational Technology Security,” August 2017