The convergence of informational technology (IT) and operational technology (OT) systems (the world of physical things) presents increasing risk. Many operational technologies are legacy systems that were never meant to be connected to IT environments. This includes manufacturing plants, water treatment facilities, buildings and locomotives that are connected, often with retrofitted equipment.
But cyber incidents don’t have to be inevitable. Companies can take proactive steps to prevent these hacks and act swiftly when they happen through an active approach to cybersecurity that encompasses three key pillars: physical environment, policies and procedures, and analysis of the data itself.
Secure the Physical Environment
A secure physical environment should be table stakes in any organization. One security measure is to install badge readers that authenticate and log users along with an alarm system that would alert appropriate parties to a breach. Critical pieces of infrastructure and hardware must be locked down so an attacker can’t walk onto the property and start tampering with ethernet cords, downloading sensitive information or even going so far as to issue commands.
Another method to secure a physical environment is closed circuit TV (CCTV). Continuously monitoring an environment can detect security breaches as they happen and provide a retrospective source of truth when investigating these incidents. New technology such as vibration sensors add another level of security, recognizing movement that’s indicative of a physical intrusion and immediately alerting security personnel.
Enforce Strong Policies and Procedures
The second pillar is adopting strong policies and procedures that govern how technology is implemented across an organization. Procedures must address all aspects of security from onboarding, to use, to retirement. In the IT space, restricting download privileges to certain software prevents people from bringing malicious software into an environment. In the OT space, how you acquire, maintain inventory and physically and technologically secure an asset is vital to safeguarding operations. This could include physically storing the asset in a secure location, setting user permissions and changing default passwords. These measures must be documented and audited, allowing for precise identification of the source of an attack, should one occur.
Policies and procedures act as a guide for employees in how to address incidents and effectively mitigate and recover from them. Still, organizations sometimes face resistance from employees when developing and enforcing these types of security measures. To help bolster employee support, consider including employees in the creation or review of documentation.
Proactively Use OT Data
Just as IT equipment generates data, so does OT equipment. Using that data to generate insights is the third pillar of OT cyber security. New platforms have the ability to standardize and analyze data from across OT equipment from different OEMs. When that data is combined with world-class data science and predictive analytics, it’s possible to proactively detect incidents before they develop into full-blown catastrophes.
Testing these three pillars regularly ensures ongoing organizational security. One method to do this is to conduct penetration tests or security assessments. These can be conducted internally, but ideally are carried out by a third party that can pressure test assumptions. These teams recon your operating environment, identifying vulnerabilities that could lead to attacks. The team may go as far as to exploit vulnerabilities (pending safety and operational concerns) to demonstrate the potential impact. This exercise enables the team to identify flaws in the physical environment, infrastructure, and policies and procedures, uncovering data that can be monitored on an ongoing basis to prevent incidents. The result is a series of recommendations, prioritized by likelihood and severity, that harden your environment.
With greater connection comes greater risk. While it’s not always possible to upgrade legacy equipment or implement new technology and entirely safeguard from malicious OT attacks, it’s possible to mitigate those risks with a secure physical environment, airtight policies and procedures, and obtaining security insights from OT data.
This post originally appeared at ArcWeb.com.