Security incidents in industrial environments are not exceptional. There were times when it was enough to throw a lever to restart a power plant if an attack occurred. But with many organizations undergoing digital transformations, the recovery of an industrial infrastructure from cyberattacks now takes much longer.
Information technology (IT) networks and operational technology (OT) networks have many differences, as do the people who take care of these environments. But their security has some common elements as well. There’s always going to be incidents that go across the borders – incidents in IT that come from OT, and vice versa. Also with the advent of Industry 4.0, automation and intelligent control, the air-gap has become a myth. OT no longer sits alone.
In 2020, there was a ransomware attack on a water company in a mid-sized European city. At first, it was purely an IT problem. Just after the attack, the company deployed GREYCORTEX Mendel to audit their infrastructure. Mendel found out that hackers still had access to the systems and more attacks could come. And they would spread to the OT network. In that case, local people would have been lucky because they could have still drunk clean water. But nature wouldn’t be so fortunate – untreated wastewater would be discharged into the river uncontrollably. So luckily for the people and the environment, the biggest loss was for the company – it cost them “only” three days of income.
Despite this, in GREYCORTEX, we repeatedly notice that IT and OT teams do not cooperate. And cybercriminals know it. On top of that, there are just a few experts who can sufficiently understand both areas.
But there’s good news! Both parties can benefit from each other’s knowledge and experience. It is only necessary for them to find common ground:
- The main priority for IT experts is data and its confidentiality. They understand the use of exploits and vulnerabilities and they have an overview of security products, their abilities and market innovations.
- OT experts, on the other hand, place an emphasis on the security and availability of assets and processes. They have a deep understanding of complicated industrial environments and devices that are programmed completely differently to ordinary computers. OT experts know what is going on in operational networks, how they work and what can happen there. They know the risks of possible security incidents very well because their impact is usually much more devastating than in an IT environment.
Identify Worst-Case Scenarios
As a complete digital transformation is taking place, we start to get into a more homogenous infrastructure. So that’s why the knowledge of IT and OT teams should be merged. And what should both teams talk about? Imagine the worst day at work you can have:
An explosion that kills several people. Industrial espionage and the leakage of unique know-how. Or maybe a few days of unplanned downtime that costs the company millions.
Starting to see the picture? So, let’s focus together on these questions:
- What systems can cause the biggest disasters?
- How can you reduce known risks?
- Do you have an incident response plan or recovery plan?
- How do you monitor required policies and configuration?
Now, you are on a good path to successful cooperation. And all the effort towards a joint discussion should be supported by a easy-to-use tool that can be used in both worlds. Because many principles of IT security can also be used in an OT environment.
Proper Security Monitoring
One of the most important key prerequisites for ensuring network security is to see and know:
- what exactly is in your network
- and how are these assets connected?
As soon as you know about all devices, how they communicate with each other, what version of firmware they have installed, who their administrator is, who has access to them, what security policies are set and how they are followed, any discrepancy will easily start showing a warning signal.
This is exactly why GREYCORTEX Mendel came into being. Based on intelligent traffic analysis, Mendel can detect any anomalies. It identifies and visualizes all above, learns and detects the early stages of cyber attacks as well as infrastructure vulnerabilities that can be exploited by potential attackers.
One of the biggest difficulties of OT networks is the combination of new and old devices. Sometimes, everyone even prays that they still work. Add to that the fact that many suppliers do not follow the principles set by the manufacturer and ignore manuals. In these situations, Mendel can give you the assurance that you need.
To sum it all up, Mendel will find any shortcomings in your infrastructure that the security team would not normally detect. Thanks to the time saved, you can devote yourself to other tasks that there was no time for previously.