Page 215 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 215
For the Management, network segmentation makes it easier to monitor traffic between zones and
empowers administrators to deal with a massive amount of IoT devices. As new communication
technologies are added to worksite environments, network segmentation will be the first line of defense
and the foundation for keeping risk low.
Building up zero trust OT environments
While the core of zero trust is network segmentation, stakeholders who want to bulletproof their worksite
and keep the operation running should also implement virtual patching, trust lists, hardening of critical
assets, and security inspections.
To support policy management, maintenance, and event log review, solutions used to implement these
practices should be centralized. In addition, ideal network segmentation solutions for OT and ICS
environments must be OT-native and need to come in different form factors for
different purposes. The two key form factors are OT-native IPSs for micro-segmentation and 1-to-1
protection of critical assets, and OT-native firewalls for transparently creating segmentation with
broader definition of network security policy. IPSs can also come as an “array”, where many of them are
included in one appliance for ease of management.
In order, to create advanced configurations at the command level, these appliances should have the
ability to support the OT protocols that the work site’s assets use. Thus, micro-segmentation can be
conducted using trust lists set at the network level and OT-native IPSs or firewalls at the protocol level.
In addition, support for virtual patching is necessary as well and critical assets should be hardened using
trust lists deployed within the device, at the level of applications and processes.
Creating trust lists
Firstly, for fixed-use legacy assets, it’s as simple as creating a trust list that only allows applications and
processes necessary to the asset’s purpose to run, which also prevents malware from running. Secondly,
for modernized machines that have more resources and must conduct a variety of tasks, hardening must
be based on trust lists with a library of approved ICS applications and certificates, as well as machine
learning. In addition, security inspections for stand-alone or air- gapped systems as well as inbound and
outbound devices prevent insider threats from affecting company operations. The concept of zero trust
has shown OT security intelligence specialists that network trust awareness is critical to maintaining
operational integrity.
Conclusion
Implementing zero trust in OT and ICS environments is much easier with network segmentation and
therefore network segmentation has become a byword in work site cyberdefense. However, when IT-
based solutions are deployed in operational technology and ICS environments, their large demands on
resources and lack of sensitivity to OT protocols are just as likely to interfere with operations as they are
to protect them. For this reason, TXOne Networks has developed OT-native solutions, supported by the
215