Page 85 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 85

Securing IT & OT

            The  integrity  of  the  network  must  be  secure for  both  information  technology  (IT)  and  operational
            technology (OT), two once segregated segments. This is especially true as the number of entry and
            endpoints is growing, as well as the complexity of the network.



            The vulnerability of the OT network on its own is well known, as has the inability of firewalls to stop man-
            in-the-middle  and  many  other  attack  vectors.  By  combining  both  the  IT  and  OT,  you  can  exchange
            information  across  those  networks,  have  the  same  technology  throughout  (training,  maintenance,
            management, etc.), and leverage the same network to protect your IT and OT assets.



            As technology and market factors make it unrealistic to keep IT and OT separated moving forward, the
            most  vulnerable  entry  points  remain  the  endpoints  —  router  ports,  workstations,  integrated  access
            devices,  SCADA  devices,  metering  devices  —  because  they  are  often  overlooked  and  unsecured.
            Threats aimed at utilities are typically characterized by attacks coming from the IT towards the OT, from
            the OT to the IT and sometimes in the middle communications layer (wireless, cooper, coax and fiber).



            It’s no secret that regulations often take years to be developed, agreed upon and implemented, but people
            looking to disrupt systems work much faster than that. So, while compliance with regulations is absolutely
            an important step, no one should assume compliance equals secure.



            Getting Attack Prevention in Place

            Attack  prevention  needs  to  be  in  place at  the  communication  points  of  entry  to  critical  infrastructure
            facilities, including the ability to detect anomalous events that may be precursors to an attack.

            This means firewalls, controlled access, and other traditional security protocols at multiple access points
            within the network should be monitored at all times, to ensure anomalies can be detected early and
            stopped quickly if needed.




            Luckily,  comprehensive  security  systems,  focused  on  safeguarding  the  multi-layered  processes  and
            protocols within an organization, are already being developed. As opposed to the business sector, it has
            been found that hackers of critical infrastructures tend to focus on attacking industrial processes rather
            than physical assets, as illustrated by the Ukraine power grid attack.









                                 85
   80   81   82   83   84   85   86   87   88   89   90