Why ICS cybersecurity is so challenging to get right: A Q&A with Barak Perelman
Changing business models and new regulatory requirements are accelerating the need for IT/OT convergence. IIoT enables unprecedented levels of real-time connectivity, dramatically increasing cybersecurity risks.
Industrial control systems on OT networks have different operational requirements that impact the ability to adapt and respond to new threats – and open up new avenues for cyber attacks. Barak Perelman, CEO of Indegy, explains for IIoT-World.com how to ensure complete visibility into all changes in an industrial enterprise and what are the best practices for a modern industrial organization regarding cybersecurity.
Lucian Fogoros: What role do you see standards and regulations playing in industrial cyber security now and going forward?
Barak Perelman: Standards are a great tool for raising awareness regarding the urgency and importance of industrial cyber security. Regulations, meanwhile, have a bigger long term impact. Each organization should evaluate additional security measures according to its risk assessments and analysis.
Lucian Fogoros: A lot of the conversations on ICS security happen on the network level. Can you elaborate on what is being done to secure the sensors?
Barak Perelman: Yes, this is true. The problem with this approach is that it does not capture critical information which is simply not visible over the network, due to the nature of ICS environments. By looking into ICS controllers (PLCs, RTUs and DCS controllers), organizations can gain critical visibility into activity and asset management information needed to detect threats that would have otherwise completely bypassed network centric approaches. For example, unauthorized changes made by direct (physical) access to a PLC, whether a result of human error or cyber attack, both of which would not be detected by a network monitoring solution. Technology that actively validates the controller state, like Indegy’s Agentless Controller Verification (ACV), would detect and alert on such activity even when it can’t be monitored over the network. Meanwhile, using a hybrid approach that combines network activity monitoring with active controller validation ensures complete visibility into all changes.
Lucian Fogoros: Do Zero Day SCADA Vulnerabilities pose a significant threat?
Barak Perelman: In most scenarios, once an attacker or malware is able to reach the OT network a Zero Day vulnerability is not required in order to compromise the controllers. That’s because OT networks lack basic security controls like authentication or encryption. Since there is no way to restrict access, anyone inside the network can easily connect and execute commands to make changes to these devices, their configuration, the logic they execute, their firmware and more. This makes these devices “vulnerable by design” and is the main reason why it is critical to monitor OT networks and devices for unauthorized access, anomalies and threats, with solutions like Indegy.
Lucian Fogoros: What is the most validated model for designing an IT/OT convergence implementation project?
Barak Perelman: The IT/OT convergence challenge is first and foremost an organizational-cultural problem, and ICS cyber-security is a major part of it. The current gap in cyber-security readiness and operational resilience needs to be addressed by both IT security or control engineering teams, since no one side can handle this task alone. Both sides must be involved and collaborate, this is the key to success. Together they can better understand the source and cause of cyber incidents and determine the appropriate mitigations. This requires both teams to work together, bridge their cultural differences and achieve better operational day-to-day cooperation.
Lucian Fogoros: What practical recommendations do you have for modern industrial organizations regarding cyber security?
Barak Perelman: Modernizing industrial processes shouldn’t be delayed or derailed by cyber security concerns. These will always exist. They should be addressed within the context of general risk management for industrial processes. However, it is important to keep in mind that new technologies like IIoT can expose ICS environments to risks they haven’t faced before. This means that modernization initiatives should include the implementation of security best practices to reduce risks to operational processes. The unique characteristics, complexities and sensitivities of ICS environments require specialized solutions. Adding IT-based security solutions, which are not designed for the requirements of OT environments, could provide little or no benefit, or even cause unnecessary problems.