Why a holistic approach is essential to keeping your OT assets secure

The advent of IoT has seen a vast inventory of infrastructure and machines embedded with advanced internet-enabled sensors and other technology. Along the way, a whole new arena of cyberthreat has emerged, and a hugely broadened attack surface.

These assets – collectively known as Operational Technology (OT), form the backbone of our societies and businesses. From power plants to road networks, industrial machinery to portable equipment, the era of connected OT creates innumerable opportunities for hackers to cause devastating disruption.

A holistic approach is critical

Keeping your OT network secure requires a very different approach than the equivalent for IT security. While adopting advanced technologies like AI from big-name vendors may seem like the reassuring answer, this alone is only one piece of the puzzle.

For BearingPoint, a holistic approach to OT security is essential – one that addresses each of these critical aspects:

  • People and policies – OT security is about much more than just technology. It’s about making sure your whole organisation is aware of threats, and knows how to respond should they happen. Businesses need dedicated policies on OT security, that should be cascaded to all employees who work with it.
  • Specific security for specific infrastructure – the technical considerations for OT are very different to IT, where standard methodologies such as firewalls, patches and virus scanners are well-established and effective. OT assets have much longer lifecycles, are more integrated and more sensitive to change, and were often not designed with security in mind. Special scanners are often needed to protect them.
  • Threat intelligence – in simple terms, this means knowing where threats come from. Media coverage has highlighted the proliferation in attacks either directly or indirectly resulting from the Ukraine situation and tensions with China. Others are ransom attacks launched by organised crime syndicates. But most attacks originate much closer to home, and can be the simple consequence of a shared password or misplaced piece of equipment.
  • The connected ecosystem – today’s global businesses share data extensively with both their supply chain and with their customers. The consequence of this data sharing is that you must be aware of security threats that can come from anywhere in your business ecosystem. Collaboration here is essential.

The best way to secure your network is to control it

Ensuring the OT infrastructure of your business is as secure as possible means optimizing your control of it. But how do you control a network that may include many thousands of nodes, and potential points of weakness?

The first step is to innovate. Though it’s only part of the answer, adopting up-to-date technology can give you a critical advantage in the battle. Connecting your production and assets to the latest security solutions ensures that your business is at least one step ahead of the game.
Next, you must prepare your assets for next generation threats. This means mitigating against specific risks for quick improvements of your security level, and optimizing your existing security architecture.
Fulfilling all regulatory requirements is vital to ensure your business is doing all that your customers and partner expect of it, and reducing legal risk in the process. You must use best practice approaches to efficiently match regulatory specifications and legal standards.
Finally, you must nurture the greatest possible visibility of your OT assets and data streams. You should aim for complete insight on all of your assets, their vulnerabilities, activities and potential attacks to achieve the greatest possible control over them.

BearingPoint’s five-step protection approach to better OT security

Once your business has in place everything it needs to control your assets, and access to them, you can begin the process of actively protecting them. BearingPoint recommend a five-step approach to OT security that progressively increases the security level of your infrastructure, without incurring risk:

  1. Protect against IT threats –  the answer here is OT isolation. This means protecting your industrial and production network from external threats or security issues originating from your IT network.
  2. Protect against standard attacks – your essential tool in the defence against standard attacks is transition hardening. You must eliminate potential back doors and vulnerabilities, and control access at the transition points between IT and OT.
  3. Protect against untargeted automated attacks – in this sector, OT segmentation is your friend. You should isolate critical production systems from each other, and limit the distribution potential of cyber threats within your OT network.
  4. Protect against Advanced Persistent Threats (APTs) – the fight against APTs is won by passive detection, which helps you detect anomalies and deviations of nominal conditions between specific devices and systems in your production process, in a listener-only mode and in real-time.
  5. Protect against advanced and targeted DoS attacks – the solution here must be active prevention. This means defining and observing the target conditions and allowed behaviour of your production environment, and taking necessary actions to protect it automatically and in real-time.

Case study: how BearingPoint helped a large automotive OEM

BearingPoint have worked extensively for global businesses to help them better control and protect their OT assets.

In the automotive arena, we assist our clients to reach a more secure ecosystem for vehicle off-board management and applications. This has been done by facilitating the necessary steps to comply with UN ECE R155 (cybersecurity), R156 (software updates) regulations and ISO/SAE 21434.

For one such client, we collaborated on and developed a management system for off-board platforms, prepared them for a cybersecurity audit and covered the latest software updates. We supported them in coordinating cybersecurity activities at the organisation level, with a thorough definition of processes, responsibilities and measures so that future attack surfaces would have strong coverage.

Working with us on OT projects like these brings specific, tangible benefits for our clients including:

  • Defined security assets, creating clear visibility on what and how to protect
  • Proactive identification of the threats, vulnerabilities and risks to the organisation
  • A security by design approach throughout the software product lifecycle, accomplished in an agile environment
  • An overall reduction in the number of cybersecurity risks 

OT security must be tackled from many directions at once

With an ever-increasing attack surface that can be targeted, mitigating threats to your OT security has never been more pressing. Securing your operational technology against attack should be seen as fundamental to business continuity.

BearingPoint advise security teams in medium-sized and large companies on how to deal with OT security threats. Most importantly, we show you how to implement a holistic approach that spans more than simply installing standard or even more sophisticated technology fixes.

Would you like more information?

Si vous souhaitez en savoir plus sur cette publication, nos experts sont à votre disposition.

  • Stefan  Pechardscheck