January 31, 2022 Defending OT Networks with Secure SD-WAN

As attacks against OT systems increase, so does the need for secure SD-WAN. Learn what it takes to gain visibility, control and awareness.

By Rick Peters, CISO for operational technology, North America, Fortinet

Experts are predicting that there will be an increasing number of attacks against critical infrastructure and operational technology (OT) systems. The ransomware attack in May 2021 on Colonial Pipeline, a major fuel pipeline operator in the U.S., was just one of an endless stream of news stories about cyberattacks. As ransomware attacks become more pervasive, they are joined by botnets mounting distributed denial-of-service (DDoS) attacks against OT networks, attacks on manufacturing systems that use cloud services, and supply chain attacks that involve compromising third-party vendors that are ultimately leveraged as springboards for threat actors to target critical sectors.

Network Convergence Brings New Risks

Although other factors are in play, much of the increase in cyber-attacks stems from the fact that in the industrial, manufacturing and critical industry sectors, OT systems are increasingly converging with IT networks. Although this convergence offers business benefits, it also opens up formerly isolated OT systems to the same types of attacks that have plagued IT networks. The “air gap” that kept OT systems protected through isolation is nearly gone, and consequently cyber tactics, techniques and threats capable of accomplishing an IT breach now have a pathway to vulnerable and potentially valuable OT targets.

This IT/OT convergence has created a need for innovative tools and solutions to address the new, more vulnerable OT attack surface. To reduce costs and simplify operations, training and reporting, organizations require proactive security strategy and integrated services that can perform double duty across both IT and OT environments.

Software-defined wide-area networking (SD-WAN) is a sound option because it can replace traditional WAN across distributed and remote deployment infrastructures with higher-performing and more affordable commodity internet connections. But this performance and cost savings can come at the expense of losing the centralized security of traditional WANs.

SD-WAN offers the same IT enterprise benefits to OT-based organizations. Adoption can serve to boost productivity by accelerating traffic flows. Further, communications improvements help ensure that production performs optimally. SD-WAN can also reduce latency versus connecting with a central data-center firewall.

To achieve the benefits of adopting SD-WAN, organizations need to look for a solution with robust, integrated security that’s designed for the unique needs of OT environments. OT system delay or disruption can have a huge impact on productivity, efficiency and safety. Within critical infrastructure such as hydroelectric dams, nuclear power plants, and oil and gas pipelines, control system outages can have repercussions that impact human lives and the environment.

The Need for Secure SD-WAN

In the past, companies looking to provision SD-WAN for remote factories, substations or oil rigs have had to cobble together separate products. Most SD-WAN solutions do not offer integrated security; that creates complexity and weakens network protection. Since SD-WAN leverages direct internet connections without backhauling traffic to a data center for centralized security checks, these connections need to be protected from attacks. And this requires OT-native security practices that don’t disrupt sensitive control systems, bottleneck performance or degrade user productivity.

Unfortunately, most solutions on the market today do not offer any robust, built-in protections, much less security practices that enable transparent OT security. Most traditional SD-WAN products just provide mechanisms for determining traffic routes or bolted-on security that is not well-integrated, creating security risks and gaps. Security becomes an expensive afterthought that involves additional cost and complexity.

Industries that rely on OT systems cannot afford to prioritize productivity or cost savings ahead of the safety and security of their operations. OT organizations need a combination of advanced SD-WAN networking capabilities and OT-native security. A next-generation firewall (NGFW) that integrates advanced SD-WAN traffic control with OT security features such as advanced threat protection, application inspection and intrusion prevention is an ideal solution, as it delivers on three essential OT needs:

• Visibility. Organizations cannot protect any part of their infrastructure that they cannot see.
• Control. The ability to enforce policies and take appropriate action as needed without disrupting or shutting down critical systems.
• Awareness. Continuous security monitoring to detect anomalies, including ongoing analysis of user and device behaviors to provide intelligence about potential known or unknown threats.

To help centralize and simplify SD-WAN operations, organizations demand a simpler and more secure approach that includes integrated solutions for management and analytics. A unified security mesh platform can deliver automated and reactive security that spans the entire attack surface, including OT systems.

Consolidation of the networking and security tools required for a security-driven SD-WAN solution eliminates the complexity of deploying across many remote, non-environmentally controlled sites. This approach not only reduces the organization’s attack surface, but it also simplifies operations for networking teams.

For industries that depend on OT control systems, a secure SD-WAN solution can provide an extra level of protection beyond what may already exist in an IT/OT gateway. A truly integrated solution not only provides WAN savings but also offers a single cybersecurity approach that reduces complexity, extends visibility and control deep into the OT network, and prevents the exploitation of OT vulnerabilities that lead to costly production downtime and hazards to human health and safety.

Rick Peters is the CISO for Operational Technology, North America for Fortinet Inc., delivering cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments. He is charged with overseeing growth of Fortinet’s penetration into the largest global OT marketspace.  That charge entails identifying and partnering to gain traction on existing OT business campaigns as well as targeting emerging customer opportunities. 

Immediately prior, he served as the Director Operational Technology Global Enablement for Fortinet.  In this capacity, Mr. Peters enabled OT business growth by partnering with Fortinet OT Security, Sales and Marketing counterparts.  The success realized in EMEA and APAC over two years keyed recognition and a strategic transition to focus on North America as the largest target marketspace in 2020.      

Prior to joining Fortinet, he served the U.S. Intelligence Community for more than 37 years imparting cybersecurity and global partnering experience across foreign, domestic, and commercial industry sectors at the National Security Agency (NSA). He led development of cyber capability against Endpoint, Infrastructure, and Industrial Control System technologies at the agency. 

Before that role, he partnered as an executive leader supporting the Information Assurance Directorate at the NSA.  Mr. Peters also served in a broad range of leadership and Engineering roles including Chief of Staff for the NSA Cyber Task Force and a 5-year forward liaison charged with directing integration of cyber and cryptologic solutions for U.S. Air Force Europe, Ramstein AFB, Germany.

Mr. Peters is a repeatedly published OT Security thought leader and a frequent speaker at global industry events.  He holds a BS in Electronics Engineering and an MS in Engineering Management from the Johns Hopkins University.

Subscribe to Industry Today