February 24, 2023 Leveraging Security Automation in IT/OT Environments

To overcome the growing obstacles OT security teams face, the critical infrastructure sector should turn to automated security solutions.

By Nick Tausek, Lead Security Automation Architect at Swimlane

The critical infrastructure sector has witnessed many changes in supply chain management, energy management and remote monitoring over the past decade. One of the most notable changes has been the convergence of operational technology (OT) systems with information technology (IT) systems, which has presented many opportunities and challenges for security teams.

Thanks to the convergence of IT and OT systems, the number of assets for OT security teams to manage has skyrocketed, alongside the security threats that come with cyber-physical systems. Asset and vulnerability management plays a critical role in cybersecurity frameworks developed to protect critical infrastructure, like the NIST Cybersecurity Framework and the MITRE ATT&CK and D3FEND Frameworks. Still, these processes are time-consuming and labor-intensive for security analysts. As IT and OT systems continue to connect, difficulties like analyst burnout, expanding attack surfaces and increasing volume of cyber attacks will only get worse.

To overcome the growing obstacles OT security teams face, the critical infrastructure sector should turn to automated security solutions to reduce the burden of securing their environments. A security automation platform is essential to successfully address threats closer to the point of inception in near real-time while working to prevent future threats.

The State of IT/OT

OT represents a broad array of systems used in industrial environments to monitor and control physical processes like manufacturing lines, energy plants and power grids. On the flip side, IT focuses on managing data flows between people and computers, which involves everything from laptops and smartphones to cloud servers and databases.

These two disciplines have developed independently over time, resulting in disparate technologies that have difficulty communicating effectively. With the digitization of sectors like manufacturing, more connected devices are being used than ever before and we are seeing a big-bang convergence of the cyber-physical threat. The explosion of the Internet of Things (IoT) has led to even more big data that’s stuck in the convergence of IT and OT. It’s estimated that there will be over 75 billion IoT devices by 2025, many of which will live in OT ecosystems. Additionally, 72% of industry leaders expect IoT to have the most profound future impact on their organizations.

While some may consider it to be just another buzzword, the transition to Industry 4.0 (AKA The Fourth Industrial Revolution, the current period of rapid innovation and growth fueled by greater implementation of interconnectivity and automation) fuels the IT/OT convergence and the difficulties that come along with it. The rise of IoT assets and the transition to cloud environments have opened organizations to even more threats resulting in higher volumes of manual work for OT security teams.

Leveraging Security Automation for Operational Success

The worlds of IT and OT have historically been very siloed, with each group focused on its own workloads, metrics and processes. Today, it’s clear that the only way to improve security risk posture in environments where both IT and OT are present is by aligning IT and OT systems. The key to unlocking this potential is through automation to make manual processes more efficient and effective, reduce manual process volume itself, and finally unify the IT and OT silos. Automation helps to support OT security teams as they face new challenges in a few key ways:

• Gain visibility and improve metrics: When it comes to security, visibility is key. Without it, security teams don’t know what’s happening in their network or how effective their security controls are. Manual processes make it easy to miss blind spots and make it impossible to provide real-time monitoring and detection capabilities for cyber threats. Automation helps fill these gaps by enabling security teams to monitor the entire infrastructure from a single platform so they can get a holistic view of all devices across the enterprise. This enables analysts to detect problems quickly before they cause damage by responding to alerts and events more rapidly and effectively when they occur, and remediate issues more quickly with automated response capability.
• Reduce organizational risk: Security automation helps reduce organizational risk for OT security by reducing the need for human intervention regarding threat detection and incident response. OT security teams can deploy processes like device quarantine, isolation, device tagging and decoy deployment in a fully automated or manual trigger fashion. When automation is used to enhance vulnerability management, OT security teams can proactively patch assets and monitor threats.
• Accelerate OT security advancement: Automation is a powerful tool that can help security teams streamline processes, increase productivity, and reduce costs. It’s also an ideal way to accelerate OT security advancements by automating tasks that would otherwise require manual effort and intervention. By shifting staff’s attention from repetitive, manual processes and tasks to strategic decision-making, security leaders can reduce staff burnout while improving security risk posture. Taking a proactive approach to OT security is key to unlocking more possibilities with automation.

Looking Ahead for the Critical Infrastructure Sector

Industry 4.0 depends on automation to support the efficient operation of industrial systems and critical infrastructure. In the years ahead, the need for automation will continue to grow, and security will become an even greater priority for enterprise stakeholders. The demand for automation beyond conventional security use cases will also escalate as threats like brand impersonation, fraud, and insider threats continue to evolve. Organizations will need to introduce a centralized security automation platform across even more siloed departments, like HR and legal. And with the advent of more low-code-based approaches to automation, teams can find implementations more adaptable and scalable across a broader skillset.

With a high volume of OT assets and ever-expanding compliance requirements, it has become unrealistic to expect security teams to manually monitor, manage and triage asset vulnerabilities in near-real time. As the integration of OT and IT systems continues and the rise of the cyber-physical threat persists, approachable automation will be the key to giving security teams the tools to defend against rising cyber threats effectively.

Nick Tausek is the Lead Security Solutions Architect at Swimlane, where he focuses on discovering, building and presenting on different security automation use cases to solve the biggest security operations challenges. He has extensive experience in varied security domains and specialties with a focus on rapid development and deployment of creative solutions in a multitude of languages and environments. Before Swimlane, he was an information security analyst within the federal government, NGOs, corporate environments, and managed security services providers for over 8 years. In his pre-infosecurity life, Nick held various roles in voice over IP, tech support, web design, and translation services.  He speaks English, Japanese, German, and a little French, and programs mostly in Python, but is comfortable in a handful of other languages as well, including JS, VBA, HTML, CSS and others.

Subscribe to Industry Today