As OT and IT continue to converge and incorporate the cloud, significant security risks arise. Defeat them with an adaptive cloud approach.
By Rick Peters, CISO for operational technology, North America, Fortinet
The boundaries between the physical and digital worlds continue to blur as OT and IT environments increasingly come together. This cyber-physical world incorporates elements like cloud applications and web-enabled sensors, both creating and driving the need for more data that yields actionable intelligence. This creates the need for a more automated security paradigm able to address the diminishing dependence on OT’s traditional “air gap.”
Challenges to OT Cloud Security
It is challenging to adeptly enforce security controls when adoption of technological innovation occurs so rapidly. When working to secure OT cloud environments, security teams must address the following challenges:
- Aging IT: The notion of connecting ICS to the cloud is a relatively new consideration. Adapting OT environments with legacy hardware and software to the cloud means potentially introducing vulnerabilities to infrastructure that is less resilient that its IT counterpart. This presents cybercriminals with an opportunity to leverage historical tradecraft to gain access and perform cyber target reconnaissance.
- Expanding threat environment: Clearly the attack surface continues to broaden with the digital transformation of IT and OT networks, as well as increased cloud adoption. Historically, OT systems remained on-premises, insultated behind corporate networks. Now, relatively insecure OT devices can introduce weaknesses in the organization’s cloud IT infrastructure.
- Misconfiguring the cloud: Misconfigured cloud-based resources can expose OT environments cyber risk. Malicious actors targeting a misconfiguration when moving laterally within the OT infrastructure can cause disruption as part of a structured cyber attack. With cyber and physical systems interconnected, companies risk physical harm to employees, as well as data exfiltration.
An Adaptive Approach to Cloud Security
Amid the digitization of operations, organizations must be able to protect data as it traverses between OT and IT infrastructures. From the outset, this requires organizations define cyber strategy with a focus on security into their initial plans as they build out their new hybrid infrastructures. Best practices for managing OT and cybersecurity by design should include security at these levels:
- Platform: Deploying security as part of the foundation rather than as an afterthought.
- Application: Tracking and reporting on software vulnerabilities.
- Centralized network: Centralizing network visibility and monitoring across the IT and OT environments with a network operations center (NOC).
Next, organizations must implement an adaptive cloud security approach that extends across on-premises, multi-cloud and hybrid infrastructures. To meet that challenge, organizations should consider a four-pillar approach to their adaptive cloud security strategy to yield continuous earned trust:
Adaptive cloud security: Connecting virtual intelligence analysis resources to protect against multiple threat vectors while employing consistent models and accommodating integration with third-party applications.
AI-driven security operations: Implementing technologies like artificial intelligence (AI) and machine learning (ML) coupled with automated processes to detect and neutralize threats at the speed of business.
Zero trust: It’s possible to isolate workflows and applications using intent-based segmentation that interprets business and security requirements, then automatically converts them into a segmentation policy.
Security-driven networking: Incorporating security architecture with network infrastructure and employing an integrated security platform to enable and enforce access control and segmentation.
Building a Secure IT/OT Environment
The advantages of shifting OT to the cloud can outweigh the risks if organizations implement a robust security strategy to mitigate these potential risks. One example of this is leveraging automation to improve processes, enhance analytic accuracy and reduce errors. To secure these IT/OT interconnected layers, organizations must view them as systems within systems, with the whole more complex than the sum of its parts. Vigilance across the OT architecture must extend from the plant floor all the way up through to the cloud. Foundationally, visibility remains a primary problem to address as organizations move toward a digitally transformed IT/OT environment.
These transformational challenges associated with migrating to the cloud can be addressed with the adoption of an integrated security ecosystem. This ecosystem delivers on cyber best practices, managing the detection of suspicious activities and using a containment and mitigation strategy to ensure safe and continuous operations. It enables organizations to build security by design with the broadest set of offerings to maintain the same level of security across their IT and OT network environments.
The centralized management system enables OT businesses to configure, manage and monitor all components, to eliminate silos and provide greater visibility. The integrated security architecture maximizes threat detection and minimizes response times while also enabling users to coordinate automated incident response for enhanced threat remediation across the extended network. These security elements combine to create an environment that is safe and sustainable for OT. In the end, OT leaders gain greater visibility and automation to safeguard their emerging cloud businesses when they adopt services that provide sustained situational awareness.
Richard Peters (firstname.lastname@example.org) | CISO, Operational Technology, Washington, D.C.
Mr. Peters is the CISO for Operational Technology, North America for Fortinet Inc. delivering cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments. He is charged with overseeing growth of Fortinet’s penetration into the largest global OT marketspace. That charge entails identifying and partnering to gain traction on existing OT business campaigns as well as targeting emerging customer opportunities.
Immediately prior, he served as the Director Operational Technology Global Enablement for Fortinet. In this capacity, Mr. Peters enabled OT business growth by partnering with Fortinet OT Security, Sales and Marketing counterparts. The success realized in EMEA and APAC over two years keyed recognition and a strategic transition to focus on North America as the largest target marketspace in 2020.
Prior to joining Fortinet, he served the U.S. Intelligence Community for more than 37 years imparting cybersecurity and global partnering experience across foreign, domestic, and commercial industry sectors at the National Security Agency (NSA). He led development of cyber capability against Endpoint, Infrastructure, and Industrial Control System technologies at the agency.
Before that role, he partnered as an executive leader supporting the Information Assurance Directorate at the NSA. Mr. Peters also served in a broad range of leadership and Engineering roles including Chief of Staff for the NSA Cyber Task Force and a 5-year forward liaison charged with directing integration of cyber and cryptologic solutions for U.S. Air Force Europe, Ramstein AFB, Germany.
Mr. Peters is a repeatedly published OT Security thought leader and a frequent speaker at global industry events. He holds a BS in Electronics Engineering and an MS in Engineering Management from the Johns Hopkins University.