Light Dark
June 21, 2019 By Michael Rothschild 3 min read
CISO

In the world of IT security, there are not many instances in which data is lacking. The issue is more often what to do with the mountains of data once you have it. Due to this deluge of information, security administrators need to reduce false positives and generate more accurate data to escalate the threats that matter and sift out the noise.

Of course, there are many tools available today to help you harness data to prioritize threats in your IT network. But can that same data help with threats in your operational technology (OT) network?

3 Things You Should Know About IoT Security for OT Networks

Conversations about cybersecurity often revolve around personally identifiable information (PII) and financial breaches. But industrial processes for automakers, pharmaceutical manufacturers, power and utility companies, and other types of businesses require protection from any incident that can negatively impact the product yield. If threats are targeted toward ingredient amounts, temperatures, air bags, or any other element core to productivity or human safety, the impact can be far worse than that of stolen credit cards.

Let’s consider three of the most critical factors affecting internet of things (IoT) security in operational technology environments.

1. IoT Security Is a Moving Target

Security is constantly evolving. Today, organizations face more heterogeneous audiences that access more applications from more devices in more places, exposing the organization to new attack surfaces. The responsibility of securing the operational zone’s network and all the ways it can be impacted further complicates the mission and creates new requirements for skills and resources. At the same time, attack vectors all around are increasing due to new IoT security threat variants, vulnerabilities and methodologies.

In addition to external cyberattacks, system errors, misconfigured equipment, malicious insiders, compromised employees, and third-party contractors with access to both IT and OT networks are all growing parts of the equation. Even regular, nonmalicious maintenance workers can pose a threat to productivity and safety.

This rise in overall risk has forced the security and operations communities to come together, seek and deploy appropriate security that can grow with the organization, and address evolving security threats to guard it from a potentially catastrophic incident.

2. The Internet of Everything Amplifies the Risk

Critical infrastructure and industrial organizations have been grappling with security modernization over time. The digital infrastructure that runs processes such as those that generate power, process water, manage industrial procedures and keep equipment running was, until recently, isolated and air-gapped. For decades, security was of little concern, especially compared to the importance of safety and business continuity goals in those sectors.

Digital convergence is a secondary and related trend that has gained momentum in IT and OT infrastructures. Enabling these once-segregated environments to seamlessly share information has yielded additional operational and business benefits, but it is not without risks. With this new paradigm of free-flowing information, attacks can also begin creeping laterally from the IT to the OT environment or vice versa, often unencumbered.

Furthermore, the lack of visibility and security coordination between IT and OT can yield a perfect launching point for a debilitating attack that can take extended periods of time to recognize and mitigate, resulting in further and unnecessary damage.

3. Operational Technology Is Evolving — and So Are Security Tools

Like IT, OT security is making strides that will benefit from technological advances. The IoT, for example, streamlines processes, achieves extreme efficiencies and yields significant cost savings. The information gleaned from the industrial internet of things (IIoT) provides a single-pane-of-glass view of rich information from even the most remote and geographically distributed environments imaginable.

For the very first time, detailed data from a 3,000-mile pipeline, 50-plus deepwater drilling platforms and cement factory furnaces in multiple locations around the world can be simultaneously accessible, and in more detail than ever before. To truly enjoy all the benefits of the IIoT and IT/OT convergence, it is essential to deploy security that can marry the intelligence gleaned from both IT and OT.

Security information and event management (SIEM) technology is specifically designed to sort through large digital haystacks of data to find the security needles of activities, traffic flows and behaviors that look suspicious. A joint solution that leverages OT cybersecurity technology can provide an additional feed into the SIEM tool to deliver full visibility, security and control across these two converging worlds.

OT security with active detection, a robust policy engine and real-time deterministic data can shed light on behaviors unique to OT environments, reduce false positives and provide crucial information on the integrity of devices on the network. This rich set of data is then combined with intelligence feeds from the SIEM solution, where advanced processing and heuristics identify stealthy and sophisticated attacks that evade point security products.

Visit the IBM X-Force Exchange to learn more

 |  |  |  |  |  | 
Michael Rothschild

More from CISO
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 2, 2024

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature