This week, we have a guest post from Zhanwei Chan, Global Principal Business Innovation at NTT Security.
There is no longer any doubt that organizations are concerned over the security of our nation’s Industrial Control Systems (ICS), the vital infrastructure that underpins some of the most important utilities such as electricity, gas and water. In the last two years, we have seen a rise in malware and advanced persistent threats attacking ICS. Regulations have now been introduced into specific verticals to ensure that these ICS assets and networks meet minimum cybersecurity standards.
Globally, NTT Security consistently sees organizations challenged in the following areas:
- Low visibility into, and understanding of, the ICS network due to the traditional segregation of IT and Operational Technology (OT) operations.
- Meeting compliance requirements. Most organizations struggle to find their compliance position, especially those operating critical infrastructure systems.
- Shortage of ICS cybersecurity experts. A lack of skills in this areas is preventing organizations from addressing critical risks quickly and effectively.
It’s these challenges that have led to many organizations having a poor OT cybersecurity posture. After all, if they can’t identify the cybersecurity gaps, how can they create a structured plan to address them? We recommend that organizations work with a trusted security specialist to take the following basic, yet important, approach to securing their ICS.
- Gain visibility – organizations first need to gain a complete understanding of the ICS network. This includes automatic and passively discovering assets, learning how they are connected, their function, and the associated vulnerabilities. This step is important because organizations will not be able to protect what they do not know.
- Understand and prioritize risks – the next step is understand the potential cyber attacks and its associated risks to an organization’s operations. For example, how can malware infect the control systems, and what are the practical solutions? Use this insight to plan how to address these risks and prioritize the biggest risks first.
- Deploy architecture – this step focuses on executing the remediation plans. Some of the most common action items include network segmentation and monitoring, continuous anomaly detection, and securing remote access.
Taking these steps, in partnership with an ICS expert, will help ensure an organization’s operations become more resilient and operate longer without interruption. Many businesses operating critical infrastructure can’t do it along, which is why partnerships are key. The Department for Homeland Security in the US highlights the critical role of partnerships, as part of Critical Infrastructure Security and Resilience Month, but it’s true of any country. Securing critical infrastructure – wherever it may be – and ensuring its resilience is a shared responsibility for us all.
Read our thought leadership for more information on securing Operational Technology.