OT Visibility Critical for Cybersecurity

Do you know exactly which OT assets you’re running and which vulnerabilities exist in those assets?

By Jennifer Halsey, Dragos

Understanding the operational technology (OT) environment—including which assets are connected to the OT network, what unexpected traffic looks like, which vulnerabilities to prioritize, and which potential threat behaviors might be lurking within—is fundamental to strong industrial cybersecurity. Without comprehensive OT visibility, it’s almost impossible to measure and mitigate your unique risk landscape.

• Does your organization suffer from limited OT visibility? Consider the following questions:

• Do you know exactly which OT assets you’re running, including the specific software versions they’re operating?

• Do you know which vulnerabilities exist in those assets—and which ones introduce the most risk to the OT environment? Do you have a methodology to prioritize patching and do you know how to implement alternative mitigations?

• Would you know if you were compromised? How long could a compromise go on before you knew it? In a recent Ponemon Institute study (Traverse City, MI, ponemon.org), it took companies an average of 170 days to detect an incident.

The path to progress

OT visibility consists of these factors: asset visibility, threat visibility, and vulnerability management.

Organizations achieve OT asset visibility by discovering, inventorying, and classifying the systems that run operational processes in industrial facilities. OT asset visibility tracks configuration states of assets, versions used, and maps relationships between assets. Asset visibility is first established with an inventory of assets, which can then be used to prioritize which assets to monitor on a continuous basis for threat detection, vulnerability management, and change control.

Threat visibility leverages the combination of thorough, relevant OT threat intelligence and threat-detection mechanisms that identify active threats in an environment. OT threat intelligence is collected by expert ICS cybersecurity researchers who actively hunt for and observe industrial-specific adversaries on a range of industrial networks worldwide. They categorize the tactics, techniques, and procedures (TTPs) of the threat actors and provide advisories that include attack details and technical indicators of compromise (IOCs) tied to them.

Vulnerability management is the practice of identifying and remediating vulnerabilities or weaknesses in OT assets that put them at risk of a cyberattack. Software flaws can exist in operating systems, applications, industrial firmware, or protocols and are classified based on risk of exploitation.

Effective OT vulnerability management can help:

• Simplify compliance by effectively documenting vulnerabilities and their disposition (patched, remediated, or risk-accepted).

• Prioritize action around vulnerabilities based on importance of the asset, downtime risks, and evidence of in-the-wild exploits against them.

• Maximize remediation resources to get the most out of cybersecurity budgets.

• Provide a unifying view of vulnerabilities across assets for OT operators and cybersecurity stakeholders. EP

Jennifer Halsey is the Senior Manager of Industry Marketing for Dragos Inc., Hanover, MD (dragos.com). Prior to joining Dragos, Halsey was the Director of Communications & Brand Strategy at the International Society of Automation (ISA), Pittsburgh (isa.org). Dragos is one of the founding members of the ISA Global Cybersecurity Alliance.