Four tips for organisations to help future-proof their OT security strategy
Article by Forescout Asia Pacific and Japan senior director systems engineering, Steve Hunter.
The operational technology (OT) security market is officially in transition. Acquisitions are accelerating, venture capital investment is slowing, and strategic partnerships are becoming critically important. OT systems themselves are also in a transitional state, as traditional, isolated legacy systems turn into fully IP-connected, cyber-physical systems. To stay relevant in the OT world, the cybersecurity market is evolving alongside these systems.
Gartner states that, by the end of 2023, organisations will need to adjust their OT security solutions, because 60% of today’s point solution OT security providers will have been rebranded, repositioned or bought, or will have disappeared.* While this may cause anxiety for OT security stakeholders, businesses can implement strategies to help prepare for the imminent changes in the OT security market.
IT and OT networks are founded on different and often conflicting priorities, making IT-OT security challenging for businesses. Only when the needs of both environments are thoroughly understood can digital convergence be successful.
Forescout has developed four tips to help businesses future proof their OT security strategy:
1. Proactively identify, classify and monitor OT network assets
The first step to managing cyber and operational risk for any OT system is to figure out what’s in it. Almost every security framework, including NIST CSF, NERC CIP and CIS Critical Security Controls, requires identifying and classifying hardware as a prerequisite. If businesses haven’t implemented some form of real-time OT asset inventory tracking, they should make it a priority for 2020.
OT systems are rapidly morphing into cyber-physical systems that are connected to vast corporate and operational networks via the internet. Not only does this expose them to new internet-based threats, but it also increases the potential for misconfiguration and malfunction of these assets. More moving parts plus more connections equals a higher risk of operational problems.
Proactively identifying, classifying and monitoring OT network assets can help businesses discover what risks they face in the present, and also plan to reduce future risks. Not only will cyber threats like malware be a risk, but businesses will also be able to confirm whether assets in a cyber-physical system are performing as they should and take steps to remediate any issues before they cause downtime. Implementing an OT network monitoring technology is one of the fastest ways to create and monitor an accurate asset inventory. Businesses should look for a mature vendor with an extensive library of built-in checks for OT-specific cyber and operational threats developed from experience in the field.
2. Align IT and OT teams to execute integrated cybersecurity initiatives
With IT-OT convergence gaining more traction, businesses need to implement a strong cybersecurity program while also maintaining the top priority of availability for OT systems. For this to succeed, many elements must align, and teams must seamlessly integrate. There are certain areas where IT is the expert and other areas where OT is the expert, and both teams need to align, working towards a common goal.
To promote an alignment initiative, businesses must clearly define roles and common goals, designating subject matter experts, and conducting cross-training. Additionally, empowering teams with mature platform security solutions that have strong cross-functional capabilities can greatly streamline security activities and improve team cohesion.
3. Use proof-of-value (PoV) requirements that will accurately assess a vendor’s suitability
When undertaking any security PoV, all relevant teams, including security, engineering and operations, should be consulted for input. Ensuring that solution requirements meet everyone’s needs is vital to the success of any OT security investment.
Elements to consider include how a vendor is collecting OT data, the strength of a vendor’s threat intelligence database, and how comprehensive their orchestration and integration capabilities are.
Whatever PoV requirements businesses decide to include, the most important thing is to ensure that they accurately assess a vendor’s maturity and suitability for the business, as well as try to weed out companies that won’t be around in two or three years.
4. Align with emerging market dynamics by reassessing the OT security vendor landscape
Acquisitions and partnerships in OT security products are accelerating, making the market landscape more volatile. As this market matures, narrow-scope point solutions will be challenged by vendors offering organisation-wide platforms that traverse IT, OT, Internet of Things (IoT), and the cloud.* This year is an ideal time to evaluate the current security suite to understand which tools are providing the most value and whether any of the organisation’s current vendors are at risk of becoming obsolete or going out of business.
The future of the OT security market is uncertain; however, by staying up to date on emerging technologies and understanding how IT and OT networks interoperate, organisations can holistically manage risks to their organisational OT infrastructure.