search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
PROCESS AUTOMATION FEATURE


THE RIGHT REMEDY FOR OT VULNERABILITY 20%


Scott Hollis, director of product management at PAS, looks at the challenges of managing operational technology (OT) cybersecurity threats in process industries


I


ndustrial process and power companies struggle to effectively manage OT


cybersecurity vulnerabilities and risks. This threat is expanding, and such vulnerabilities are considerably harder to identify and remediate than IT vulnerabilities. The sophistication and effectiveness of recent industrial cyber attacks, such as the Triton/Trisis malware attack in 2017, demonstrate that it is more important than ever to identify and remedy OT vulnerabilities. Even though attacks on OT systems are


rapidly escalating, many industrial organisations continue to focus cybersecurity efforts on IT-centric, rather than production-centric, endpoints. They also continue to rely on manual vulnerability management processes, leaving their facilities exposed to risk. IT-centric cybersecurity approaches focus on securing Level 2 endpoints (Perdue model) − operator workstations, servers, routers, and switches − as they are much easier to assess than controllers and smart field instruments. However, focusing on Level 2 endpoints gives only a surface view because they make up only 20% of endpoints that exist in process control networks. Level 1 and 0 systems are often left unassessed. They comprise 80% of the cyber assets in industrial facilities and include the DCS, PLCs, Safety Instrumented Systems, turbine controls, smart field instruments, and the sensors that connect to process equipment. Level 1 and 0 endpoints matter the most because they are responsible for delivering safe and profitable production. However, proprietary architectures and lack of standard protocols in multi-vendor process control environments makes asset discovery, vulnerability assessment, and risk mitigation difficult. This leaves OT systems exposed to vulnerabilities lurking on these underlying systems. The number of vulnerability advisories


issued by ICS-CERT has increased by 1,035% since 2010. Many of these have likely been present for years, only coming to light now due to increased awareness of ICS cybersecurity risk.


Level 1 Controller LAN


5 Level 4


Level Internet DMZ Enterprise LAN Level 3 Operations DMZ Level 2


IT-Centric Endpoints Local


HMI Proprietary ICS Assets DCS PLC PLC PLC SIS SIS


Turbine Control


Vibration Monitoring 80% 0% SCA CADA Conf nfi fig. Station


Data Collector fo


for Level 3


Level 0 Instrumentation Production-Centric Endpoints OT vulnerability assessment is often a


largely manual, point-in-time activity performed by outside contractors once every few years. Assessments quickly become outdated as systems change, existing vulnerabilities are remediated, and new vulnerabilities emerge. To maintain currency, OT cybersecurity


professionals monitor ICS-CERT and automation vendor websites for new vulnerability advisories or bulletins, and then send emails to asset owners at sites to determine if systems are vulnerable, and if so, what the remediation plans are. Timely, accurate responses are rare, leaving most organisations in the dark regarding their current risk. Vendor patches and updates are often not applied for months or years. What’s Required: Better OT


Vulnerability Visibility and Management The variety of automation system brands and models running in industrial facilities necessitates a more efficient, standardised approach to OT vulnerability identification and remediation tracking. You Must Know What Assets You


Have – Industrial environments need a comprehensive inventory of all their Level 2, 1, and 0 systems, including detailed information about current system configurations, firmware versions,


Level 1 and 0 endpoints matter the most because they are responsible for delivering safe and profitable production


operating systems, and applications. Manage Change Effectively – Asset security postures change when engineers install new components or perform upgrades and maintenance. Cybersecurity personnel must have an automated way to identify changes and quickly discover any new vulnerabilities. Look for Vulnerabilities All The Time –


According to Scott Hollis, ‘As new vulnerabilities are disclosed and system configurations change, OT systems that were previously secure become insecure. Organisations that implement continuous OT vulnerability


management practices across all their Level 2, 1, and 0 endpoints are best positioned to avoid the danger unseen OT vulnerabilities present


The number of vulnerability advisories issued by ICS-CERT has increased by 1,035% since 2010 (below)


193 142 99 69 17 PAS 2010 2011 2012 2013 2014 2015 2016 2017 www.pas.com  PROCESS & CONTROL | JUNE 2018 25 79 85 140


Only automated approaches to OT vulnerability assessment can keep up with the rapidly evolving OT threat landscape. Levels 2, 1, and 0 assessments should occur when new vulnerabilities are published, new systems come onto the PCN, or existing systems are updated. Prioritise Remediation or Mitigation – Cybersecurity personnel must prioritise vulnerability remediation or mitigation activities based on potential impacts. Many organisations use the National


Vulnerability Database (NVD) Common Vulnerability Score System (CVSS) to gauge the potential impact a vulnerability may have. Other factors, such as asset location and criticality to process safety and reliability, should also be considered. Track Vulnerability Remediation Continuously – Defined vulnerability remediation and mitigation workflows ensure consistent activity tracking and reporting. Viewing the latest data in dashboards and trend views provides the information to make educated vulnerability remediation and cyber risk management decisions. Stay on Top of OT Vulnerabilities and


Risks – Industrial facilities must recognise that vulnerability management is an ongoing, never-ending process focused on risk reduction, not a point-in-time assessment.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44