Beyond Segmentation: A Practical Approach to Securing OT Systems
As an oil and gas operator, you function in a target-rich environment for cyberattack. But are your fears over unseen threats preventing you from leveraging the full power of Digital and the Internet of Things (IoT) in your facility? Or hampering your development of a sound security strategy?
It’s true that cyberattacks against energy infrastructure are becoming more common. And at the same time, attackers are evolving their strategies to cause more damage. But the cost to the energy sector is also evolving.
No longer is it just limited to production being taken offline. We are now finding that cyberthreats can impact other areas important to your operations, including the health and safety of your employees and intellectual property theft. And as IoT based systems and devices increase, the issue will increase in complexity. Plus, add in the costs to fix it all (and any fines involved from failing compliance), and the damage to your reputation could be severe.
Moving beyond segmentation
The cyber threats facing operational environments are evolving faster than ever before, and a security strategy that depends solely on segmentation can’t defend against things like malware and advanced persistent threats (APT). Your strategy must include cyber security capabilities beyond just segmentation in order to keep up with cyber adversaries.
That’s why it’s critical for energy leaders like yourself to implement a rock-solid strategy that addresses the industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems found in your OT networks. But be sure it is one based on end-to-end protection that empowers tools for rapid incident response, plus these two key capabilities:
- Enabling deeper visibility into operations.
- Securing touchpoints at points of ICS/SCADA interaction.
You’ll also need to make sure that your OT security strategy aligns with any industry standards (like IEC 62443 and NIST 800-82). Oh, and remember to do it all in a way that will help your eventual OT shift to the cloud.
I imagine you’re thinking that all sounds like a tall order. Well, you’re right. Developing a sound OT security strategy isn’t easy for any industry, especially energy. But, in a strange way, that’s where the easy part starts: partnering with an industry leader. This does a few things for your organization. First, it takes a lot of the stress off. Secondly, it empowers innovative solutions and support. Both are critical if you are short of staff or expertise and can serve as rocket fuel for your security strategy.
Deeper visibility for OT cybersecurity compliance
At Cisco, we start by enabling deeper visibility and better detection of anomalies. Just as in everyday life, the greater your awareness, the more information you have; and the better your decisions and outcomes are.
It’s the same in cybersecurity. That’s why enabling deeper visibility into your ICS and SCADA networks is so critical. This is the starting point that can give your team the data they need to create a baseline of operations including OT devices, applications, users, and associated traffic flows. It enables faster identification of suspicious behavior and can be done using:
- Cisco Firepower® Threat Defense (NGFW)
- Cisco 3000 Series Industrial Security Appliances (ISA)
- Cisco Stealthwatch® analytics
- Industrial Ethernet (IE) switches with NetFlow
- Deep packet inspection for Modbus, Ethernet/IP, and DNP3.
Secure touchpoints for better OT security management
We then move on to the second critical step in developing a sound OT security strategy: protecting vulnerable touchpoints. Specifically, those where people and their devices interact with your ICS/SCADA systems. This helps reduce cyberthreats that can enter your network from online malware, email or USB devices. Plus, it can improve your time to detect (TTD) and your time to respond (TTR), working as a beachhead against an attacker by reducing their time in the system to do damage.
Threats emerging via endpoints can be reduced using advanced malware detection and prevention. That’s why we developed:
- Cisco Advanced Malware Protection (AMP) for Endpoints and AMP for Networks
- Cisco Talos™ global threat intelligence.
Wrapping it up
As your OT cybersecurity strategy unfolds, making sure it aligns with industry standards is also easier with the help of a partner like Cisco. Since we deal with such issues on a regular basis, we’re very familiar with industry compliance issues, giving that due consideration in our solutions. And as software for OEM, third-party data analytics and machine maintenance move to the cloud, having an industry-leading partner can help your team be ready as well via tools like Cisco Umbrella™, Cisco Cloudlock™ and Cisco Stealthwatch Cloud.
By partnering with Cisco, energy producers around the world are already enjoying this level of end-to-end cybersecurity as part of their OT security strategy and protecting their critical industrial systems. Now it’s your turn. If you happen to be at Cisco Live in San Diego the week of June 10th we welcome you to stop by our Oil and Gas area in the Industrial Showcase and let us know your thoughts on securing your OT environment. If you would like more detailed information on security and other emerging technology issues in Energy, please visit us at www.cisco.com/go/energy