One of the main topics of this year’s RSA Conference is IT-OT cybersecurity convergence. But what are we talking about? Industrial IoT (IIoT) is all around us: in water, in gas, and electricity distribution networks, running power plants and critical infrastructure, in production lines and transportation networks, and more.
In the traditional IT world, security risks involve threats that would undermine the confidentiality, integrity, and availability of data and systems. Given that in 2019, $3.5 billion was lost to known cyber-scams and ransomware according to the FBI’s Internet Crime Report, the impact is largely financial.
IIoT drives the physical world where operational technologies (OT) are used. The risk in IIoT environments involves threats that would undermine the operational safety (physical security of goods and people, environmental impact) and the availability or even the physical integrity of the production process. Theft of intellectual property and trade secrets is a major concern, and the impact is not just financial, but also social, human, and ecological.
With 150 million IIoT devices coming online by 2021, industrial networks have become a target for hackers. Cyber attacks on IoT devices surged 300 percent in 2019, and 41.2 percent of ICS computers were attacked at least once in H1 2019.
What can be done? Cisco has put together this infographic that provides you with a roadmap to ensuring the continuity, resilience, and safety of operations as you secure OT environments. Here’s how:
Step 1: Identify your industrial assets
The old adage “you can’t protect what you can’t see” remains the primary challenge in securing OT environments. To build and enforce your security policies, you need to know all of your industrial assets, understand who and what they’re communicating with, and identify high risk vulnerabilities to patch.
Step 2: Segment your control networks
Industrial security best practices suggest migrating networks toward architectures compliant with ISA99/IEC-62443, which calls for the creation of zones and conduits. This is about placing assets that don’t need to talk to each other into isolated network segments to reduce the risk of an attack propagating across your entire industrial infrastructure.
Step 3: Enforce security policies
As the industrial domain is exposed to both traditional IT threats and targeted attacks aimed at modifying the industrial process, automatically enforcing policies specific to your OT environment becomes critical. Additionally, you need to be able to identify intrusions from the IT domain, attempts to modify industrial assets and processes, and control communications on your industrial network.
Step 4: Monitor industrial processes
Leverage the time and money you’ve invested in your IT cybersecurity environment to block attacks on your industrial network before it’s too late. Detect anomalies in your industrial processes to identify unexpected changes to machine configurations and early signs of an attack. Feed your security operations center (SOC) with OT context so your security experts can run converged IT/OT threat investigations, uncover threats to your OT domain and keep production safe.
Step 5: Leverage Cisco as your partner for the road ahead
Only Cisco brings unprecedented scale and simplicity to industrial IoT security. Cisco Cyber Vision gives you full visibility into IIoT, including dynamic asset inventory, near real-time monitoring of operational environments and process data, and comprehensive threat intelligence, so you can build secure infrastructures and enforce security policies to control risk.
Combining a unique edge monitoring architecture and deep integration with Cisco’s firewalls, network access control, traffic analysis, and the rest of our security portfolio, Cisco Cyber Vision can be easily deployed at scale so you can ensure the continuity, resilience, and safety of your industrial operations.
And to learn more about Cisco and industrial security, stop by the Cisco booth at the RSA Conference this week in San Francisco (North Hall #6045).