Sun Tzu’s the Art of War is a famous book known for insights from the Chinese philosopher with a guided focus on leadership, strategy and military theories. While the book is renowned for many insights into warfare tactics, it also provides some good insight into defensive strategies that are helpful when thinking about industrial security.
“The general who wins a battle makes many calculations in his temple before the battle is fought. The general who loses a battle makes but few calculations.”-Sun Tzu
OT networks are one of the key focus areas for malicious attacks. The recently released Cisco 2018 Annual Cybersecurity Report highlight the impact that security vulnerabilities are having within the manufacturing industry:
- 31% of security professionals said their organizations have already experienced cyber-attacks on OT infrastructure
- 38% said they expect attacks to extend from IT to OT in the next year
- 69% of organizations believe OT is a viable attack vector in 2018
As factories work to drive better business outcomes using connectivity and data, it’s clear they are rich target for increasing threats.
Visibility and Context
Now going back to Tzu’s point – the battle is coming to the industrial sector, and without careful consideration and strategy the contest can be lost quickly – resulting in downtime, lost revenue, loss of data, and worst case – impacting worker safety.
One of the first calculations you need to take is understanding the strengths and weaknesses in your industrial infrastructure. That starts with having visibility and context into what is on the plant floor. Too often there are gaps in understanding what equipment is out there, what protocol it is running on and where it is connected to the network. Once this information is understood, an in-depth defense strategy can be established, as well as, the beginning work on assessing where you stand on process, procedures, policy and having the right infrastructure in place.
Know Yourself, Know your Enemy
An important point Tzu made around strategy included the idea of how to use context and visibility while also understanding what one’s strengths and weaknesses are.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” -Sun Tzu
This concept of knowing one’s self is where IT and OT teams need to work together to build out their defenses. Operations teams are great about understanding how to processes and have in-depth knowledge of their industrial systems. IT teams have fantastic expertise in security and have been focused on protecting and managing data for decades. The environments are different, but as networks converge, there are real opportunities for these groups to work in tandem and coordinate together to establish not only visibility but also better control over networks, understand what is the baseline of traffic and activity and then work on creating the policies and procedures to protect it effectively. Establishing this coordination between the two groups also raises the knowledge bar between the two groups as OT professionals increase their security knowledge and capabilities, while IT becomes more familiar with operations that can help them be more effective in helping drive business outcomes.
The Secure Opportunity
Organizations are now moving past the concept of just talking about industrial security and the idea of “security by obscurity” to develop a real strategy to ensure they can mitigate and contain risks. What has been lacking are practical tools that not only benefit the operations teams for monitoring and troubleshooting and are easy to use, but also leverage Enterprise security features that support network segmentation, access, monitoring and detection.
“Opportunities multiply as they are seized” -Sun Tzu
To help manufacturers support better security collaboration between OT and IT, we have published a whitepaper on manufacturing security, with a focus on bridging the gap between IT and OT. This paper focuses on the current state and challenges for IT/OT security in manufacturing and explores solutions such as Cisco’s Industrial Network Director for industrial network visibility, and it’s integration with Identity Services Engine (ISE) for access control and Stealthwatch for improved visibility and threat detection.
For guidance in assessing risk and setting a security strategy, visit our interactive security experience for manufacturing.