Securing the Industrial Internet of Things in OT Networks

In many organizations, traditional IT and critical Operational Technology (OT) networks are being merged to take advantage of the speed and efficiency of today’s digital marketplace. Typical OT networks are comprised of switches, monitors, sensors, valves, and manufacturing devices managed by an ICS system through remote terminal units (RTUs) and programmable logic controllers (PLCs) over a serial or IP connection. Since these systems manage sensitive and sometimes dangerous environments, they demand safe and continuous operation. To achieve that, they have traditionally tended to be air-gapped from the IT network to avoid the sorts of intermittent network or device crashes that IT systems can tolerate.

These systems are built upon high-value OT assets that can range into the billions of dollars. A system crash on a manufacturing floor can stall production for hours and potentially ruin millions of dollars in materials. Even worse, having to reset an open furnace or a 10,000-gallon boiler processing caustic chemicals can have far more devastating consequences than temporarily losing access to an online printer.

Since the primary goals of an OT environment are the safety of employees and local communities, while ensuring the constant availability and uptime of the network, its connected devices, applications, and operating systems are rarely updated. In fact, because these systems can operate for 30 to 40 years in their OT environments, they depend on dated configurations that remain unpatched. And because patching and updating devices can require shutting down entire systems, most OT managers follow the “if it isn’t broken, don’t fix it” rule. As a result, many older OT systems are notoriously vulnerable to malware and other threats that IT networks are naturally protected against. Complicating the problem further, many of the devices and systems installed in an OT network are also notoriously fragile. Even processes as benign as active device scanning can cause them to fail.

Digital transformation is impacting the security of OT environments

The challenge is that today’s digital marketplace requires organizations to respond faster to consumer demands than traditional OT processes can deliver. The addition of modern Industrial IoT (IIoT) devices to OT networks enables organizations to automate what were traditionally static, and mostly manual OT processes, as well as create smart physical environments such as office buildings, manufacturing floors, inventory warehouses, or physical plants. Effectively competing in the digital economy also requires integrating things like real-time data collection and analysis and remote management tools into OT networks to realize greater efficiency.

Beyond the need for an efficient and timely response, an additional challenge is surfacing as a result of digital transformation. System complexity brought about through the amalgamation of OT technology is raising the stakes, and the complexity of security integration, even higher. In smart buildings, for example, there exists a system of systems running simultaneously, including electrical grids, communications, security systems such as badge readers and access controls, fire protection, HVAC systems, and elevators. To manage these IIoT, OT, and IT systems centrally, they are increasingly being merged into a single control system. And in an environment where OT teams are managing multiple buildings simultaneously, this may also entail enabling remote management through a cloud-based platform.

Bolt-on security is not an option

Of course, given what we know about most OT environments, the implications of digital transformation and convergence from a security perspective are self-evident. As a result, a more systematic solutions approach is essential to solving modern OT security challenges. Attempts to address risk by simply deploying off-the-shelf firewalls, sandboxes, and IPS systems into OT environments present an unacceptable, disruptive, and uncertain outcome. Security tools need to be purpose-built to understand the sorts of protocols, communications, and services that have been deployed to preserve safety and availability while implementing OT security.

Instead, organizations need to start by designing security into the OT environment at the highest level to address the bigger picture that provides the absolutes of availability, safety, and security without having to bolt security onto the network as an afterthought. Lacking an architected and integrated strategy, security can quickly scale out of proportion if you try to secure and manage each of these systems separately. As an example, in building automation systems an integrated, segmented, and layered approach enables security to extend beyond merely locking down the HVAC system, to delivering real-time analytics and control that ensures integrity while safeguarding other systems such as fire suppression.

Visibility, control, and zero trust

This journey towards securing modern OT environments is begun by establishing continuous visibility. Network access control solutions can help with inventorying and managing IIoT devices, including keeping track of every connected device on your network, even as devices join or leave or move from one location to another. But control in the OT environment also entails baselining normal traffic and predefining approved functions that yield recognition and real-time response to any behavior that is out of scope. Fortunately, device behaviors within an OT environment tend to be static and predictable, so anomalous behaviors are more likely to be immediately apparent and identified.

In today's converged OT workplace, there’s also a deafening level of trust afforded to both the individual as well as an untrusted device. Such implicit trust is why in many OT networks it's entirely possible for an engineer to be able to control any PLC in the network from a single laptop. Likewise, when environment access is granted to accomplish maintenance through wired or wireless access, complete system access via an uncontrolled laptop is not uncommon. This is why securing your OT environment requires organizations to migrate away from implied trust towards a zero trust model.

Imagine one of your engineers, Ron, has been sitting at an HMI workstation managing the same line for 15 years. He's never given you any cause for concern, so you trust him implicitly. The advent of convergence, however, presents new severe OT risk, and what worked historically is now being replaced with systems that are suddenly interconnected and highly vulnerable devices that can be compromised remotely.

Part of the challenge is changing your paradigm. It often helps to start by assuming that your system has already been compromised. Visualizing the presence of malware, unmitigated access, and the ability of a threat actor to elevate privilege enables OT security teams to implement a more proactive approach to identifying and neutralizing access to critical and highly valued OT assets. This approach also enables establishing processes for at-speed recognition of actions that are beyond the scope of normal.

Finally, organizations need to shift from a reactive to a proactive security posture, allowing them to securely integrate their OT processes while extending protection far beyond those available with present day system defenses. Zero trust goes beyond merely changing policies and procedures, and requires engineering security directly into the environment to enable proactive security.

This requires implementing technical strategies such as segmentation and multi-factor authentication to mitigate the access control risk. For example, when a user or device is authorized into a specific subsection of the OT network at layer two of the Purdue model, they are limited to functioning properly within that restricted network zone. Likewise, all activity beyond the immediate authorized domain would require authenticated approval, thereby precluding an ability to impact the OT infrastructure both vertically and horizontally.

Our experts say about Fortinet Certification Exams

Providing Improved Security Posture for Your Customers

Providing Improved Posture with a Cyber Threat Assessment Program

Effective network architectures rely on their ability to remain agile despite constantly evolving advanced and persistent threats. In this effort, knowing where an existing security posture is effective—and where it’s not—can make all the difference. However, when it comes to understanding if a current security posture can stand up to the modern threat landscape, there are two paths that an IT team can follow: wait for a successful network breach to happen or run validation testing.

CTAPs give your customers deep visibility into the state of their security posture to help them shift their defense strategies away from reactive attack mitigation and toward active threat prevention—providing visibility across three key areas:

Security and Threat Prevention: Threat assessment programs not only help identify network vulnerabilities, but frame them in relation to the malware/botnets associated with your customers’ networks. From there, those devices particularly at risk to these kinds of cyberthreats can be identified and properly secured.

User Productivity: A CTAP provides customers with extensive visibility into peer-to-peer, messaging, and other application usage, providing cybersecurity teams with greater visibility into and control over their networks.

Network Utilization and Performance: The assessment program also provides insights into the throughput, session, and bandwidth usage requirements customers have during peak traffic—providing network utilization and monitoring to enable optimal performance.

What’s more, a cyber threat assessment program provides data on the threats and attacks your customers may currently be facing in their live production environment. An effective CTAP can identify sophisticated attacks designed to avoid detection by bypassing traditional security firewalls and other detection tools. For your customers – particularly those that have not implemented security strategies aimed at identifying advanced threats – a CTAP can be especially useful.

The Cyber Threat Assessment Program Process

For partners looking to provide their customers with Fortinet’s CTAP assessment, the process is simple. It involves logging into the CTAP portal, applying a provided FortiGate configuration file, connecting a FortiGate device to your customer’s network, and letting it collect data for three to seven days. That’s it.

Once completed, logs can be uploaded back to the CTAP portal or sent to a hosted FortiAnalyzer for analysis. Then you simply log back into the CTAP portal, generate your customer’s report, and set up a meeting to discuss their CTAP findings with them.

The Benefits of CTAP

Given that our Global Threat Landscape Report for Q3 reported that FortiGuard Labs detected more than 34 thousand unique malware variants for the quarter, it’s safe to say that organizations with limited visibility into their security posture across the network are at a significantly high risk of serious attacks. With this in mind, CTAP provides the fundamental knowledge your customers need in order to evaluate their current efforts and realign their strategies to better address the modern threat landscape. Diving deeper, running CTAPs provides several benefits for partners and their customers:

Benefits for Partners:

1. Assessment results help open a dialogue with customers regarding their unique vulnerabilities, the current threats they face, and the areas where organizations like Fortinet can actively help them address their cybersecurity needs.
2. The ability to run CTAPs provides partners with in-depth, granular knowledge of their customers’ unique network infrastructures, vulnerabilities, and security needs—allowing them to provide tailored services unique to the needs of the individual organization.
3. When customers have clear insights into their networks backed by real-time intelligence, their subsequent security needs are clearly defined. This translates to accelerated purchase decisions, shorter sales cycles, and higher close rates.
4. CTAPs also serve as a way to demonstrate the importance and necessity of a Security Fabric, highlighting crucial fabric elements across the network infrastructure.

Benefits for Customers:

1. Customers get to evaluate their security posture before an attack, enabling them to proactively address security vulnerabilities that have the potential to seriously impact their business.
2. CTAPs also provide insights into their network architecture’s performance capabilities, allowing them to understand their capabilities during periods of high-traffic, while illustrating their network’s needs and limitations.
3. The assessment program also allows customers to evaluate the effectiveness of solutions within their real-world environment without any disruption to their existing network. This provides an in-depth analysis of their security postures without impacting their organization’s mission

Success Secrets: How you can Pass Fortinet Certification Exams in first attempt 

Fortinet’s Leadership in OT Security Expanded with New Additions to its Fabric-Ready Partner Ecosystem

John Maddison, SVP of products and solutions at Fortinet

“As OT networks embrace digital transformation, and physical and cyber domains continue to converge, sensitive production environments and critical infrastructures are increasingly being exposed to cyber risks. Fortinet is committed to protecting crucial and sensitive OT environments through the integrated power of the Fortinet Security Fabric, which includes advanced and specialized protections provided by our growing number of Fabric-Ready Partners.”

News Summary

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced the expansion of its Technology Alliances ecosystem to include four leading operational technology specialists.

• The OT industry is being impacted by convergence and digital transformation. As physical and IT networks continue to integrate, including those in critical infrastructures and industrial automation companies, OT networks are leveraging well-integrated solutions based on strong segmentation and specialized analytics to ensure the safety and reliability of physical processes and things, addressing new security risks targeting multi-vector threat landscapes.
• Fortinet, an established leader in OT security and safety, is building upon its success with existing Fabric-Ready Partner Nozomi Networks and is announcing its partnership with three additional OT specialist firms – RAD, Indegy and SecurityMatters. These partnerships extend the range of integrated security solutions now available to OT customers through the Fortinet Security Fabric.
• Fortinet’s Security Fabric platform approach to cybersecurity leverages Fabric APIs, Fabric Connectors and DevOps scripts and tools to create an open ecosystem to accommodate leading technology solutions. This integrated approach seamlessly brings together a wide range of critical security solutions designed for the OT segment to enable comprehensive and centralized safety, reliability and security.

Operational Technology (OT) organizations are adopting digital transformation to unlock the advantages of the Internet and connected IIoT devices. But as cybercriminals begin to more aggressively target OT devices and systems, OT networks need to evolve to address increasing cyber risk. The challenge is that the nature of many OT networks requires specialized security technologies and solutions in order to provide protections without impacting the function of oftentimes sensitive equipment and systems. According to Gartner, “The converging of IT and OT systems, combined with increased use of IoT in industrial environments, is challenging many security practices in defining the best security architecture that aligns to transforming and modernizing environments.”1 As OT networks emerge as a new target for cybercriminals, they need a single, cohesive Security Fabric platform that enables them to seamlessly address security risk across multi-vector threat landscapes without overburdening security staff resources or impacting their networked environments.

To better address this challenge, Fortinet, a longtime leader in the growing space of OT cybersecurity, welcomes four OT specialist firms into its Technology Alliance and Fabric-Ready Partner ecosystem to expand the range of solutions available for OT customers. Three new OT security specialists – RAD, Indegy and SecurityMatters – join with longstanding partner Nozomi Networks to provide advanced visibility into the OT-specific commands and protocols to better inform the Fortinet Security Fabric to secure the emerging cyber-physical domain of OT networks. These partners enhance the OT-specific capabilities within Fortinet’s portfolio by adding deep packet inspection and contextual analysis capabilities to Fortinet’s OT vulnerability scanning and policy enforcement.

Fortinet is one of the few major security vendors to address the cybersecurity, safety and reliability challenges being faced by the OT industry. The Fortinet Security Fabric provides a unique centralized and integrated platform approach to security through purpose-built solutions designed for OT environments, combined with strategic partnerships with some of the industry’s leading OT security specialists. Unlike most security platforms, the Fortinet Security Fabric is flexible enough to easily accommodate and integrate with a large number of partners to provide truly comprehensive security coverage for this important segment.

Success Secrets: How you can Pass Fortinet NSE8 in first attempt