Nov 17, 2020
By Tony Bailey

The Four Levels of Operational Technology Management and Security

With the introduction of the Internet of Things (IoT), network-connected technology has become more prevalent, but its management is less mature.

It’s a new frontier when it comes to the cybersecurity of network-connected OT devices such as laboratory equipment, medical devices, manufacturing equipment, and smart building technology.  

Operational technology has been built and implemented with the concept of reliability, workplace optimization, and durability in mind—but the reality of managing and securing devices connected to the network was sometimes a second thought.

On the IT security sidevulnerability management, monitoring, and detection tools have been around for over 20 yearsBut the concept of OT device management and cybersecurity is less mature. 

The lack of a good accountability system for OT devices, and the confusion that can arise when there are multiple device inventories, can lead to downtime or safety issues that could result in injury or death. For example, almost one-third of connected medical devices are infusion pumps, delivering critical medication to patients.

According to Gartner, over the past 5 years, the number of medical devices requiring security hardening by a healthcare provider has increased by 45%When it comes to OT device cyber security, it’s critical to have the device security context to then make intelligent decisions and reduce risk.  

But there’s hope. We’ve outlined four maturity levels for OT cybersecurity to help you achieve an optimal device security posture.  

Four Levels of Maturity for OT Management and Security 

(Infographic: The Four Levels of Maturity for OT  Security)

BEST 

  • Level 4: Device Inventory and OT Monitoring Tool — Full Integration 

This level is the most effective. The device discovery and security monitoring software is fully integrated with complete device inventory data. A rules-based workflow identifies the devices that are affected. You have full security context and impact of the event. You know what patch or mitigating controls are required, and you know the remediation priority. 

This level of cybersecurity maturity includes the ability to integrate information on the security context and impact of the event including what patch, configuration change or mitigating controls are required to then determine the remediation priority. 

The most important part is that OT security work orders and security incidents are automatically generated to initiate remediation activities. This closes the loop on determining the relative risk of a cyber-attack, prioritizes corrective maintenance work requirements and then auto-initiates remediation activities necessary such as software patching to address affected or vulnerable devices connected to your OT network.  This workflow automatically assigns work orders to an appropriate device engineer, information security analyst, or IT resource and tracks the progress of the work order through completion. 

The data security, IT, and device owners can now all operate with the same information.  Having everyone on the same page is essential for visibility and rapid remediation of security events.

BETTER 

  • Level 3: Device Inventory and OT Monitoring Tool — Limited Integration 

You have a single device inventory platform with a basic interface to your OT monitoring tool, but if a security event occurs, the security team must attempt to interface the OT cyber monitoring information with the device inventory to try and understand the device context, risk and correlation across all devices, and find the device owners who can correct the problem. There’s no assessment, correlation, context, or orchestrated workflow to remediate the issue.  

BASIC 

  • Level 2: Device Inventory and OT Monitoring Tool — No Integration 

This level involves software that can gather connected OT device information. The problem is there’s no integration with the inventory system (CMMS or EAM). The OT monitoring software and inventory system are all operating independently.  

If a security event occurs, there’s a scramble by the security team to figure out what the affected device is, who owns the device, its last known location and what software version it’s running. 

LIMITED 

  • Level 1: Device Inventory Only 

At this level, you’re running software such as a computerized maintenance management system (CMMS) or an enterprise asset management (EAM) system that has device inventory data and maintenance work order capabilities When your IT security team catches a security event through their IT monitoring software, they must determine what the device is and who to contact. The team managing OT devices are unaware of the issue. 

We Can Help You Improve

Nuvolo provides a single trusted data source, with a common OT management data model. This inventory is kept up to date during the entire product lifecyclefrom device onboarding through to device retirement. Our model enables a single source of truth and maintains secure management of devices: 

  • Authoritative OT inventory when devices are on and off the network 
  • Standardization of OT device inventory data models 

We include out-of-the-box integration with device discovery and monitoring tools for network-connected OT devices. This enables: 

  • Visibility of connected devices and persistent security monitoring 
  • Identification of new on-network OT devices 
  • Device inventory matching and validation 
  • Contextual view of OT devices, including cyber profile, business context, and device history 

We maintain the OT device security lifecycle, providing: 

  • The ability to solve OT vulnerabilities 
  • Identification, prioritization, and remediation for all matching devices across an organization’s OT network 
  • shared view of OT devices and security events for IT and OT teams 
  • Automated orchestration of multiple stakeholders to resolve OT device threats and vulnerabilities 
  • Tracking and reporting of the full OT lifecycle through to remediation  

 

Learn more about Nuvolo OT management and the importance of an automated orchestration of remediation workflows, integrated with a single device inventory that’s interfaced with device monitoring software.