Operational Technology (OT) Security Is Less Mature.
It’s a new frontier when it comes to the cybersecurity of network-connected OT devices such as laboratory equipment, medical devices, manufacturing equipment and smart building technology.
On the IT security side, vulnerability management, monitoring and detection tools have been around for over 20 years. But OT device cybersecurity is less mature with limited visibility of potential vulnerabilities and security management functions. Also, many enterprises don’t have a good accountability system for their OT devices, often complicated by multiple device inventories with inaccurate or mismatched information. This low level of maturity provides an attacker with plenty of opportunities to create problems.
In addition, when OT devices get attacked, the impacts can lead to downtime or safety issues that could result in injury or death. For example, almost one-third of connected medical devices are infusion pumps, delivering critical medication to patients. (Forescout Research)
According to Gartner, over the past 5 years, the number of medical devices requiring security hardening by a healthcare provider has increased by 45%. (Gartner) When it comes to OT device cyber security, it’s critical to have the device security context to then make intelligent decisions and reduce risk.
But there’s hope. We’ve outlined four levels of maturity for OT cybersecurity to help you make sure you’re achieving an optimal device security posture.
Four Levels of Maturity for OT Security
(Infographic: The Four Levels of Maturity for OT Security)
- Level 4: Device Inventory and OT Security Monitoring Tool – Full Integration
This level is the most effective. The device discovery and OT security monitoring software is fully integrated with complete device inventory data. A rules-based workflow identifies the devices that are affected. You have full security context and impact of the event. You’ll know what patch or mitigating controls are required, and the remediation priority.
This level of cybersecurity maturity includes the ability to integrate information on the security context and impact of the event including what patch, configuration change or mitigating controls are required to then determine the remediation priority.
The most important part is that OT security work orders and security incidents are automatically generated to initiate remediation activities. This closes the loop on determining the relative risk of a cyber-attack, prioritizes corrective maintenance work requirements and then auto-initiates remediation activities necessary such as software patching to address affected or vulnerable devices connected to your network. This workflow automatically assigns work orders to an appropriate device engineer, information security analyst, or IT resource and tracks the progress of the work order through completion.
The data security, IT, and device owners can now all operate with the same information. Having everyone on the same page is essential for visibility and rapid remediation of OT security events.
- Level 3: Device Inventory and OT Security Monitoring Tool – Limited Integration
You have a single device inventory platform with a basic interface to your OT security monitoring tool, but if a security event occurs, the security team must attempt to interface the OT cyber monitoring information with the device inventory to try and understand the device context, risk and correlation across all devices, and find the device owners who can correct the problem. There’s no assessment, correlation, context, or orchestrated workflow to remediate the issue.
- Level 2: Device Inventory and OT Security Monitoring Tool – No Integration
This level involves software that can gather connected device information. The problem is there’s no integration with the inventory system (CMMS or EAM). The OT security monitoring software and inventory system are all operating independently.
If a security event occurs, there’s a scramble by the security team to figure out what the affected device is, who owns the device, its last known location and what software version it’s running.
- Level 1: Device Inventory Only
At this level, you’re running software such as a computerized maintenance management system (CMMS) or an enterprise asset management (EAM) system that has device inventory data and maintenance work order capabilities. When your IT security team catches an OT security event through their IT monitoring software, they must determine what the device is and who to contact. The team managing OT devices are unaware of the issue.
We can help you improve
Nuvolo provides a single trusted data source, with a common OT security data model. This inventory is kept up to date during the entire product lifecycle from device onboarding, through to device retirement, our model enables a single source of truth and maintains secure management of devices:
- Authoritative OT device inventory when devices are on and off the network
- Standardization of OT device inventory data model
We include out of the box integration with device discovery and monitoring tools for network-connected OT devices. This enables:
- Visibility of connected devices and persistent OT security monitoring
- Identification of new on-network OT devices
- Device inventory matching and validation
- Contextual view of OT devices, including cyber profile, business context, and device history
We maintain the OT device security lifecycle, providing:
- The ability to solve OT security events
- Identification, prioritization, and remediation for all matching devices across an organization
- A shared view of OT devices and security events for IT and OT teams
- Automated orchestration of multiple stakeholders to resolve OT device threats and vulnerabilities
- Tracking and reporting of the full OT security lifecycle through to remediation
Learn more about Nuvolo OT Security and the importance of an automated orchestration of remediation workflows, integrated with a single device inventory that’s interfaced with device monitoring software.