Back to Blog

The Four Levels of OT Device Cyber Security

Nov 17, 2020
By Tony Bailey

Operational Technology (OT) Cyber Security Is Less Mature.

It’s a new frontier when it comes to the cyber security of network-connected OT devices such as laboratory equipment, medical devices, manufacturing equipment and smart building technology.  

On the IT security sidevulnerability management, monitoring and detection tools have been around for over 20 years But OT device cyber security is less mature with limited visibility of potential vulnerabilities and security management functions. Also, many enterprises don’t have a good accountability system for their OT devices, often complicated by multiple device inventories with inaccurate or mismatched information.  This low level of maturity provides an attacker with plenty of opportunities to create problems.  

In addition, when OT devices get attacked, the impacts can lead to downtime or safety issues that could result in injury or death. For example, almost one-third of connected medical devices are infusion pumps, delivering critical medication to patients. (Forescout Research) 

According to Gartner, over the past 5 years, the number of medical devices requiring security hardening by a healthcare provider has increased by 45%.  (Gartner)  When it comes to OT device cyber security, it’s critical to have the device security context to then make intelligent decisions and reduce risk.  

But there’s hope. We’ve outlined four levels of maturity for OT cyber security to help you make sure you’re achieving an optimal device security posture.  

Four Levels of Maturity for OT Cyber Security 

(Infographic: The Four Levels of Maturity for OT Cyber Security)

BEST 

  • Level 4: Device Inventory and OT Cyber Security Monitoring Tool – Full Integration 

This level is the most effective. The device discovery and OT cyber security monitoring software is fully integrated with complete device inventory data. A rules-based workflow identifies the devices that are affected. You have full security context and impact of the event. You’ll know what patch or mitigating controls are required, and the remediation priority. 

This level of cyber security maturity includes the ability to integrate information on the security context and impact of the event including what patch, configuration change or mitigating controls are required to then determine the remediation priority. 

The most important part is that OT cyber security work orders and security incidents are automatically generated to initiate remediation activities.  This closes the loop on determining the relative risk of a cyber-attack, prioritizes corrective maintenance work requirements and then auto-initiates remediation activities necessary such as software patching to address affected or vulnerable devices connected to your network.  This workflow automatically assigns work orders to an appropriate device engineer, information security analyst, or IT resource and tracks the progress of the work order through completion. 

The data security, IT, and device owners can now all operate with the same information.  Having everyone on the same page is essential for visibility and rapid remediation of OT cyber security events.

BETTER 

  • Level 3: Device Inventory and OT Cyber Security Monitoring Tool – Limited Integration 

You have a single device inventory platform with a basic interface to your OT cyber security monitoring tool, but if a security event occurs, the security team must attempt to interface the OT cyber monitoring information with the device inventory to try and understand the device context, risk and correlation across all devices, and find the device owners who can correct the problem. There’s no assessment, correlation, context, or orchestrated workflow to remediate the issue.  

BASIC 

  • Level 2: Device Inventory and OT Cyber Security Monitoring Tool – No Integration 

This level involves software that can gather connected device information. The problem is there’s no integration with the inventory system (CMMS or EAM). The OT security monitoring software and inventory system are all operating independently.  

If a security event occurs, there’s a scramble by the security team to figure out what the affected device is, who owns the device, its last known location and what software version it’s running. 

LIMITED 

  • Level 1: Device Inventory Only 

At this level, you’re running software such as a computerized maintenance management system (CMMS) or an enterprise asset management (EAM) system that has device inventory data and maintenance work order capabilities  When your IT security team catches an OT cyber security event through their IT monitoring software, they must determine what the device is and who to contact. The team managing OT devices is unaware of the issue. 

We can help you improve

Nuvolo provides a single trusted data source, with a common OT cyber security data model. This inventory is kept up to date during the entire product lifecycle from device onboarding, through to device retirement, our model enables a single source of truth and maintains secure management of devices: 

  • Authoritative OT device inventory when devices are on and off the network 
  • Standardization of OT device inventory data model 

We include out of the box integration with device discovery and monitoring tools for network-connected OT devices. This enables: 

  • Visibility of connected devices and persistent OT cyber security monitoring 
  • Identification of new on-network OT devices 
  • Device inventory matching and validation 
  • Contextual view of OT devices, including cyber profile, business context, and device history 

We maintain the OT device security lifecycle, providing: 

  • The ability to solve OT cyber security events 
  • Identification, prioritization, and remediation for all matching devices across an organization 
  • shared view of OT devices and security events for IT and OT teams 
  • Automated orchestration of multiple stakeholders to resolve OT device threats and vulnerabilities 
  • Tracking and reporting of the full OT cyber security lifecycle through to remediation  

 

Learn more about Nuvolo OT Cyber Security and the importance of an automated orchestration of remediation workflows, integrated with a single device inventory that’s interfaced with device monitoring software.