May 28, 2021
By Tony Bailey

The Future of Cybersecurity Needs to Include OT Security. Here’s Why.

In a recent communication, the U.S. government issued a directive underscoring the importance of cybersecurity as it relates to national and economic security. The directive seeks to create a sort of standardized playbook and set of definitions for cyber incident response by federal departments and agencies.

It mentions that an effective security program should be “employing automated tools, or comparable processes, that check for known and potential vulnerabilities and remediate them.” This means that organizations should be seeking solutions that automatically detect and address potential security threats.

The Risk of Ignoring OT Security

Unfortunately, when operational technology (OT) is involved, response and remediation can often be complex. This technology includes network-connected non-IT devices such as facilities systems, industrial controls, medical devices, and pharmaceutical manufacturing equipment.

Many of these devices can be used as attack vectors into an organization’s network. For example, in a 2020 Forescout report, legacy Microsoft Windows operating systems act as a major vulnerability for medical devices. Of the systems running Windows they analyzed, 71% were running unsupported versions like Windows 7, Windows 2008, and Windows Mobile.

To make things worse, OT device owners and IT security teams often don’t communicate with each other or share the same priorities. IT teams typically focus on protecting data, and OT device teams focus on device safety, reliability, and availability.

For example, if the operation of an infusion pump at a hospital is disrupted or altered by a security event, a patient may experience serious injury or death. Therefore, as soon as the pump’s IP or MAC address is identified as being under attack, the IT team needs to take action quickly—but they may not have the insights or tools they need to do so.

Addressing OT Threats and Vulnerabilities

So, what exactly is needed to ensure fast and effective response and remediation in accordance with the U.S. government’s new recommendations?

First, organizations need a good accountability system for their OT devices. This means they need a single, trusted device inventory with accurate information. The inventory should include full context about each device, such as maintenance history, device location, current status, service contract details, and device owner.

Second, they need a device discovery and OT security monitoring tool which is fully integrated with the complete device inventory data. This tool can aid in giving visibility to network-connected devices, assess their security vulnerabilities, and identify security events.

Last, and most important, a system of action is required with a rules-based workflow that identifies the devices that are affected. The accurate inventory provides full security context and impact of the event, which means organizations will know what patch or mitigating controls are required, as well as the remediation priority. OT security work orders and security incidents should then be automatically generated to initiate remediation activities, and the system should track the progress of the work order through completion.

OT Security as Part of Connected Workplace

Nuvolo Connected Workplace makes everything mentioned above possible. It provides a single trusted data source with a common OT security data model, and it maintains a standardized, up-to-date inventory during the entire product lifecycle, even when devices are off the network.

In addition, we include out-of-the-box integration with device discovery and monitoring tools for network-connected OT devices. This enables:

  • Visibility of connected devices and persistent OT security monitoring
  • Identification of new on-network OT devices
  • Device inventory matching and validation
  • Contextual view of OT devices, including cyber profile, business context, and device history

We help maintain the full OT device security lifecycle, providing:

  • The ability to solve OT security events
  • Identification, prioritization, and remediation for all matching devices across an organization
  • A shared view of OT devices and security events for IT and OT teams
  • Automated orchestration of multiple stakeholders to resolve OT device threats and vulnerabilities
  • Tracking and reporting of the full OT security lifecycle through to remediation

Learn more about Nuvolo OT Security and how automated remediation workflows, a single device inventory, and device monitoring software for all your OT devices within one platform can help strengthen your overall cybersecurity efforts.