According to the 2019 Ponemon Cyber Security in Operational Technology Report, over 60% of respondents mention concern about an attack against operational technology (OT). But what is OT? When it comes to physical devices, OT can be defined as a network-connected device that monitors or controls processes, and events outside of Information Technology (IT). Some examples are building sensors, HVAC systems, medical devices, life sciences devices, and manufacturing equipment to name a few.
Cybersecurity refers to technical and management processes that protect systems from attack. With OT cybersecurity, these processes involve the discovery, monitoring, and remediation of network-connected OT devices affected by unusual behavior.
The increase of OT devices used in industries such as healthcare and life sciences has made OT cybersecurity more important. For example, in healthcare technology management (HTM), patient outcomes rely on health monitoring that operates without disruption. And applications of OT in smart buildings that use wireless devices to monitor and control systems such as heating, ventilation, and air conditioning (HVAC) rely on strong OT cybersecurity.
In contrast to OT cybersecurity, IT teams focus less on device resilience and more on the integrity of information. Thus, IT teams and OT teams may have different priorities. With attackers looking at new entry points into a business, this makes for a real threat.
The problem with OT cybersecurity is that many machines are running outdated software, or they may lack after-market security patches. This gives hackers an even greater opportunity to compromise them or infect them with malware and disrupt operations. Windows vulnerabilities like BlueKeep and DejaBlue continue to be discovered in old Windows systems. In 2020, TrapX Security found a new malware campaign targeting devices running embedded Windows 7. According to the 2020 Global Risk Report by OT security firm CyberX, unsupported and unpatched operating systems including Windows XP, Windows 2000, and now Windows 7 account for 71% of networks they examined.
When an OT cybersecurity event occurs, the security team may have little to no context about the device. There may be some basic information available, such as IP and MAC address. But device owner, location, usage, software version and latest maintenance record might be missing. When this happens, there’s a risk that the wrong remediation steps are taken, such as disconnecting a medical device. In an industry such as healthcare, it is critical that an authorized clinical engineer is dispatched to remediate the device. A patient’s health, patient health information, or a medical procedure might be at risk.
Addressing OT Security Challenges
To address these OT cybersecurity challenges, what’s needed is the ability to track and maintain an accurate inventory of OT assets and the details about them. When a device is purchased and provisioned, the device technician or a 3rd party field technician must be able to input the device details into the inventory when they work in-person or remotely on the device. These details should include make, model, serial number, location, owner name, latest software patches, and owning department. This device inventory acts as the single source of truth that gets an update when routine maintenance takes place, where personnel will enrich the device data with any new information.
But beyond device discovery and enriched device data, there must be security orchestration, automation, and response process and system of record where the inventory and security events data can be ingested. This system of action platform acts as a security hub, which the security, IT and clinical device engineer teams use to enable rapid remediation of security events.
When a security event takes place, the security team can see the full context of the device. They’ll know who the device owner is and what remediation process must be followed so a work order can be dispatched to the device engineer, or manufacturers or service providers field technician. And the work order process can be tracked so that security, IT, and the device engineers are kept aware of the remediation status.
Nuvolo OT Security solves the problem of quickly remediating OT cybersecurity events. That’s because Nuvolo becomes the system of record. Nuvolo will ingest security information, match up the device’s IP and MAC address, and fully contextualize it with things like the device usage, what PHI data the device is storing or accessing, and device maintenance records.
Nuvolo’s OT Security platform, when integrated with real-time monitoring systems provides the security and service management teams shared visibility into device posture. The integrated platform also automates remediation related workflows to reduce cybersecurity risk. In pioneering the industry’s first OT cybersecurity solution built on ServiceNow, Nuvolo helps customers achieve better product, facility, and patient safety while protecting critical infrastructure.
You can view a full demo on how OT Cyber can help you manage your non IT connected devices by contacting us here https://www.nuvolo.com/product-walkthrough/