Industrial Cybersecurity Pulse
  • SUBSCRIBE
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
SUBSCRIBE
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
Industrial Cybersecurity Pulse
Subscribe
Industrial Cybersecurity Pulse
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • IT/OT

How ‘Think Global: Act Local’ can help manage OT security through COVID-19

  • John Livingston
  • February 8, 2022
Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.
Courtesy: Brett Sayles
Total
0
Shares
0
0
0
0

In a rapidly changing world, we are grateful technology allows industrial organizations to operate their security and operational technology (OT) systems management quite effectively from a remote environment. Although it was not designed for a pandemic crisis, the “Think Global: Act Local” architecture, which is a direct response to scarce information technology (IT) security resources available to the OT market, is still quite useful. This architecture is tailor-made to allow effective security and OT systems management in this time of physical distancing.

What is the “Think Global: Act Local” architecture?

A key requirement for security and systems management capabilities across manufacturing, power, oil and gas, and other industrial companies is access to centralized visibility, analysis and design of remediation actions with localized control over the final decision to execute on those remediation actions.

Industrial companies require local and corporate-wide visibility to real-time data, such as logs and alerts, for teams to collaborate across central security operations center (SOC) or network operations center (NOC) and the local plant personnel.

For many, plant systems sit behind data diodes, requiring visibility of information pushed out through the diode for central analysis and troubleshooting, compliance reporting and planning.

The answer to this growing need was “Think Global: Act Local.” The architecture, specifically designed for these remote industrial environments, leverages a unique blend of software – agent/agentless/virtual machines/encrypted messaging/etc. – to allow for true remote visibility and operations.

The basic construct can be seen below:

Courtesy: Verve Industrial

Benefits of remote access management for industrial security

The core of this architecture, “Think Global” is for multiple sites (one of Verve’s customers has 600 sites around the world) to report up to a centralized analysis and reporting console. The data that flows “northbound” from each site includes a range of items:

  • Asset inventory
  • Software inventory on all devices (includes firmware, OS, application software)
  • Patch and vulnerability status
  • Configuration settings
  • Information on dozens of third-party software options including AV/application whitelisting status, backup status, etc.
  • Real-time information such as logs, net flow, device performance statistics
  • Real-time alarm data from DCS systems
  • OT-specific context such as system criticality to operations, system owner, location, etc.
  • And more than 1,000 other pieces of information

This data is analyzed by a machine learning engine in real time, monitoring for known exploits or actions requiring attention.

The practical benefits of this are wide-ranging in this time of remote work:

  • Real-time visibility of all vulnerabilities and patch status on all IT and OT assets
  • Ability to see DCS alarms in a single database and dashboard across all sites, enterprise-wide, remotely
  • Ability to identify root cause issues using log, device performance and endpoint data together to conduct incident response to both security and reliability issues
  • Centralized ability to analyze potential threats within the environment
  • Multi-perspective or 360-degree view of the asset from OT context to specific configuration and risk allow for prioritized, contextual risk acceptance and remediation planning

The second key element of the architecture is the “Act Local” component, allowing for a centralized design of actions with controlled automation of final execution of those actions.  Remote visibility, as described above, allows remote teams to quickly identify and get to the bottom of incidents.

Without the “Act Local” component, remote support would not be very effective. With “Act Local,” central/remote teams can analyze and develop playbooks of actions a local site needs to remediate issues.

This includes actions like turning off ports, removing software, patching systems, reconfiguring a switch rule, removing user accounts, changing configuration settings, etc. It allows for true remote OT systems management to ensure reliable, safe and secure OT systems.

The logical flow is as follows:

Courtesy: Verve Industrial

Perhaps the most important component of this architecture is local control over remediation actions. In most industrial environments, the only people allowed onsite are those deemed “essential.” This means many of the staff typically responsible for maintenance may not be present.

The “Think Global: Act Local” architecture allows for the remote team of maintenance and security personnel to design actions pushed down to the site. The “essential” personnel onsite execute the action when appropriate from an operational point of view. This means all of the security analysis, prioritization of risk, root cause analysis, etc. is conducted remotely, while the sensitive operations are maintained at the site.

In the unprecedented times we’re facing today, the “Think Global: Act Local” architecture radically simplified the operational model for security and reliability. It means the difference between being secure and being vulnerable to cyber threats.

When the COVID-19 pandemic slows and we return to normalcy, those that implemented this architecture will find that the efficiencies gained can be extended to a new model of operational efficiency and speed to incident remediation.

Deploying security management remotely

For those without the architecture in place right now, it is important to know this can be deployed remotely. There has been a surge of interest in adopting this architecture as industrial organizations continue on their cybersecurity maturity journeys with limited onsite staff and no ability to send contractors onsite to deploy additional hardware.

– Verve is a CFE Media content partner.

Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.

John Livingston

John Livingston, CEO, Verve Industrial.

Related Topics
  • CFE Content
  • Featured
Previous Article
Image courtesy: Brett Sayles
  • Regulations

Enhance industrial network security by following IEC 62443-4-2

  • Felipe Sabino Costa
  • February 7, 2022
Read More
Next Article
Courtesy: CFE Media and Technology
  • Education

NSF award will help IUPUI train, increase diversity of next wave of cybersecurity engineers

  • Indiana University
  • February 9, 2022
Read More
You May Also Like
Richard Robinson, CEO of Cynalytica Inc.
Read More

Using Machine Learning to Protect OT: Expert Interview Series, Richard Robinson, Cynalytica

Courtesy: Industrial Defender
Read More

Six ways to strengthen OT security

Courtesy of: Verve Industrial
Read More

Four benefits of OT endpoint security asset management

Courtesy: CFE Media
Read More

Adapting XDR for OT cybersecurity

Read More

How Conti ransomware took down operational technology

As threat increases, college cybersecurity programs are more in demand
Read More

Dragos YIR report shows rise in threat groups, vulnerabilities and ransomware

Courtesy: CFE Media
Read More

Using defensive deception to prevent IT/OT manufacturing threats

Read More

How to implement a cybersecurity maturity model for the industrial space

SUBSCRIBE

GET ON THE BEAT

Keep your finger on the pulse of top industry news

SUBSCRIBE TODAY!
VULNERABILITY PULSE
  • Mitsubishi Electric - June 14, 2022
  • Meridian Cooperative - June 14, 2022
  • Johnson Controls - June 14, 2022
  • Microsoft - June 14, 2022
  • Citrix - June 14, 2022

RECENT NEWS

  • Protecting the power grid through cyber-physical threat response
  • How to secure Industry 4.0 in a highly connected world
  • Managing external connections to your operational technology (OT) environment
  • Webcast: Addressing Cybersecurity Challenges in Industry 4.0
  • How a desert water utility helped protect critical infrastructure

EDUCATION BEAT

Introduction to Cybersecurity within Cyber-Physical Systems

Cyber-physical systems serve as the foundation and the invention base of the modern society making them critical to both government and business.

REGISTER NOW!
HACKS & ATTACKS
  • Ron Brash Interview: Expert advice on finding the root of the ransomware problem
  • Throwback Attack: How the modest Bowman Avenue Dam became the target of Iranian hackers
  • Minimizing the REvil impact delivered via Kaseya servers
  • Key takeaways from 2020 ICS-CERT vulnerabilities
Industrial Cybersecurity Pulse

Copyright 2022 CFE Media and Technology.
All rights reserved.


BETA

Version 1.0

  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions

Input your search keywords and press Enter.

By using this website, you agree to our use of cookies. This may include personalization of content and ads, and traffic analytics. Review our Privacy Policy for more information. ACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT