Experts know that cybersecurity is a team sport. That was one of the big messages coming out of Rockwell Automation’s Automation Fair, held from Nov. 16-17 at McCormick Place in Chicago. Automation Fair touts that attendees can “experience the newest innovations and proven industrial automation solutions from Rockwell Automation and more than 100 members of our PartnerNetwork program,” but cyber awareness was front and center on both the show floor in separate breakout sessions. Gary Kneeland, senior product manager at Claroty, explained why industrial cybersecurity is more important than ever in his talk, “Industrial Networks and the Extended Internet of Things (XIoT).”
What is the XIoT?
The modern industrial network is more interconnected than ever before. Kneeland defined the XIoT as the “ever-growing web of connected devices that span and support cyber-physical systems and range from both legacy and greenfield OT (operational technology) assets to IT (information technology) and IoT (Internet of Things) devices, to building management system equipment.” In recent years, there has been a rapid proliferation of cyber-physical systems that often cannot be easily secured. The use of XIoT devices has grown year-over-year, in addition to traditional OT manufacturing devices.
Kneeland walked attendees from the birth of automation (Industry 3.0) to the modern XIoT (Industry 5.0). He said Industry 3.0 — which encompasses cyber and physical systems — was where automation first began and came into contact with the internet. It’s also where the first malware was launched. Industry 4.0 gave rise to cyber-physical systems, the IoT and smart manufacturing. It also saw massive, high-profile malware like Stuxnet, WannaCry and NotPetya. Industry 5.0, or the XIoT, will include hyperconnected and cognitive systems and has already spawned attacks on industrial targets, including Colonial Pipeline and JBS.
XIoT has many benefits, including:
- Innovative devices that optimize efficiency
- Competitive and business advantages
- Energy savings for sustainable growth
- Reduced total cost of ownership
But the proliferation of interconnected devices and a dearth of OT security has also led to many challenges, such as:
- Device expansion increases exposure
- Device diversity decreases visibility
- Commonly unmanaged and unmonitored
- Rapid growth of exploitable vulnerabilities
The journey to resilience
The journey to resilience in cyber-physical systems has not been an easy one. According to a Gartner survey, 60% of organizations are in the awareness phase, where they recognize and commit to addressing the need for better security. Kneeland said 30% of organizations fall in the visibility (gaining visibility via asset discovery and network mapping), “Oh, wow!” (Identifying security blind spots, risks and governance gaps) and firefighting (prioritizing and addressing top blind spots, risks and governance gaps) phases. Only 10% of organizations are in the integrations (integrating and aligning their cyber-physical systems with a SOC/IT security program, tools and governance) and optimization (harnessing cyber-physical systems security capabilities to drive operations resilience) phases. The ultimate goal is to achieve cyber and operational resilience.
Achieving cyber resilience in the age of connectivity can be complicated, but it’s essential to achieving business continuity. Kneeland listed several steps along this journey:
- Asset discovery: A comprehensive enterprise-wide XIoT asset visibility and communication profiling.
- Vulnerability and risk management: Identify vulnerabilities in the operational network, prioritize risk remediation efforts to enable continuous security posture management and compliance.
- Network protection: Network segmentation through tailored recommendations and access controls to enable a zero-trust architecture in your operational environment.
- Threat detection: Integrating with existing security operations center (SOC) solutions to mitigate cyberattacks before they can impact operations.
- Asset management: Leverage in-depth asset insights and an enriched configuration management database (CMDB) to monitor for asset updates, enable service level agreement (SLA) compliance and optimize supply chain processes.
- Change management: Empower change programs with continuous operations monitoring, detailed asset profiles and efficient reporting tools.
- Remote access: Granular and efficient provisioning of credentials with strict oversight and control of internal and third-party remote network sessions.
XIoT best practices
So how can organizations manage OT security, a large task with many facets? Kneeland suggests breaking the problem down into smaller parts to avoid “analysis paralysis.” In other words, start with what is achievable. This includes identifying critical assets, gathering information about those assets, beginning a process around securing these critical assets and expanding to other areas.
It’s also important to drive collaboration across an organization. Many teams should be involved in modern OT projects, including IT infrastructure, security, engineering, maintenance and operations. Having all stakeholders involved in operational security — from the plant floor to the C-suite — is critical for success.
Kneeland concluded with a few cybersecurity best practices that will help implement effective OT security controls:
- Identify and create a perimeter.
- Restrict access to the perimeter with firewalls, network controls, etc.
- Monitor critical communications.
- Use segmentation/VLANs.
- Create endpoint security and enable security controls.
Beginning a journey to cyber and operational resilience requires an understanding of your own priorities and of how the XIoT affects industrial environments. To learn more about how XIoT impacts industrial environments, check out our ICS Pulse webcast with Matt Ziegler, senior technical product marketing manager with Claroty.