Pierre Nanterme - CEO of Accenture has rightly said during World Economic Forum in Davos in 2016 on the Forth Industrial revolution that Digital is the main reason just over half of the companies on the Fortune 500 have disappeared since the year 2000.Business today may it be Government, Mining, Energy, Oil & Gas or Public Utility, Manufacturing, Telecom, Retail, Banking, Healthcare, Insurance, Hitech, Pharma or travel are affected by security threats. Digital in opening the new markets, platform and better efficiency but the cyber threat looms large on business. How do we protect? Well to start with Cyber Security is constantly moving target and we need adapt. Primarily the threat can be segregated into IT threats and OT threats. With Industry 4.0 the fine line between IT and OT is further diminishing.
IT or Information Technology threat is primarily to do with the threats to Personal computer, Laptops, Server, Network Device, Data Centre, Mobile, Communication, Cloud security, Enterprise Resource Planning, (ERP) Application Security and Governance Risk and Compliance.
OT or Operation Technology threats are to do with the Internet of Things, Communication like Bluetooth, WIFI, Near Field communication, Machines, Pigs, Secure Industrial Control System (ICS), Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control System (DCS) Programmable Logic Controllers (PLC), Industrial Automation and Control Systems (IACS), Printers, Sensors, Electronic Control Unit (ECU) etc.
Some high-level steps that can be taken are to have an IT and OT Security Policy and make sure there are awareness and training about them and the awareness group should not just include employees but also the supplier, partner, distributor etc in the ecosystem. Have right tools like End Point protection, Email and Web protection, IPS & IDS, NAC along with Firewall in place, for insider threat and access control an Identity and Access management tool, Privilege assess management along with multifactor authentication and a password generation tool and for cloud CASB. In case of Critical Infrastructure, Banks, Government, Public sector and Energy Oil and Gas sector it is advisable to have an Advance threat protection and an endpoint detection and response as these are sectors prone to targeted state-level attacks.
For Operational Technology it is advised that a monitoring tool is deployed at the PLC – Programmable logical controller layer to monitor the threats to OT assets or any change in the configuration that can lead to accident, monitoring of compliance along with any device that is connected to the OT network which is not meant to be connected. Hence the Network discovery and assets management play a crucial role, it is critical to identify if all patches are up to date and there are trusted software and hardware in the network. The security threat needs to be monitored with Intrusion detection and prevention from HMI – Human Machine interface to OT or from OT to the IT network. Man in the middle attack and DDOS attack etc.
Behavior analytics and anomaly is an essential element for both IT and OT security.
Once the IT and OT network are appropriately secured one should target to set up a security operating centre and collect the IT logs in form of Event Per Sec – EPS and OT logs as Packet per Sec – PPS and monitor the threat and monitor them through the SIEM tool while integrating it to their call ticketing system and possibly with Artificial intelligence and SOC Orchestration.
Conclusion:
I have mentioned the high-level summary of steps that can be taken to secure your network and uphold the CIA – Confidentially, Availability and Integrity of your network. Other things that can be done as a Hygiene factor are to do a secure transaction with updated digital certificates both for IT & OT. The communication, especially via wireless LAN, needs to be secured and any communication which is critical, confidential, to the cloud or outside the network needs to be encrypted including email, messages, and documents. It's very vital that a standard operating procedure is put in place for any software installation or patch updates.
My message for companies that think they haven’t been attacked is: “You’re not looking hard enough”.
