Introducing Secure by Design Frameworks to OT Environments
Cyber threats to critical infrastructure have never been higher. Critical infrastructure facilities, including power plants, transport systems and communication technologies, are increasingly being targeted. Malicious actors are threatening public safety all over the world.
An attack on power grids is just one example of the knock-on impact an attack would have on numerous other vital services, like transport, water supplies, communications and electricity. As the US National Intelligence Director, Daniel Coats clearly explained of the threat we are facing: “The warning lights are blinking red.”
OT environments: the cyber security challenges
Critical infrastructure environments are facing an array of new cyber risks. The convergence of IT/OT and IoT environments that comes with digital transformation and increased connectivity has multiplied the number of entry points hackers can use to compromise these environments and opened up a world of new attack techniques.
The worlds of IT, OT and IoT have truly collided, as a result, critical infrastructures no longer have the security blanket of a fully air-gapped system.
Cyber weapons designed to disrupt the operations of critical infrastructure are constantly evolving and the threat facing critical infrastructure is tangible. The myth of impenetrable CNI systems has been truly challenged by real-world cyber-attacks, such as the Stuxnet Virus, Wannacry and NotPeyta.
New processes, new framework: a secure by design framework
Firefighting may put out the blaze, but it does little to deal with the underlying causes. Historically ICS systems are notorious for being insecure-by-design having often been built without security in mind.
The introduction of IoT technologies, connectivity and IT/OT convergence has done wonders for productivity but has ultimately let the genie out of the bottle so to speak and opened a range of new attack vectors. In order to reap the benefits of connectivity all devices and networks within a critical infrastructure environment need to be secure.
“Secure by Design” infrastructure is a step toward addressing these underlying issues before an attack takes place. It offers a holistic approach to cyber security that incorporates process, technology and people.
This framework considers security threats during the initial design and development phase of operational technology (OT) systems and is embedded within both a company’s processes and within information and operational infrastructure.
To effectively introduce a Secure by Design framework and protect OT environments, organisations should implement network segregation, monitoring, continuous vulnerability assessment and penetration testing from the beginning.
Leveraging inherent, built-in security is significantly cheaper and more efficient than retrofitting security.
It makes risk quantifiable and manageable, reducing the chance that a single weakness will result in a significant security incident.
Furthermore, businesses that implement a secure by design approach can more accurately assess risk and exposure, which could allow greater focus to be placed on bold digitalisation activities that other less mature organisations may perceive as too risky.
Although, there are numerous challenges associated with implementing this framework. Secure by Design touches every aspect of an organisation, from procurement through to end-of-life decommissioning. This is predominantly why large and established organisations find it difficult to truly implement effective Secure by Design principles.
Furthermore, within OT environments there is often insufficient information on critical assets to be able to accurately understand exposure. Despite these challenges, implementing a Secure by Design framework within CNI environments is possible and something we are beginning to see happen.
Implementing a secure by design approach
Implementing a secure by design approach to cyber security is a journey. Organisations need to understand this, particularly considering that a big bang approach could be crippling. A holistic risk-based approach is the best way to build cyber resilience.
This approach identifies risks based on an assessment of existing or potential internal and external vulnerabilities and threats. Furthermore, it combines standards with testing and certification rather than treated them as distinct areas.
The first step is for organisations is to add cyber security into existing processes, building a strategic approach, which will enable employees to drive security improvements and create a positive security culture.
Process owners should engage with security personnel and operational teams in both IT and OT to understand how these frameworks can be put into practice.
International collaboration is also critical for developing a secure by design approach. In a world where cyber threats are increasingly common, establishing specific international standards combined with a worldwide certification programme is highly effective in building cyber resilience.
We are beginning to see groups taking the necessary steps to implement a secure by design framework approach to power grids. The IEC TC 57 has created a working group (WG 15), which has identified requirements for making power grids secure by design.
This includes an end-to-end encryption principle, a definition of roles for all users, identity management and continuous monitoring of the system.
Cyber security should not be added after the fact, nor should it be considered an afterthought. A secure by design approach ensures that cyber security is built-in and part of the architecture and processes of an organisation.
Introducing a complete rethink of how cyber security is executed provides CNI operators and organisations the necessary structure to contain and manage cyber threats.