Protecting OT networks with visibility, segmentation, and zero-trust.
Zero-trust in ICS environments.
During a panel discussion at SecurityWeek’s ICS Cyber Security Conference yesterday, Del Rodillas, ISTARI’s Client Partner for Industrials in the Americas, and Jack Oden, Program Director, ICS Cybersecurity SME at Parsons, outlined the importance of applying a zero-trust strategy in ICS environments.
The importance of visibility and segmentation.
“When I think about the things you need to do to get started in operation technology environments, the steps that you would apply in IT are also applicable, but just in a different context,” Rodillas said. “The first step is trying to understand what are your assets that are in your environment? What are your crown jewels? … So getting that visibility, getting that understanding of risk, is the first step. And then the next step is really using the capabilities that you have to profile the traffic between the different assets to and from the different crown jewels. And that’ll really help you in terms of understanding how you might need to segment your network. And once you kind of have that segmentation…that’s when you start applying the granular policy."
Zero trust inside the perimeter.
Oden explained that zero-trust can help prevent attackers from moving around within both IT and OT networks.
“The bottom line to me…is to literally trust no one or nothing, and always verify,” Oden said. “If you keep that in mind, I think that’s the most fundamental thing you can apply here.”
Oden continued, “We’ve been talking for decades about perimeter security, and once you’ve verified the identity of the person—hopefully with good password security and maybe multifactor authentication—once they’re in, for the most part, my customers were just letting those people have their way. But if you think more about it, inside your network, you’ve got a lot going on—again, to the crown jewels concept. And where are people coming from into your network? They’re usually coming through the corporate network and then coming down to OT. And so up there, there’s a lot of stuff going on. But no matter what the operation is, that OT operation is critical to you, whether it’s the HVAC operation that keeps your computer center running, or if you are a power plant providing power to the local community.”