Industry 4.0 is revolutionizing industrial industries applying digital technologies to drive deep business insight and automation across critical...
Cyber defense solutions for operational technologies and IoT
OT Security Challenges
Understanding the threats to industrial control systems
Industry 4.0 is fundamentally changing the way goods are produced, hailing a fourth industrial revolution using cyber-physical devices, the internet of things (IoT), cloud infrastructure and machine learning technologies to create a hyper-connected world.
The Industrial Internet of things bridges the gap between operational technology (OT) and mainstream information technology (IT) to bring a level of digital innovation and business performance improvement that has never been seen before.
The revolutionary impacts are being felt across industries and operational technology systems such as manufacturing assembly operations, oil production operations, power generation operations, and transportation signalling operations.
However, the convergence of OT and IT systems can create vulnerabilities to cyberattacks, systems sabotage, malware, and data exfiltration that could prove costly if appropriate cybersecurity measures are not taken.
Explore this ebook to learn how to enhance your security posture from IoT-based asset management, robotics, supply chain management, demand-driven offerings and intelligent forecasting.
Early adopters of Industry 4.0 are realizing the benefits from greater business insights and increases in automation across mission-critical operations.
Organizations that seek to embrace Industry 4.0 must consider the OT security management framework has to be progressively improved as their industrial processes begin the adoption of modern digital technologies and hence introduce additional risks to their industrial processes.
If industrial organizations are to embrace Industry 4.0 to improve their competitiveness in the market, it is important for them to adopt good cybersecurity practices within their OT environments, and it is important to align their OT security frameworks to relevant frameworks and standards such as the NIST Cybersecurity Framework, ISA/IEC 62443 and the NERC-CIP standards. Some of the best practices developed over the last two decades by the IT Security industry can also be applied in a manner that is appropriate for the OT environment.
An overview of OT Security white paper: Facing different operating challenges from IT environments
Threats to industrial control systems environment
Industrial control systems (ICS) environments face different operating challenges from IT environments, and are often targeted by different threat actors. ICS environments are primarily concerned with attacks from state-sponsored attackers. Some organizations face attention from hacktivist groups that can see ICS as a high-impact target. However, financial threat actors have little motivation for attacking ICS environments.
Some of the most common categories of security threats to ICS environments are:
Systems sabotage: State-sponsored attackers or hacktivist groups causing damage or operational downtime to achieve a specific outcome (e.g. political or social statement, cyber-warfare, etc).
Malware: System infections spreading from the IT environment which can lead to performance impact or service outage. In many cases this is the unintended consequence of IT-focused malware affecting ICS equipment. For example, malware is sometimes spread to ICS equipment that relies on legacy systems that cannot be easily patched.
Data exfiltration: Sensitive information stolen for commercial espionage purposes. Examples include production volumes and schedules for a plant, factory layout of machines that deliver optimal production, or the usage pattern within the ICS environment. Such attacks will typically be performed by state-sponsored attackers or well-funded corporate competitors.
Differences between OT and IT environments
OT networks face a number of challenges and threats
- Legacy hardware and software
- Insufficient understanding of assets and networks
- No cyber processes and security training
- Long asset life cycles; difficult to update environments
- Lack of clear security ownership between IT/OT leadership
- Insecure configurations
- Increased external connectivity
- Unencrypted traffic between IT/OT
- Insufficient logical & physical access controls
- Limited cyber security controls for third parties
- Insider threats
- Cyber espionage
- Organized crime
Major security attacks and impacts
Nation-state cyber actors targeting Energy and other US critical infrastructure sectors
Attackers use a variety of techniques from phishing to website ‘watering hole’
Attackers compromised corporate networks as an avenue to target and impact OT
Detail with the extent of impacted organizations was not shared publicly
Attackers will keep leveraging IT/OT convergence as a way to pivot and attack OT
Nation states will increase their efforts in OT attacks targeting critical infrastructure
OT incidents will increasingly create major disruptions and global impact
In the near future attacks will potentially cause loss of life
OT Security Concerns
Availability | Integrity | Confidentiality | Safety
- High availability, data integrity and major safety requirements
- Downtime and updates are challenging
- Loss of product, human injury or death can’t be undone
- Time to resolve issues measurable in seconds to minutes
- Time and safety critical operations
- Legacy infrastructures have a long lifespan (20+ years)
- Proprietary protocols
- Autonomous operation; reduced human involvement
- Low cyber security awareness and training
- Threat response: Slow/no patching as often requires downtime
IT Security Concerns
Confidentiality | Integrity | Availability
- Confidentiality and integrity are vital; availability is important
- Downtime can be accommodated
- Lost data can be restored from back-ups or recreated
- Time to resolve issues is measurable in hours to days
- Few time and safety critical operations
- Short lifespan requires continuous upgrades
- Standard communication protocols
- Human interaction driven
- Good knowledge of main cyber security threats
- Threat response: Fast patching and maintenance
10 steps to securing the Internet of Things (IoT) white paper
10 important actions to mitigate risk to IoT systems:
- Ensure stakeholders understand the security risks, are prepared to provide funding to mitigate risk and manage the systems, and that security is designed into all new systems.
- Apply well-established international standards such as ISO 27001 and sectoral guidelines such as those issued by the U.S. Food and Drug Administration and keep watching for new legislation and regulation in this area.
- Identify IoT systems and assets and inventory them.
- Assess the risks to inventoried IoT systems and establish appropriate policies and procedures to mitigate them.
- Manage and control access permissions by identifying IoT devices on the network.
- Secure and regularly update IoT devices to meet changing risk profiles.
- Implement an IoT incident response plan; review and test regularly.
- Detect anomalous behavior by verifying IoT devices are visible to monitoring systems.
- Adopt a "safety first" attitude for rapid and effective response to IoT incidents.
- Use only trustworthy suppliers that support your IoT systems throughout their device life cycle
OT Security Best Practices
A blueprint for securing operational technologies
Using a Cyber Reference Architecture for OT Security
The DXC Cyber Reference Architecture (CRA) is a framework of strategies, tactics and capabilities that provide a common language, a consistent approach and a long-term vision to help organizations align their security strategies with the business and accelerate their digital transformation.
The CRA is a full Enterprise Security Architecture framework, consisting of 12 domains, 63 sub-domains and 345 capabilities (controls).
It helps organizations:
- Understand what objectives matter the most to the business
- Define security requirements to achieve those objectives
- Map out the best approach for deploying targeted security capabilities to support the plan
DXC Cyber Reference Architecture
Within the CRA, DXC defines specific blueprints that identify the domains, best practices, principles and controls for security implementations. They include blueprints for:
- Cyber Defense
- Digital Identity
- Data Protection
- Secured Infrastructure
- Cloud Security
- OT Security
- GDPR Security
Blueprint for OT Security acceleration
CRA blueprints are a set of reference architectures defined against the CRA framework. The blueprints start with a conceptual view, then mapping layers and key functional areas to the applicable domains and subdomains in the CRA framework.
Next, the conceptual view is used in a storyboard to build the work packages required to implement the capabilities or the subdomains mapped to the layers. Each work package is a discrete statement of work but relies on the work packages identified before building the storyboard.
DXC defined the OT Security Blueprint across multiple layers of the CRA framework (see diagram on next page).
- Strategic Layer: Maps security objectives with risk profiles to help direct and inform security investment and decision making. Defines OT specific security policies.
- Cyber Defense and Orchestration Layer: Deliver a integrated SOC environment that incorporates data feeds and operational controls from OT. Actively manage security vulnerabilities.
- Identity Management Layer: Enable identity and access management controls for OT and user access auditability including privileged & remote access
- Security Resilient Architecture: Defines clear security architecture requirements and blueprints for OT. Establish business continuity and disaster recovery capabilities
- Risk and Compliance Layer: Identify and manage OT specific assets. Understand, communicate and actively manage OT risks & their potential impact
- Infrastructure Security Layer: Delivers solutions and policies to actively secure OT networks, infrastructure, detect and prevent from potential threats
DXC Cyber Reference Architecture: 9 steps towards securing your OT environment
The OT Security blueprint provides an enterprise-focused path to cyber resilience and secure digital transformation.
- Identify key OT assets and network architecture
- Determine key OT threats and assess the risk to the enterprise
- Design an OT security strategy based on the assessed risk
- OT security foundations: Build OT security foundation for: tactical deployments, awareness and training, policies and procedures
- Enforce identity and access controls including privileged access accounts
- Implement OT endpoint protection, perform system hardening and segregate the IT / OT networks
- Define and deploy physical security for the OT and Industrial Control systems
- Secure and protect data and applications
- Establish processes for OT cyber defense, incident monitoring and response orchestration
Landmark utility project segregates IT and OT networks
Case study: Utility protects IT and industrial networks from cyber threats
An Australian utility launched a multimillion-dollar security upgrade to protect IT and operational technology (OT) networks from the risk of a cyber attack.
A supervisory control and data acquisition (SCADA) review recommended that this public utility segregate its corporate and industrial networks. The organization turned to DXC to help “protect it against modern-day threats.”
DXC isolated and protected SCADA, plant control system, office automation, network management, surveillance, and guest services traffic across the network. The company also implemented quality and class of service to protect SCADA and closed-circuit television network traffic. Lastly, DXC added best-practice security controls were put in place to protect the network foundation.
This security solution not only addresses current needs, including risk mitigation; it delivers the flexibility required to modify and support the utility's enterprise architecture infrastructure roadmap, both now and in the future.
DXC OT Security Solutions
Enterprise security solutions for the digital world
Secure Digital Transformation
DXC Security - Secure to the core
DXC's consulting services and specialized tools help you gain insight into your enterprise's OT cyber maturity. You receive a comprehensive view of your organization's strengths and weaknesses, which DXC professionals use to help maximize your OT security investment.
DXC elevates cyber security in OT environments using its industry-leading skills and experience, vast partner network and proprietary Cyber Reference Architecture. This proven formula safeguards organizations from cyber attacks.
Defend your enterprise from security breaches by quickly detecting and rapidly responding to threats
- Threat landscape continuously expanding
- Volume of security incidents significantly increasing
- Slow response to threats exponentially increasing enterprise risk
- Lack of skilled security staff to handle the volume
DXC Incident Response and Breach Management
DXC Threat and Vulnerability Management
DXC Security Detection
DXC Cyber Maturity Review
DXC OT and IoT Security
Enable people and machines to securely and accountably access data and services
- Regulators and consumers expect privacy
- Digital transactions need trusted identities
- Weak credentials cause most breaches
- Poor customer journeys due to authentication
DXC Governance and Privacy
DXC Data-centric Encryption
DXC Data Loss Prevention
DXC Risk and Compliance Management
Protect enterprise information from malicious attacks by encrypting sensitive data
- Regulators and consumers are demanding data privacy
- Hackers are looking to hijack enterprise data for ransom
- Protecting critical business data from unauthorized access
Secure applications, infrastructure and endpoints from exploitation
- Applications are most vulnerable to attack
- Exponential growth in the number of endpoint devices connected to the network
- Vulnerabilities exist in devices, servers, network and cloud
- Expanding array of tools needed to secure all layers of the infrastructure
- Applications and Endpoint Security
- Cloud Security
- OT Security
- Infrastructure and Network Security
The world’s leading independent, end-to- end IT services company
DXC Technology helps clients harness the power of innovation to thrive on change. For more than 60 years, we have successfully guided the world’s largest enterprises and government agencies through successful change cycles.
We take pride in our technology independence and our role as a trusted advisor. Our deep experience gives us a clear and confident vision to help clients navigate the future.
As the world’s leading independent, end-to- end IT services company, we are uniquely positioned to lead digital transformations — creating greater value for clients, partners and shareholders, and presenting growth opportunities for our people. We are among the world’s best corporate citizens.
We have 137,000 employees in more than 70 countries, serving some 6,000 clients. We tap into global talent, powerful next-generation IT solutions and extensive partner relationships to help clients transform digitally and seize opportunities.
Our extensive partner network helps us drive collaboration and leverage technology independence. We have established more than 250 industry-leading global Partner Network relationships, including 15 strategic partners.