Ahead of Infosecurity Europe, ForeScout isn’t alone in turning its attention to operational technology (OT): cybercriminals are also targeting physical infrastructure as a way to get on the enterprise network. The current lack of visibility into OT devices remains a critical issue for both public and private organisations. OT systems are increasingly going online, connecting to the internet and converging with IT networks. Forescout’s Elisa Costante, Senior Director of Industrial & OT Technology Innovation, explains to CBR TV why converging networks create a severe security issue.
“[In the past] there was a gap between the IT networks and the OT networks. Now everything is becoming smarter, we need more data [and the two have converged] so this gap no longer exists,” Elisa explains. OT networks are no longer separated as enterprises expect more information and visibility into production sites, ultimately better-aligning operations to business goals. “Nobody thought it would happen,” Costante says “the assumption was ‘this is never going online.’”
Additionally, OT assets are highly vulnerable and expose an enterprise to threats moving between cyber and physical dimensions. “OT is not as fast-moving as IT” Elisa states: “The technology we see in OT is legacy technology; it’s old technology.”
She gives the example of devices such as programmable logic controllers (PLC) that have been designed and built without security features needed to protect infrastructure in today’s age. Encryption or authentication is missing meaning “a mistake or misconfiguration can be quite a lot of trouble” when such a system is put online.
So, what can organisations do to minimise risk and secure their physical infrastructure? As Costante puts it, “Device visibility is the first thing you should be doing – to know what you have.” This allows a customer to answer critical questions, such as how many devices are on the network, what is the device posture and how are devices communicating with one another.
ForeScout has been taking a proactive approach to this issue by working closely with clients to build a real-time asset inventory of IP-based devices. The company conducts non-disruptive asset discovery and classification by integrating with an existing network, monitoring and inventory sources.
This means customers can build a comprehensive asset repository to ensure access to accurate device information, with the asset inventory integrating with most configuration management database (CMDB) platforms and builds a strong security foundation to resolve:
- Identification and classification of what is on the network
- Who can access the network and under what context
- How to stay within compliance for regulatory and security frameworks
- How to orchestrate a security response in the event of an incident
- How to improve security without compromising operational uptime
“With this visibility … you can understand if you have vulnerabilities or misconfiguration and then you can act” Elisa concludes.
Addressing emerging threats and sharing actionable insight to build resilience, which she will be emphasising at Infosecurity Europe, is crucial.