Many Operations Technology (OT) engineers may be familiar with the “Security through Obscurity” mantra when it comes to their OT network. If a device or network can’t be accessed, it can’t be attacked. Unfortunately, with today’s push towards convergence, this can no longer be relied upon – and not knowing what assets are in the network can pose a big problem in the OT world.
With increasingly uncertain times bringing a host of new challenges, security as an IT focus needs to be front of mind. So, what can OT engineers do to ensure their networks are more secure?
Why asset discovery is vital:
For OT engineers hoping to have an efficient and secure OT network, having visibility of the OT environment is crucial. As many may have experienced, networks which have grown organically over many years, can end up tangled and outdated in certain areas.
OT teams can end up without a clear and consolidated understanding of all the devices in the network. A frequently common instance of this involves engineers coming across old devices while installing new tools.
One example that we heard of recently at Paessler involved a team of engineers on the deployment of an OT cybersecurity tool for a regional water utility. While carrying out the usual network discovery process, the team discovered an item of kit installed in a remote pumping station. The device was a Remote Terminal Unit (RTU), manufactured by DEC. For youngsters reading this, DEC was acquired by Compaq in 1998, which in turn was acquired by HP in 2002. So, this RTU had been sitting in a dark corner of the network, quietly relaying data for over 20 years. The device was no longer supported, spare parts were almost certainly unobtainable and “firmware security update” wasn’t even a concept when it was installed.
This sort of discovery is undoubtedly a common occurrence. A lack of visibility like this can lead to a host of problems including, but not limited to, inefficient use of energy on outdated devices and increased security risks from weak and vulnerable blind spots. Asset discovery is therefore a vital part of the OT management process.
How to make your OT Administrator’s life easier:
Certain management tools are now able to discover, map and manage vendor-specific devices and integrate the results in a way that can offer a broader view of the OT and the IT components in a production environment.
The right monitoring software can also make an OT engineer’s life much easier – but it’s vital to ensure that software is vendor-agnostic. The software currently available is designed as a complete management solution specifically for OT networks. It can discover and manage thousands of devices across multiple connected networks and display topology maps, VLAN visualizations and even virtual device panels that show which ports are in use.
These types of tools can also be configured to automatically discover the network on a scheduled basis and update itself with any newly discovered devices. As well as keeping network documentation up to date, this also allows administrators to be notified whenever a new device is connected to the network, providing a heads-up for the addition of any potentially unauthorised and / or malicious devices coming online.
As well as monitoring device health and performance, this software can also import and export device configuration details and push firmware updates to devices. This not only makes life considerably easier for the hard-pressed OT administrator, but also ensures devices are always secure by being fully up to date.
The right tools for security:
The right monitoring software can also make an OT engineer’s life much easier – but it’s vital to ensure that software is vendor-agnostic. So, with the right solution in place, OT administrators can easily retrieve health, performance, and status information. But if a deeper dive is needed, a custom script sensor can be used to interrogate the endpoint of interest and parse the return into sensor channels.
A useful example of this would be a Python Script Advanced Sensor that tracks the number of devices detected on the network and alerts the IT admin should the value change. This could be something innocent like an automation engineer connecting a laptop to the network, to do some configuration work – or it could be a malicious attempt to set up an unauthorised device such as a wireless access point.
The network components of an OT environment are just as important as the PLCs and plant they connect. So, the key takeaway here is this – if nothing can communicate, nothing will work, and this is the reason why you need a powerful tool to deploy, configure, and manage those important components.