Download PDF version Contact company
The cornerstone of IT enterprise security is the use of software patching to eliminate underlying implementation vulnerabilities
Many operators don’t know what’s actually transpiring on their OT network
and,even if hacked, have no knowledge of the assault

Innovation in the oil and gas, utility, healthcare and transportation industries is heavily reliant on connectivity - between devices and systems, machines and data, people and processes. This connectivity is great for productivity upstream, mid-stream and downstream, but is also exposes these systems to greater cyber threat. Furthermore, as operational technology (OT) leverages the benefits of the network, the threat of a successful cyber attack greatly increases with the expanded attack surface. System operators and security directors face challenges in responding to the growing number of security threats they face in today’s connected environment.

Whether from outside threats, like hackers or state sponsored actors, or inside threats, like human error, in an environment where companies are operating drills, electric grids, MRI's or locomotives, unplanned downtime is simply not acceptable. In many cases, management will respond, "Yes, we know. That's why we focus so much effort on IT cyber security. Isn’t cyber security for OT environments just like security for IT systems, but with different protocols?"

The answer is, "No." IT security lives in the context of an IT stack with tools from many vendors – network, servers, storage, apps and data. It’s in a periodically updated ecosystem where most hosts are talking to lots of other hosts and where there are frequent patch cycles - in weeks or sometimes days - in response to expected and known cyber threats. IT security basically protects data (information), not machines.

Why IT security does not work in OT environments

In OT, high-value, well-defined industrial processes - which execute across a mix of proprietary devices from many different manufacturers - need protection, not data. Many of the devices and software used in operational environments are 10 to 30 years old. They were not designed to be connected, have not been patched very often and were not devised to withstand modern attacks. Surprisingly, many operators don’t know what’s actually transpiring on their OT network and, even if hacked, have no knowledge of the assault.

Executives are looking for other options other than relying on IT cyber security systems to protect OT processes. First of all, OT utilises communication protocols and network architectures not often shared with IT systems and requires different security tools that are capable to operate on those protocols and architectures.

 

Executives are looking for other options other than relying on IT cyber security systems to protect OT processes
The Wurldtech OpShield is being used by companies the world over to protect
industry operations

The cornerstone of IT enterprise security is the use of software patching to eliminate underlying implementation vulnerabilities. Patch management is a particularly painful operation in an OT system; many organisations don’t have the infrastructure for qualifying patches to ensure they do not impact any of the software running on their system and, so, have to depend on their vendors to test and ensure new patches will not impact control of their processes.

Secondly, many of the security controls that are effective in IT are not effective in OT; they have to be adapted to the technical requirements of OT systems. Lastly, to apply the patch to an OT system usually means the operation must be shut down. Closing down one's business periodically to add yet another patch is not a remedy that works when minutes of downtime can cost immense amounts of money. To eliminate turning off the operation when patching, patches must be delivered to a security solution that resides directly in front of the control unit.

Specifically, OT needs a solution that addresses five areas:

1. ICS/SCADA (Industrial Control System/Supervisory Control and Data Acquisition) equipment is difficult to patch

2. OT protocols can easily be misused to disrupt critical systems.

3.Factory networks are very hard to rewire for proper segmentation.

4. Limited visibility into attacks on the industrial network.

5. IT security staff lacks experience with industrial equipment.

OT security applications need to protect these ICS and SCADA operations. It must defend unpatched systems with strong perimeter and field defence, plus inspect and control industrial protocol traffic. To do so, the security must offer the protection of three security applications: (i) firewall with stateful inspection for layers 2 through 4; (ii) an Intrusion Protection System/Intrusion Detection System (IPS/IDS); and (iii) an Application Visibility and Control (AVC) system. The combination of these security applications will monitor and block malicious activity and attacks - enabling highly available industrial operations for maximum uptime and secure productivity.

To simplify security administration, an easy to use graphical user interface (GUI) must empower operators to efficiently manage security policy and protection profiles and include breakthrough drag and drop virtual zoning for segmentation without network disruption. The solution also needs to offer full security visibility of the industrial network and integration with Security Information and Event Management (SIEM) tools.

 

Management needs to assure that the security experts they hire are highly certified and trained to carefully assess, design and implement OT security in their industry environments
Hackers typically start with elements which give them access to specific
computers, and often target security equipment such as cameras

Implementing security and quality testing services

Once management has added such an OT solution, the job is not over. To get into OT systems, hackers leverage many different physical assets, including those within the enterprise security system, to gain access into entire system. They typically start with elements which give them access to specific computers. Interestingly, security people don’t seem to secure their own security equipment. For instance, IP wireless cameras are favourite target of hackers. Card readers in the access control system are also easy to hack.

In this manner, hackers can then go after control systems directly. Because of this, it makes sense to employ a security and quality testing service to simulate attackers challenging your own system, allowing you to "know yourself" by making sure that you are controlling who is talking to whom. Also, be sure to ask the manufacturers of your mission critical devices if they have been tested to repel cyber attacks. Have they had their products monitored to both network and operational parameters, allowing vulnerabilities to be discovered and faults to be reproduced, isolated, identified and resolved before they introduced this or these products to the market? Are they certified to be secure?

Lastly, management needs to assure that the security experts they hire are highly certified and trained to carefully assess, design and implement OT security in their industry environments. If the goal is to help secure operational assets, reduce compliance penalties and enforce supplier security, they need such expertise.

Needed - specific protections that ensure operational technology security

Cyber attacks on oil and gas, utility, healthcare and transportation infrastructures can result in significant downtime and productivity loss. As a result, more and more operations are now implementing an OT network security solution that combines the protection of a firewall, IPS and application visibility and control (AVC) to monitor and block malicious activity and attacks to ensure highly available operations for maximum uptime and secure productivity. They are devoting as much interest now to their OT and they have historically given to IT.

For more information on OT cyber security, attendees at the ISC West exposition can visit the Wurldtech booth 105 in the Connected Security Pavilion.

Share with LinkedIn Share with Twitter Share with Facebook Share with What's App Share with Facebook
Download PDF version Download PDF version

Author profile

In case you missed it

Which security markets are embracing touchless and contactless systems?
Which security markets are embracing touchless and contactless systems?

The idea of touchless systems has gained new levels of prominence during the last year, driven by the global COVID-19 pandemic. Contactless systems have been part of the industry’s toolbox for decades, while technologies like facial and iris recognition are finding new uses every day. We asked this week’s Expert Panel Roundtable: Which security markets are embracing touchless, contactless systems and why? 

How body worn cameras and AI can curb the issue of abusive behaviour
How body worn cameras and AI can curb the issue of abusive behaviour

Amongst the many negative consequences of the pandemic is a rise in violent and abusive behaviour across society. Health workers have experienced it on a regular basis. So too have police officers and public transport workers. Unfortunately, violence and abuse towards shop workers is also endemic in British society. To address this problem which, in truth, has been on the rise since long before the emergence of COVID-19, we need better deterrents. The ability to prosecute these offences is one such deterrent, but just as important is the ability to deescalate situations before they spill over into unacceptable or unlawful behaviour. Major retail customers In both instances, organisations of all sizes are now recognising that the answer could involve greater use of rapidly advancing body worn camera technology. Andy Marsh, the Chief Constable of Avon and Somerset Police, is one of the police officers responsible for introducing body worn cameras to the UK police force, where they are now in widespread use. Andy Marsh is one of the police officers responsible for introducing body worn cameras to the UK police force He explains that “The reason the majority of people don’t speed or drink-drive is that rational human beings weigh up the risk and consequences of breaking the law and getting caught. Body worn cameras help provide appropriate ‘desistance’, especially where there are forward-facing screens so the person interacting with the wearer can see themselves and their behaviour.” Evidence shows that if a forward-facing camera is switched on before the intervention becomes hostile, it will generally lead to a de-escalation – as often as 90% of the time, according to one of our major retail customers. Digital evidence investigations Only a tiny handful of abusive incidents ever translate into arrests and prosecutions. A key issue is a lack of clear evidence – how to get past the usual impasse of one person’s word against the other. Body worn cameras break the deadlock and allow organisations to report incidents to the police with confidence, knowing that they will lead to action. Marsh suggests that “We usually see an earlier admission, an earlier guilty plea and a more appropriate sentence, where body worn camera footage is in play.” The technology has come on in leaps and bounds in recent years. For example, it’s now possible to record high-definition footage on a lightweight device that’s barely the size of a palm. And it’s not just about the evidence organisations gather themselves. Many police forces are looking at ways to make it easier for businesses and the public to collaborate on digital evidence investigations. Body worn cameras This is good for the victims of crime because it means we get the evidence more quickly" “We’ve created an online crime portal in Avon and Somerset which people can use to pass digital evidence and material to us without an officer having to attend their premises. This is good for the victims of crime because it means we get the evidence more quickly and can take action more swiftly to resolve that issue,” adds Marsh. Our body worn cameras can now even support facial recognition thanks to new, smart AI on the devices themselves, which can scan and process faces within a three-metre distance against a pre-defined database of people (which we call a watchlist). Any matches trigger alerts or additional camera activity such as recording and streaming, while the facial recognition data of people not on the watchlist itself is not recorded or saved to assuage privacy concerns. Similar criminal behaviour Where could this technology come in handy? Well, staff at gambling venues or in-store retail workers could undoubtedly benefit from the ability to quickly spot known fraudsters or addicts who have requested that venues refuse their custom. Stewards at mass sporting events could play a key role in helping to identify people who have been banned from attending. The primary reason for using body worn cameras is to increase the safety of frontline workers The primary reason for using body worn cameras is to increase the safety of frontline workers, deescalating confrontations and limiting the use of force. AI-powered facial recognition can also serve this purpose by helping them make better-informed choices about how to handle specific situations. For example, it is a massive advantage to police officers on the beat to understand that the person they are dealing with may have a history of similar criminal behaviour. Facial recognition technology But it’s also an advantage within retail, where aggressive incidents are on the rise and staff need all the help they can get to determine what an appropriate response should be to a particular customer incident. In fact, extensive consultation with our retail, police, transport and gambling customers indicates that introducing facial recognition technology to body worn cameras could be instrumental, not just in helping to prevent crime, but in tracking down vulnerable and missing people too. Of course, facial recognition technology has to be balanced against the need to protect the privacy of ordinary citizens. Video recording using body worn cameras has to be done proportionately – the same is true for the use of facial recognition technology. The technology also has to be compliant with GDPR, Data Protection, the Information Commissioners recommendations and so on. Positive working environment Violent and abusive incidents affect everyone in the immediate vicinity and create a culture of fear Importantly, it should be for a specific, proportionate and justifiable reason which, of course, means it should never be used for indiscriminate mass surveillance. Every organisation using this technology must remember that a facial recognition system match is not proof of someone’s identity, but rather, an indication of likelihood to help inform the user rather than dictate the course of action. Violent and abusive incidents affect everyone in the immediate vicinity and create a culture of fear and apprehension. This is why it’s so important to get on top of the problem – both on a societal and at an organisational level. Body worn cameras have a vital role to play, as an evidence-gathering tool and as a deterrent that empowers the wearer and creates a more positive working environment. Deterring unlawful behaviour One of the critical roles these cameras play is in staff training, providing real-world video evidence that can be used to educate and upskill workers across a variety of industries. Society’s problem with abusive and violent behaviour cannot be solved by technology alone. But with exceptional quality camera footage now a reality, and the possibility of AI technology at the device level in real-time, body worn cameras will only get better at deterring unlawful behaviour and helping to protect hardworking frontline staff. Alasdair Field is CEO of video technology provider Reveal, which works with UK police forces and major brands such as Matalan, JD Sports and Boots to help them improve staff safety, deescalate confrontations and reduce violent and abusive incidents.

ASSA ABLOY Opening Solutions embraces BIM to smooth specification and installation of door security solutions
ASSA ABLOY Opening Solutions embraces BIM to smooth specification and installation of door security solutions

BIM (building information modeling) provides a process for creating and managing information during the building lifecycle and beyond. BIM is often equated with 3D modeling of construction projects, but the visual component is just part of the value of BIM. Additional data, such as specifications and other documentation, is also part of the process, underlying the visual aspects, helping to drive decision making and providing immediate access to detailed information about all facets of the building process. Incorporating BIM systems For the last six years, ASSA ABLOY Opening Solutions has worked with specification writers and architects in Europe, the Middle East, and Africa (EMEA) to make it easy to incorporate ASSA ABLOY Opening Solutions doors, hardware, and security solutions into BIM systems. Everyone on a project can work together in the interactive and information-rich BIM environment. BIM tools are also used by contractors, distributors, facility owners, and security consultants. BIM software BIM information relating to doors, hardware, and security solutions is available in the cloud  BIM information relating to doors, hardware, and security solutions is available in the cloud with the company’s Openings Studio BIM software. This improves the process of door scheduling and visualisation and enables customers to focus on the design, installation, and management of openings. “If you have up-to-date information inside the BIM model, you can reduce mistakes and misunderstanding in the building industry,” says Marc Ameryckx, ASSA ABLOY Opening Solutions’ BIM Manager for the EMEIA region. “It helps to eliminate mistakes before they happen or as early as possible in the building process. The earlier, the less it costs. We provide data as soon as possible in the process.” (ASSA ABLOY Opening Solutions also has comparable systems available in other regions of the global company.) Centralised data in BIM 3D model Expanding the data available in BIM provides additional value compared to merely providing “BIM objects” that can be incorporated into a BIM 3D model. The combination of BIM modeling and the underlying specifications boosts the quality of the project and its key to success, says Marc Ameryckx. Even after the building is complete, the BIM model is still valuable, providing a repository of “as-built” information that can be used by building managers and security professionals tasked with operating and maintaining the building. For example, if a lock needs to be replaced, retrofitting is simpler because all the information about the lock and existing installation is available in a centralised data file. Revit and ArchiCAD A widely used BIM software is Revit from Autodesk, a program that brings architecture, engineering, and construction disciplines into a unified modeling environment to drive more efficient and cost-effective projects. Another BIM software program is ArchiCAD, developed by the Hungarian company Graphisoft. Openings Studio™ added a plugin for ArchiCAD this year, in addition to Revit. Tailor-made information security solutions We provide tailor-made information security solutions with various hardware on projects with more doors" “We can provide tailor-made information security solutions with various hardware on projects with more doors, adding more flexibility,” says Marc Ameryckx. “Customers do not need to be the experts on the products because we provide expertise as part of our specifications.” For example, how often do building mistakes occur because of a misunderstanding about the electrical needs of a lock and the wrong cabling is installed? The problem is especially expensive if it is discovered only after the walls are complete. Providing complete data about the electrical lock as part of a BIM system avoids the snafu. Another example is the specification of a deadbolt lock on a door that operates with an electric strike. The deadbolt undermines the intended operation of the electric strike and can interfere with escape routes in case of an emergency. The mistake becomes obvious in the BIM environment and can be rectified before consequences impact the real world. Data addition to Opening Suites site ASSA ABLOY Opening Solutions is continuously expanding the data it provides at the Opening Suites site, covering additional functionality and more components including the door, cabling, and electrical connections. Hardware sets are linked to specific doors in the BIM models, including all the details of various components, including article numbers, technical sheets, electrical requirements, all depending on customer expectations. Physical equipment includes QR codes that can be scanned by a smartphone to provide information on the door (A mobile app is in development). More details and more data Experienced BIM consultants work with the Openings Studio software on projects ranging from single doors to large buildings with many doors. Data will be more and more important, and there will be more data inside BIM models Adding more data and detail to the BIM process at the level of each door expands the usefulness of BIM, which has historically been focused on broader issues such as structural work and HVAC. “Openings Studio™ provides all the data to integrate doors and security in the BIM process,” says Marc Ameryckx. The higher level of detail may be a new aspect even for customers who already use BIM software. “Data will be more and more important, and there will be more data inside BIM models,” says Marc Ameryckx. In the future, the use of “digital twins” could expand the capabilities even further; for example, the software could simulate escape routes in case of fire. More data makes more things possible.