Articles by Paul Rogers
Many operators don’t know what’s actually transpiring on their OT networkand,even if hacked, have no knowledge of the assault Innovation in the oil and gas, utility, healthcare and transportation industries is heavily reliant on connectivity - between devices and systems, machines and data, people and processes. This connectivity is great for productivity upstream, mid-stream and downstream, but is also exposes these systems to greater cyber threat. Furthermore, as operational technology (OT) leverages the benefits of the network, the threat of a successful cyber attack greatly increases with the expanded attack surface. System operators and security directors face challenges in responding to the growing number of security threats they face in today’s connected environment. Whether from outside threats, like hackers or state sponsored actors, or inside threats, like human error, in an environment where companies are operating drills, electric grids, MRI's or locomotives, unplanned downtime is simply not acceptable. In many cases, management will respond, "Yes, we know. That's why we focus so much effort on IT cyber security. Isn’t cyber security for OT environments just like security for IT systems, but with different protocols?" The answer is, "No." IT security lives in the context of an IT stack with tools from many vendors – network, servers, storage, apps and data. It’s in a periodically updated ecosystem where most hosts are talking to lots of other hosts and where there are frequent patch cycles - in weeks or sometimes days - in response to expected and known cyber threats. IT security basically protects data (information), not machines. Why IT security does not work in OT environments In OT, high-value, well-defined industrial processes - which execute across a mix of proprietary devices from many different manufacturers - need protection, not data. Many of the devices and software used in operational environments are 10 to 30 years old. They were not designed to be connected, have not been patched very often and were not devised to withstand modern attacks. Surprisingly, many operators don’t know what’s actually transpiring on their OT network and, even if hacked, have no knowledge of the assault. Executives are looking for other options other than relying on IT cyber security systems to protect OT processes. First of all, OT utilises communication protocols and network architectures not often shared with IT systems and requires different security tools that are capable to operate on those protocols and architectures. The Wurldtech OpShield is being used by companies the world over to protectindustry operations The cornerstone of IT enterprise security is the use of software patching to eliminate underlying implementation vulnerabilities. Patch management is a particularly painful operation in an OT system; many organisations don’t have the infrastructure for qualifying patches to ensure they do not impact any of the software running on their system and, so, have to depend on their vendors to test and ensure new patches will not impact control of their processes. Secondly, many of the security controls that are effective in IT are not effective in OT; they have to be adapted to the technical requirements of OT systems. Lastly, to apply the patch to an OT system usually means the operation must be shut down. Closing down one's business periodically to add yet another patch is not a remedy that works when minutes of downtime can cost immense amounts of money. To eliminate turning off the operation when patching, patches must be delivered to a security solution that resides directly in front of the control unit. Specifically, OT needs a solution that addresses five areas: 1. ICS/SCADA (Industrial Control System/Supervisory Control and Data Acquisition) equipment is difficult to patch 2. OT protocols can easily be misused to disrupt critical systems. 3.Factory networks are very hard to rewire for proper segmentation. 4. Limited visibility into attacks on the industrial network. 5. IT security staff lacks experience with industrial equipment. OT security applications need to protect these ICS and SCADA operations. It must defend unpatched systems with strong perimeter and field defence, plus inspect and control industrial protocol traffic. To do so, the security must offer the protection of three security applications: (i) firewall with stateful inspection for layers 2 through 4; (ii) an Intrusion Protection System/Intrusion Detection System (IPS/IDS); and (iii) an Application Visibility and Control (AVC) system. The combination of these security applications will monitor and block malicious activity and attacks - enabling highly available industrial operations for maximum uptime and secure productivity. To simplify security administration, an easy to use graphical user interface (GUI) must empower operators to efficiently manage security policy and protection profiles and include breakthrough drag and drop virtual zoning for segmentation without network disruption. The solution also needs to offer full security visibility of the industrial network and integration with Security Information and Event Management (SIEM) tools. Hackers typically start with elements which give them access to specificcomputers, and often target security equipment such as cameras Implementing security and quality testing services Once management has added such an OT solution, the job is not over. To get into OT systems, hackers leverage many different physical assets, including those within the enterprise security system, to gain access into entire system. They typically start with elements which give them access to specific computers. Interestingly, security people don’t seem to secure their own security equipment. For instance, IP wireless cameras are favourite target of hackers. Card readers in the access control system are also easy to hack. In this manner, hackers can then go after control systems directly. Because of this, it makes sense to employ a security and quality testing service to simulate attackers challenging your own system, allowing you to "know yourself" by making sure that you are controlling who is talking to whom. Also, be sure to ask the manufacturers of your mission critical devices if they have been tested to repel cyber attacks. Have they had their products monitored to both network and operational parameters, allowing vulnerabilities to be discovered and faults to be reproduced, isolated, identified and resolved before they introduced this or these products to the market? Are they certified to be secure? Lastly, management needs to assure that the security experts they hire are highly certified and trained to carefully assess, design and implement OT security in their industry environments. If the goal is to help secure operational assets, reduce compliance penalties and enforce supplier security, they need such expertise. Needed - specific protections that ensure operational technology security Cyber attacks on oil and gas, utility, healthcare and transportation infrastructures can result in significant downtime and productivity loss. As a result, more and more operations are now implementing an OT network security solution that combines the protection of a firewall, IPS and application visibility and control (AVC) to monitor and block malicious activity and attacks to ensure highly available operations for maximum uptime and secure productivity. They are devoting as much interest now to their OT and they have historically given to IT. For more information on OT cyber security, attendees at the ISC West exposition can visit the Wurldtech booth 105 in the Connected Security Pavilion.
Connected Security Expo selected this year's keynotes based on their expertise in the convergence of physical and cyber security trends Connected Security Expo @ ISC West, sponsored by the Security Industry Association (SIA), announced recently esteemed IT visionaries as its keynote speakers. Leading IT security practitioner Herb Kelsey, who developed the first secure cloud-computing environment for the Air Force Cyber Command, Wurldtech CEO and President Paul Rogers and Intel Security Cyber Security Strategist Matthew Rosenquist will lead respective discussions focusing on building a holistic security strategy for the connected enterprise, and how to mitigate cyber threats in a hyper-connected world. The organisers of the Connected Security Expo selected this year's keynotes based on their transformative insights on the convergence of physical and cyber security trends. Attendees will have the opportunity to learn from these market leaders, who have disrupted their industries while driving new avenues of success. Reducing the time to detect tamper: Physical security’s mission against cyber threats Speaking about the connected world, where today’s technology offers users accessibility and connectivity to all kinds of devices, Herb Kelsey, Chief Architect, Guardtime, and Paul Rogers, President and CEO, Wurldtech Security Technologies, and General Manager of GE Industrial Cyber Security, will address the vulnerabilities derived from the Internet of Things, as well as the need of enterprise IT teams to converge to understand when their environments have been tampered with to quickly restore breaches. The speakers will also discuss how to align operational technology (OT) and IT security priorities and come together to update and modernise security to protect legacy infrastructure systems. Over the past 20 years, Kelsey has provided IT leadership for enterprise architectures in commercial and government markets. He has served as a trusted advisor to the Executive and Legislative branches of the U.S. government on security matters, developed a secure cloud-computing environment for the Air Force Cyber Command and helped shape the security approach for IBM’s Smarter Planet Initiative. In his role at Wurldtech, a GE company, Rogers has spearheaded the development of cyber security initiatives to protect critical infrastructure and the industrial Internet. During his career, he has held several global leadership positions within GE, including Chief Development Officer at GE Digital and General Manager of the Software Solutions Group at GE Power. Today’s security leaders are finding themselves at a crossroads between ensuring the safety and security of physical assets and keeping critical data safe from outside threats The future of cyber security Matthew Rosenquist, Cyber Security Strategist, Intel Security, will discuss the challenges associated with cyber security, a difficult and serious endeavour that forces IT leaders to strive to find balance in managing the security of computing capabilities that connects and enriches lives. Rosenquist will outline the future of cyber security and provide valuable insights around the challenges and opportunities it presents in 2016 — and review ways to better address IT vulnerabilities. Rosenquist has nearly 25 years of experience in the field of security, the majority of which has been spent building and managing Intel’s first 24/7 Security Operations Centre, overseeing several internal security products and services, deploying the company’s enterprise-wide intrusion detection program, and serving as Intel’s first Incident Commander for worldwide IT emergency responses. “Today’s security leaders are finding themselves at a crossroads between ensuring the safety and security of physical assets and keeping critical data safe from outside threats, and the launch of Connected Security Expo @ ISC West is a testament to the fact that this discussion is at the forefront in the marketplace,” said Ed Several, Senior Vice President and General Manager, Reed Exhibitions. “Our keynote speakers come from vast backgrounds that encompass both public and private sectors, offering a wealth of information on the convergence between the physical and cyber security challenges we face and will continue to face as threats grow.” The inaugural Connected Security Expo, being held April 6-8, 2016, at the Sands Expo Center in Las Vegas, focuses on the latest trends facing IT and cyber security practitioners. Connected Security Expo, which is co-located with ISC West, the largest physical security event in the Americas, is geared toward helping security leaders keep pace with the challenges of bridging the gap between physical and logical security, while helping secure critical data, people and assets across the connected world.