The recent ransomware attacks on critical infrastructure services, such as water and energy, show the clear consequences of the convergence of information technology (IT) and operations technology (OT) systems. Although the attacks targeted IT infrastructure, the largest oil utility in the U.S. decided to shut down its OT systems, cutting off fuel distribution to the U.S. East Coast. This shutdown resulted in shortages of gasoline and diesel and long queues at the pumps, and 17 states declared a state of emergency. It could not have demonstrated more clearly how interwoven the IT environment is with the control of production plants today. By isolating both worlds, a Zero Trust approach provides the required security for these environments while still ensuring secure connectivity.
Traditionally, companies sought to control their production plants and machines separately from IT infrastructures, but now there are increasing calls for integration. This is due to several factors: firstly digitization; the duality of two separate systems can only be maintained to a limited extent in the age of the cloud, secondly, nationwide 5G networks that provide the necessary throughput performance and speed, and lastly, a drive toward sustainable design of production and sales channels.
However, a convergence also creates new potential danger, as the ransomware attack on the pipeline operator demonstrated. By shutting down the IT systems, important functions in the entire operating process were lost, a clear indication of the close working of separate systems. Regardless of whether the two worlds of IT and OT are kept in the same network or not, they influence each other.
For security reasons, the convergence of the two system worlds should not primarily be about ending the isolation of two separate environments. Rather, the focus should be on the secure connection to each other, based on the same security control mechanisms for the data streams.
Any system connected to the internet today represents a potential attack vector for malware actors. The OT environment can learn a lot from the modern cloud-based control mechanisms of IT security. With the principle of least privilege access rights, zero trust also provides an adequate security concept for OT.
The reduction of the attack surface
Every OT environment requires connectivity. This enables administrative access to plants and access to data from production environments for analysis and processing by IT systems. The connection of most OT systems to IT works via a gateway. This gateway functionality is provided, for example, by a firewall that translates between the two network worlds. However, any gateway exposed to the internet can be a potential attack surface through which the systems can be infiltrated with malware, and once an attacker succeeds in gaining access to an IT system, lateral movement within the entire infrastructure can also potentially endanger the OT environment.
The latest study by cloud security specialist Zscaler showed that the attack surface of companies is significant. From more than 1,500 data records, they identified a plethora of potential attacker gateways that many companies were unaware of. The report also uncovered more than 202,000 vulnerabilities and threats (CVEs), 49 percent of which were rated “critical” or “high.” Among the companies surveyed, there were 400,000 servers that were openly discoverable over the internet, with 47 percent of the protocols used not up to date and therefore potentially vulnerable.
Hardware devices that regulate data traffic are necessary for administrators of the two environments to either participate in the data exchange via the physical network or gain access to the ecosystem via remote access. Traditionally, complex constructs in networks have connected production facilities, as different factories and locations worldwide have been connected with VPN mechanisms. Complexity is therefore inevitable, but now companies are trying to turn their backs on legacy infrastructures as part of strategic digitization initiatives. In the search for a way out of the complexity dilemma–that can also be associated with protection gaps due to hardware components used–companies are seeking new methods of secure connectivity.
Zero Trust security for OT environments
The more IT and OT systems open to mutual data exchange, the more potential risks can be introduced. For this reason, convergence must be less about merging networks, and more about regulating connectivity and security when data streams are exchanged between worlds. To control individual access authorization’s, the principle of least privilege is suitable. Zero trust solutions take this principle as a model and only allow policy-based access for authorized users. Access rights to OT environments are limited to what is necessary for everyone, within the framework of specific use cases. Based on the starting point that nothing and nobody should be able to connect, will result in step-by-step access, once authorized. Each access request must be validated, so that the result is an isolated access. Zero Trust solutions take this principle as foundation and allow only policy-based access for authorized users. Only the access rights limited to what is necessary are granted at the level of the individual application to the OT environments, which are allowed within the framework of specific use cases.
With a Zero Trust security model, granular access authorizations at the application level can be guaranteed not only in IT infrastructures, but also in OT environments. From a security point of view, the decisive factor here is that the opening of the entire network to the required access authorizations can be restricted. Logical microsegmentation through tunneled traffic from the administrator or user to the application replaces in a certain way the opening of the network. Thus, with the help of a Zero Trust model, the attack surface of a company on the internet can be minimized.
For higher security: connectivity based on Zero Trust
The concept of ensuring access rights at the application level through zero trust in a cloud environment not only overcomes the proliferation of complexity, but also helps to reduce attack surfaces. To review such an approach, Siemens conducted its own tests in typical production environments to take the specific requirements of discrete manufacturing and the process industry into account. On the one hand, these present a simple and secure access solution for machine maintenance, in which an employee can be granted defined access rights for a specific production environment. On the other, there is the possibility of segmentation within the entire ecosystem and the secure connection of different machines within the test environment can be established.
To this end, Siemens combines its Scalance Local Processing Engine (LPE) for industrial communication with a Zero Trust solution which provides policy-based access permissions remotely or to the corporate network. The combination of this Zero Trust approach and the local processing platform “Scalance LPE” of Siemens with a powerful CPU offers an approach to connect the IT and OT worlds. The Scalance LPE can be placed directly in the production environment and collect data close to the process. A wide variety of applications at the edge and in the cloud can be operated on the open Linux operating system. In combination with Zero Trust, the Scalance LPE creates a complementary access solution suitable for industrial environments.
Image Credit: MPJ Plumbing Group
Nathan Howe has over 20 years of experience in IT security.
He brings his knowledge as an IT architect, pen tester and security consultant to companies to help them meet the challenges of digital change.
Since 2016 he is working for the cloud security specialist Zscaler.