The current year has been challenging on the cybersecurity front. Will 2022 provide any relief for businesses? This appears unlikely to be the case according to Syed Belal, Director, Cybersecurity Consulting Services at Hexagon PPM.
Belal has considered for Digital Journal what he believes will be the key trends in this coming year for Operational Technology (OT) cybersecurity. This centers on ‘zero trust’. Zero Trust is a strategic initiative that helps prevent successful data breaches by eliminating the concept of trust from an organization’s network architecture.
Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture.
With more Operational Technology related attacks on the horizon, Belal, warns that we cannot become too reliant on the promises of new technological solutions, like ‘zero trust’.
Zero Trust Won’t Make its Way to ICS/OT….Yet
According to Belal, getting Zero Trust right is based on three key concepts. These are:
- All resources are accessed securely regardless of the location. This implies that no device/user/application should be trusted with the assumption that threats are present both inside and outside of the OT/ICS network.
- Adopt a least privilege strategy and strictly enforce access control. In other words, disable all the services/ports/protocols that are not required for the user’s job responsibility.
- Inspect and log all the OT/ICS network traffics.
How likely are each of these to be in place and to be interlinked within the typical firm?
Belal explains the significance of a ‘zero trust’ synergy: “To achieve the above three key concepts, continuous adaptive risk and trust assessment in OT network are needed.”
He adds that these include:
- 100% OT/ICS endpoints discovery, visibility, and control
- The ability to manage agentless Industrial Internet of Things (IIoT) devices and cyber OT systems
- Micro-segmentation to limit lateral movement through IT/Industrial Control System (ICS) networks and contain breaches
- Continuous logging as part of Security Information and Event Management (SIEM), monitoring via Intrusion Detection Systems (IDS), assessment, and remediation of OT cybersecurity risk.
How close is business to realizing ‘zero trust’? According to Belal: “The goal is clear that OT/ICS needs to achieve Zero Trust Strategy. However, adopting it will take some time because, first, traditional approaches to micro-segmentation pose significant limitations that impact its effectiveness and adoption. Secondly, the least privilege in OT/ICS is limited to users.”
The complexity of the goal is due to: “OT/ICS devices and applications that are designed to have administrator privilege and were not designed considering the principle of least privilege”, explains Belal.
As businesses gear up towards the Zero Trust concept, Belal recommends: “Inspecting and blocking suspicious traffic have a high number of false positives and may block legitimate traffic which will have an impact on business availability.”