Having spent decades in the industrial space, we understand that maintaining operations is time consuming. With the already demanding daily requirements, the thought of having to add something else can be overwhelming. So, too often we encounter hesitation to address cybersecurity within operations. People are worried about even dipping a toe in because then they think they’re going to have to just jump in the pool. In turn, they end up putting it off. The problem is the threat is there. And, in reality, it doesn’t have to be such a hefty undertaking.
Cybersecurity and Timing
While not an OT or industrial control system, what the recent massive outage of Windows PCs due to CrowdStrike’s automatic update highlighted was the critical element of timing. In something that unfolded so quickly, hospitals, airlines, banks, emergency services, and more were impacted, creating a stir of disruptions and requiring immediate action to remedy. Now imagine a major cyberattack creating a domino effect with infrastructure and other industrial systems. If there aren’t resources to implement an instant response, the outcomes could be detrimental. Even if you scale down this scenario to smaller facilities, an uncontrolled system takedown can create production halts, money loss, etc. The ability to swiftly react must be premeditated, which means investing in proper tool deployment.
Realistic Deployment Timeline
Investment in cybersecurity not only sets operators up for more efficient cyber incident preparation, but it can also be an efficient process itself. At DYNICS, we have made it our goal to make it as affordable in all ways as possible. We just did a proof of concept with one of our customers at a plant in the Midwest, sending them an ICS360.Defender Firewall and four Software Defined Network (SDN) switches. They were able to run a quick trial to understand the ease of use and integration and were already set up in their cybersecurity journey. Beyond that, it is just a two-week period to fully introduce and start running with our suite of complementary products.
Timeline Sample
To comprehend how efficient deployment can be, here is an example of the timeline of deployment for DYNICS ICS360.Defender, Firewall and Switches, and Veracity OT Network Controller:
Week Prior:
1) Receive, Mount and Power equipment in (4) Plant Floor Cabinets. (total time; ½ Day worked around operating shifts)
Day of Deployment:
1) Meet with team at mid-day to deploy and configure ICS360.Defender and OT Network Controller, and plan for migration on plant floor. (Total time; 1 Hour)
2) At the conclusion of the day’s shift – proceed to plant floor and move cables from old switches to SDN Switches, and install ICS360.Defender to isolate OT Network from Corporate network.
3) With ICS360.Defender and OT Network Controller in “Learn Mode”. Run the line to confirm Asset ID of each connection; name and classify appropriately; and identify and write proper allow rules for production traffic.
4) With plant engineering team confirm communication flows and rules for IC3360.Defender and OT Network Controller.
5) Stop production on line, and change ICS360.Defender and OT SDN Controller to “Production Mode”. Deployment complete. (Total Time Steps 2 – 5; 2 Hours)
Next Day:
6) Arrive to plant prior to start of shift, and monitor ICS360.Defender and OT SDN Controller to ensure proper production run. Continue to monitor until satisfied policy for “Production Mode” is accurate. (Total Time; Approximately 2-3 Hours).
Objectives of POC:
Visibility:
1) Asset Identification of plant floor equipment
2) Identification of proper plant floor communication flows
Control:
1) IT Network and Remote access to plant floor Equipment.
Examples: a) Kepware server on IT Network – allow read access only of certain tags on PLC on OT Network
b) 3rd Party Vendor access to plant floor equipment
2) Quarantine of new connections on plant floor switches until access decision (allow/deny) by plant engineer
Protection:
1) Reduction of attack surface of OT LAN by limiting traffic to/from IT LAN to only that which is explicitly necessary for production
2) Virtual patching of OT assets by deployment of required IDS/IPS rules to protect against vulnerabilities
3) Improve protection and efficiency of OT LAN by allowing only the communication flows that are appropriate for operations
Sources:
- “Windows CrowdStrike outage update: Blue screen of death, list of services down today, timeline for fix, what to know” – Michael Grothaus, Fast Company
https://www.fastcompany.com/91159356/windows-crowdstrike-outage-update-blue-screen-death-list-services-down-today-fix-timeline-fix
