你能发现的威胁吗?

2016-04-30

Imagine that you’re leading security at a World Cup qualifier. As you try to stay focused amid the bicycle kicks and giant waving flags, you’re thinking about how to keep eyes and ears on the eclectic audience. They’re in their seats for the most part, but they’re speaking different languages, vendors are coming and going, and the game is intense…it’s a hectic environment.

Your first challenge is to understand what people are saying. If you don’t understand the languages, your ability to monitor and protect is severely limited. Two opposing fans might be yelling patriotic slogans or threatening an encounter in the parking lot—the ability to tell the difference is critical.

Second, you’ll likely want to group people so you can minimize the spread of any incidents. Grouping also allows you to better tailor your security to a specific population or area of the stadium. But you can’t stop the game and rearrange people, so you need to rely on movable fences/nets, nearby guards and other temporary methods. The stronger and easier to deploy, the better.

Finally, you need to be empowered to act, ideally in advance of any threat becoming a major problem. You don’t want to be like the Security Monitor in the funny ad from a popular identity protection company; the monitor isn’t allowed to intervene during a bank robbery but loudly informs all the customers that a robbery is happening. Thanks, bud!

Now for the predictable leap out of the somewhat tortured sports metaphor: The soccer game is your critical infrastructure environment and the fans are your many pieces of equipment talking to each other.

  • Speaking the language means you need to be fluent in the protocols that machinery uses to communicate, e.g., Modbus, DNP3, OPC Classic, and DICOM. They're not the same as IT protocols.

  • Grouping people is analogous to segmenting your operational/ICS network. Critical infrastructure segmentation allows you to create equipment "zones of trust" based on relevant characteristics, e.g., function or communication path. Combine trust zones with full industrial protocol support, and you're on your way to a very powerful and flexible ICS cyber security practice.

  • Being empowered to act means having an OT cyber security solution that can not only raise a red flag but can also deal with a threat before it interrupts your operations.

We just released a new OT network segmentation white paper that provides some insight into the challenges mentioned above—please take a look if you’re interested in how to secure operational networks and critical assets from cyber threats, both internal/external and intentional/accidental.