If you had to divide a business into operating layers and prioritize by importance, how would you do it? Aren’t all elements of a business crucial to function? Cybersecurity strategy must rank which risk is most likely to topple a business’ continuity, working backward to solve the gap.
Business continuity and the Purdue Model
By industry, methods for organizing business function vary. For business’ running operational technology (OT) and industrial control systems (ICS), you’ll likely run into the Purdue model. Traditionally, the Purdue model ranks level 0 as the business’ physical processes, like the plant generator powering the process of filtering and cleaning the water or generating steam.
Level 1 adds sensors and actuators for operating controls, directing the machinery performing the base process, like a fail-safe off switch. Level 2 governs systems monitoring and manipulating processes, level 3 handles overall operations for the system managing production workflow scheduling, and levels 3.5, 4, and 5 typically govern network controls, enterprise network access, and external vendors or cloud.
Threat actors accessing any level of the Purdue model could hurt a business, but which level would stop the business in its tracks? Cybersecurity thought leaders often prioritize levels 4 and 5, the enterprise and cloud, as most important. But let’s flip the Purdue model on its head for a moment. Even though levels 4 and 5 hold confidential information, placement, and access at the highest position in the company, Level 0, the operating floor, controls cash flow.
Level 4 and 5 shutdown would cause serious problems, but prolonged business interruption in level 0 could cause a literal explosion. So how should businesses protect the less glamorous but still important level 0? Here’s five recommendations:
1: Change default passwords
If at all possible, change default passwords on floor equipment. Often, machinery access method hasn’t shifted since it was delivered from the vendor to your plant, meaning motivated threat actors who breach the vendor who made your equipment now know stock passwords for money-generating OT across the globe. Avoid that situation and reset factory defaults. If the device vendor doesn’t allow for password reset, introduce multi-factor authentication or secure access sign-on as another preventative measure.
2: Backup system processes
It’s nearly a cliché in security circles, but quality, validated backups make ransomware irrelevant. Backups detailing critical process and supporting equipment programming secure an OT environment from encryption or system reset.
3: Question device access to the network
Unless it’s necessary for two machines connected to the same access switch to communicate directly, segmenting their access through a virtual local area network (VLAN) reduces the compromised blast radius. For example, two machines may need to communicate with a server for GPS timing and access to operating instructions, but those two machines do not need to communicate with each other to complete tasks. Assign the least privileged access to each device sharing a network without inhibiting operations.
4: Scan your environment for software + code vulnerabilities
Vulnerability management for OT environments is crucial for tight security, but it’s also difficult to do without interrupting processes. We recommend controlled observation of your network traffic. That method is unlikely to interrupt operations and may help identify the firmware for each device, an indicator for common vulnerabilities and exposures (CVEs) if the contract language of the ICS equipment vendor allows for such observations.
5: Address cybersecurity expectations in vendor contracts
Before you sign a machinery contract, discuss the vendor’s process for identifying and releasing patches and incorporate your plan in the service level agreement (SLA). Most vendors today are mindful of cyber risks due to consistent attacks on industrial systems, but establishing a baseline is crucial to increasing your time to patch dangerous and exposed vulnerabilities.
Modern SecOps and OT Security
Understanding your business’ greatest risk gives you the tools to protect it. At Ascent Solutions, our team embraces Modern Security Operations in all aspects of securing our customer environments so they can focus on what matters most, their business. If you’re interested in partnering with Ascent’s SOC team to secure your OT or IoT environment, reach out to info@meetascent.com.
