Gartner: 10 security controls that enhance the security situation within the organization

Global market research firm Gartner has predicted that cyber-attacks will succeed in exploiting OT environments as a weapon to harm and kill individuals by the year 2025. This revelation comes against the backdrop of a widening range of cyber-attacks against OT environments that include hardware and software responsible for monitoring equipment, assets, and processes. and control it.

These attacks have evolved beyond attempts to sabotage operations and shut down factories, and have begun to affect the integrity of industrial environments with the intent to inflict physical damage, while other simultaneous events - such as attacks using Colonial Pipeline ransomware - have highlighted the need for isolated networks that adequately separate IT structures from operating environments.

Wam Foster, senior director of research at Gartner, within operational environments, people's safety, and the work environment should be a priority for security and risk managers rather than concerns about data theft.

According to Gartner, security incidents in operational technology environments and other electronic physical systems have three main drivers: physical harm, business disruption (reduced productivity), and reputational damage (manufacturer credibility and reliability).

Gartner predicts that financial losses from cyber-physical systems attacks that may cause fatal injuries will reach more than $50 billion by 2023. Without taking into account the loss of human life, the costs to organizations in terms of compensation, litigation, regulatory fines, and reputational damage will be very high. Gartner also expects that most CEOs will be personally responsible for such incidents.

10 Security Controls to Protect OT Environments

Gartner recommends that organizations adopt a framework of 10 security controls that enhance security across their facilities and prevent the harmful consequences of security incidents in the digital world from reaching the real world.

• Define responsibilities and roles: Each facility should have an OT Security Manager who defines and documents the security-related roles and responsibilities of all employees, senior managers, and other parties.

• Adequate awareness and training: Employees in OT environments must possess the skills required to perform their roles, by training employees in each facility to identify security risks, areas most vulnerable to attack, and actions to take in the event of a security event.

• Security response mechanisms and testing: It must be ensured that each facility applies procedures to address security incidents affecting operational technology, including four main stages: preparation; detection and analysis; the containment, eradication, and recovery of attacks, and apply subsequent actions.

• Backup & Restore: Ensure that proper procedures are in place for backup, restore, and disaster recovery, while avoiding storing backup media in the same location as the systems to reduce the consequences of physical accidents such as fire. Backup media must be protected from misuse or unauthorized access to its contents. In order to deal with the aftermath of high-risk incidents, backups must be made available on entirely new systems or virtual machines.

• Monitor portable storage devices: Policies should be implemented to ensure that all mobile data storage media and devices are subject to security scanning, regardless of who or who owns them, and that storage media can only be connected to OT environments after ensuring that they are free of malicious software or code.

• The updated list of assets: Security managers must maintain a constantly updated inventory of assets for all OT hardware and software.

• Proper isolation between networks: OT networks must be physically and logically isolated from any other network, internal or external, making sure that their traffic passes through a secure gateway that acts as a security buffer, to which access is subject to multi-factor access authentication mechanisms.

• Maintain event logs: Appropriate policies and procedures should be implemented to automate the work of records within OT networks and reviewed for potential and actual security events, ensuring that those records are retained for specified periods of time and protected from tampering or modification.

• Deploy safe and standard settings: Secure and standardized settings must be developed and deployed across all vulnerable systems such as endpoints, servers, network devices, and field devices, and endpoint security software such as anti-malware software must be installed and activated across all components of the OT environment.

• Official procedures for approving software patches: Procedures for approval of software patches by equipment manufacturers must be in place prior to their use. Once the certification process is completed, patches can only be applied to the appropriate systems and at predetermined time intervals.