Efficient Plant Nov./Dec 2019 - 18

feature | cybersecurity
tion for security. The inherent trust in our
industrial-control systems is evaporating
due to increased connectivity among
process-control environments and,
more critically, a lack of segmentation
between IT and OT networks. This
phenomenon, combined with growing demands for remote access for
the dual purpose of maintenance and
predictive analytics, is introducing
new attack vectors with very few, and
sometimes no, compensating security
controls in place.
Complicating matters even more is the
massive increase of Internet of Things
(IoT) devices residing in OT networks.
The oft-quoted Gartner research forecasts
14.2-billion connected things will be in
use in 2019. The market-research firm also
projects that the total number will reach
25 billion in 2021. Legitimate business
requirements are driving this IoT proliferation in the name of increasing efficiency,
productivity, and convenience. However,
the resulting digital transformation is not
without cost or risk.

MANAGING THE RISK
The first step to managing the new risks
brought about by these technological and
business innovations is to gain full visibility
of your IoT and OT devices. As the cybersecurity maxim goes, "you cannot protect
what you cannot see." Unfortunately, most
owners and operators of industrial and IoT
equipment are too often oblivious to what's
on and connected to their networks. Once
you establish broad visibility of the devices
on your network, the next step is to go deep.
Given the nature of plant networks,
unless you're performing deep packet
inspection (DPI) on your OT network,
you're simply not going to detect operational anomalies or security threats that can
lead to downtime or even physical damage
and hazardous conditions. It's this type of

18

| EFFICIENTPLANTMAG.COM

Like IT devices, OT devices are often vulnerable
to known exploits.

monitoring, for example, that will detect
remnants of WannaCry, the aforementioned
ransomware that still lingers on OT networks all over the world.
But DPI does more than just detect and
prevent threats. It can also identify vulnerabilities and support a variety of response
functions. Like IT devices, OT devices
are often vulnerable to known exploits.
Patching is not a trivial exercise in a plant
environment, but it's critical to manage your
vulnerabilities by correlating each device
based on its model and firmware version
with published and unpublished vulnerability data. Doing so empowers owners and
operators to make informed decisions about
which vulnerabilities to patch, which to
apply compensating security controls, and
which to leave alone.
Once you've established full visibility
of your assets and implemented continuous security monitoring and vulnerability
management, it is essential to control the
remote-access attack vector. Third-party
connections are a hacker's dream when it
comes to OT networks. Any solution should
not only control these access points, but also

continuously monitor and enforce policy
violations.
In addition to leveraging technologies
such as DPI, vulnerability management,
and remote-access control, there are
many valuable industry resources that
offer guidance designed to improve
your cybersecurity posture. Recognizing the risks inherent in IoT devices,
the National Institute of Standards and
Technology (NIST), Gaithersburg, MD
(nist.gov), recently published a report
titled The Considerations for Managing
Internet of Things (IoT) Cybersecurity and
Privacy Risks. The first in a series on the
topic, NIST cites a complementary report,
Guide to Industrial Control Systems (ICS)
Security, within the recent publication.
Both are worthy reads for plant-operations
personnel.
It's no secret that OT networks were
never built with security in mind; safety and
resilience were the key design goals. Our
increasingly ever-connected world-despite
its "triple promise" of greater efficiencies,
productivity, and convenience-makes
industrial-control systems that much more
attractive and vulnerable to hackers. So, yes,
believe it, you are indeed worthy of being
hacked, or (arguably) worse, represent a
spillover target of the next major ransomware attack. EP
Dave Weinstein is the chief security officer
at Claroty, New York (claroty.com). Prior to
joining the company, Weinstein was the chief
technology officer for the state of New Jersey.
He began his career as an operations planner
at U. S. Cyber Command, where he served
for three years. Weinstein holds a Bachelor's
degree from Johns Hopkins Univ., Baltimore,
and a Master's degree from the Georgetown
Univ. School of Foreign Service in Washington. He is also a non-resident Cybersecurity
Policy Fellow at New America, Washington
(newamerica.org).

NOV/DEC 2019


http://www.nist.gov http://www.claroty.com http://www.newamerica.org http://www.EFFICIENTPLANTMAG.COM

Efficient Plant Nov./Dec 2019

Table of Contents for the Digital Edition of Efficient Plant Nov./Dec 2019

Efficient Plant Nov./Dec 2019 - 1
Efficient Plant Nov./Dec 2019 - Cover1
Efficient Plant Nov./Dec 2019 - Cover2
Efficient Plant Nov./Dec 2019 - 1
Efficient Plant Nov./Dec 2019 - 2
Efficient Plant Nov./Dec 2019 - 3
Efficient Plant Nov./Dec 2019 - 4
Efficient Plant Nov./Dec 2019 - 5
Efficient Plant Nov./Dec 2019 - 6
Efficient Plant Nov./Dec 2019 - 7
Efficient Plant Nov./Dec 2019 - 8
Efficient Plant Nov./Dec 2019 - 9
Efficient Plant Nov./Dec 2019 - 10
Efficient Plant Nov./Dec 2019 - 11
Efficient Plant Nov./Dec 2019 - 12
Efficient Plant Nov./Dec 2019 - 13
Efficient Plant Nov./Dec 2019 - 14
Efficient Plant Nov./Dec 2019 - 15
Efficient Plant Nov./Dec 2019 - 16
Efficient Plant Nov./Dec 2019 - 17
Efficient Plant Nov./Dec 2019 - 18
Efficient Plant Nov./Dec 2019 - 19
Efficient Plant Nov./Dec 2019 - 20
Efficient Plant Nov./Dec 2019 - 21
Efficient Plant Nov./Dec 2019 - 22
Efficient Plant Nov./Dec 2019 - 23
Efficient Plant Nov./Dec 2019 - 24
Efficient Plant Nov./Dec 2019 - 25
Efficient Plant Nov./Dec 2019 - 26
Efficient Plant Nov./Dec 2019 - 27
Efficient Plant Nov./Dec 2019 - 28
Efficient Plant Nov./Dec 2019 - 29
Efficient Plant Nov./Dec 2019 - 30
Efficient Plant Nov./Dec 2019 - 31
Efficient Plant Nov./Dec 2019 - 32
Efficient Plant Nov./Dec 2019 - 33
Efficient Plant Nov./Dec 2019 - 34
Efficient Plant Nov./Dec 2019 - 35
Efficient Plant Nov./Dec 2019 - 36
Efficient Plant Nov./Dec 2019 - 37
Efficient Plant Nov./Dec 2019 - 38
Efficient Plant Nov./Dec 2019 - 39
Efficient Plant Nov./Dec 2019 - 40
Efficient Plant Nov./Dec 2019 - Cover3
Efficient Plant Nov./Dec 2019 - Cover4
https://www.nxtbook.com/atp/MaintenanceTechnology/efficient-plant-june-2021
https://www.nxtbook.com/atp/MaintenanceTechnology/epapril2021
https://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2021
https://www.nxtbook.com/atp/MaintenanceTechnology/epjanfeb2021
https://www.nxtbook.com/atp/MaintenanceTechnology/epjulyaug2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epjune2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epmay2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epapril2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epfeb2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epjan2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epnovdec2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epseptoct2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epmay2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epapril2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epfebruary2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epjanuary2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epdecember2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epnovember2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epoctober2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epseptember2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epaugust2018
https://www.nxtbook.com/atp/MaintenanceTechnology/0818schneider
https://www.nxtbook.com/atp/MaintenanceTechnology/epjuly2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epjune2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epmay2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epapril2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epfebruary2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epjanuary2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epdecember2017
https://www.nxtbook.com/atp/MaintenanceTechnology/epnovember2017
https://www.nxtbook.com/atp/MaintenanceTechnology/epoctober2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtsept2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtaugust2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjuly2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjune2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtmay2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtapril2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtmarch2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtfebruary2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjanuary2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtdecember2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtnovember2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtoctober2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtseptember2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtaugust2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjuly2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjune2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtmay2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtapril2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtmarch2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtfebruary2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjanuary2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtdecember2015
https://www.nxtbook.com/atp/MaintenanceTechnology/mtnovember2015
https://www.nxtbook.com/atp/MaintenanceTechnology/mtoctober2015
https://www.nxtbook.com/atp/MaintenanceTechnology/mtseptember2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTAugust2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTJuly2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTJune2015
https://www.nxtbook.com/atp/MaintenanceTechnology/M
https://www.nxtbook.com/atp/MaintenanceTechnology/0415endress
https://www.nxtbook.com/atp/MaintenanceTechnology/MTApril2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTMarch2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTFebruary2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTJanuary2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTDecember2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTNovember2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTOctober2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTSeptember2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTAugust2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTJuly2014
https://www.nxtbookmedia.com