The U.S. National Security Agency (NSA) released a security advisory addressing the National Security System (NSS), the Department of Defense (DoD), and the Defense Industrial Base (DIB), detailing ways to evaluate risks and improve the security of connections between operational technology (OT) and enterprise IT networks. The advisory “Stop Malicious Cyber Activity Against Connected Operational Technology,” stated that the exploitation of IT networks often leads to abusing enterprise OT networks, as IT systems serve as an entry point into industrial networks.
Though the recommendations are specifically addressed to the government agencies, they can be used by any industrial company to strengthen the security of IT and OT systems connectivity.
Evaluating the Value vs. Risk vs. Cost for enterprise IT and OT Connectivity
- Acknowledge that a standalone, unconnected OT system is safer from outside threats than one connected to an enterprise IT system with external connectivity.
- Determine the value to the enterprise of connecting the IT system to the OT network and/or control system environments.
- Determine the risk to the enterprise of connecting the IT system to the OT environment.
- Quantify the increased costs associated with mitigating the additional risks from connecting the existing OT networks and devices to the enterprise IT system.
- Present leadership with findings so they can effectively evaluate the value, risks, and expenses/resources.
Improving Security for Connected Enterprise IT-OT Networks
- Fully manage, cryptographically protect (encrypt and authenticate), and apply an allow list or a dial-back approach1 to all access vectors.
- Wherever remote access is permitted, add sensors, and monitor all cross-domain connections. It is recommended that all remote access connections be disconnected until such time that active monitoring is in place.
- Create a known OT network map and device settings baseline and validate all equipment on the network.
- Create a known OT network communication baseline.
- Assess and prioritize OT network cybersecurity needs to identify required mitigations and define short-, medium-, and long-term cyber-hardening outcomes.
- Create an exemplar Gold copy baseline to enable all OT networks and devices to be repaired and/or instantiated.
- Gold copy restoration files and capabilities should be stored in locked, unconnected locations. Do not store gold copy restoration data online or on-network.
- Practice OT network re-instantiation to ensure success and shorten OT network downtime if an issue or malicious activity occurs.
“Each IT-OT connection increases the potential attack surface. To prevent dangerous results from OT exploitation, OT operators and IT system administrators should ensure only the most imperative IT-OT connections are allowed, and that these are hardened to the greatest extent possible. These mitigations include fully managing all IT-OT connections, limiting access, actively monitoring and logging all access attempts, and cryptographically protecting remote access vectors,” the NSA said.