Safeguarding cyber-physical systems for a smart future – Source: go.theregister.com

Sponsored Feature Cyber-physical systems (CPS) have a vital role to play in our increasingly connected world.

They are already providing the link that integrates compute functions with everyday physical objects and processes, and are set to support many of the most important digital innovations of tomorrow. It’s highly likely that the so-called Fourth Industrial Revolution will depend on them.

It is CPS technology that will, for example, allow driverless cars to communicate with each other on smart roads; see that homes and offices can be powered by a user-aware energy grid; transform the provision of healthcare by enabling smart medical treatments; and change the way factories and warehouses operate, making them safer and more efficient.

CPS works by uniting computation, control systems, sensors and networks with physical infrastructure, linking all these elements to the Internet and to each other. Underpinning CPS is what has become known as the Extended Internet of Things (XIoT).

This umbrella term embraces all the connected IoT devices we use today including Industrial IoT (IIoT) components. It also connects the operational technology (OT) that controls industrial equipment, joins up the Internet of Medical Things (IoMT), and powers building management systems (BMS). If you think of any kind of critical infrastructure in fields like manufacturing, transportation, utilities and healthcare, then CPS is likely to be enabling it, if not now then in the very near future.

New infrastructure, new dangers

All of this horizontal integration and widespread connectivity presents opportunities along with challenges. It delivers exceptional manageability and efficiency in new and exciting ways, but these benefits do not come without attendant risks. In a pre-XIoT world, all of these individual systems and infrastructural elements would have operated in isolation, such that if anything failed or was compromised by a cyber-attack then damage was limited to a single silo.

New and more integrated forms of industrial control system (ICS) can be vulnerable by virtue of their interconnected and highly distributed nature, but are not easily protected with traditional security and monitoring solutions. In an era of CPS connectedness, failure to manage and secure the many different elements at work within, say, a major industrial organisation can have wide repercussions.

It doesn’t help that a lot of the individual bits of infrastructure that are now part of the XIoT ecosystem have been in place for decades, working around the clock 24/7 and allowing little in the way of downtime for maintenance and patching. They are often driven by outdated and easily compromised software and are based on proprietary protocols with weak access controls and security support. Taking these systems offline to upgrade them with better security can be difficult and very expensive, if it can be done at all.

“All this presents organisations with a significant challenge,” points out Paul Stringfellow, an analyst at GigaOM and author of the Buyers Checklist: Solutions to Protect Cyber-Physical Systems, a resource sponsored by XIoT security specialist Claroty. “As previously air-gapped OT systems are increasingly connected to IT, complex cybersecurity risks emerge that must be quickly and effectively addressed.”

The challenge, he notes, is not just technical: “Today, regulatory requirements establish minimum standards for cybersecurity, requiring industrial organisations to implement measures—often complex—that protect their critical infrastructure from cyber-attacks.”

Not only, he warns, are conventional monitoring tools incompatible with most industrial environments, rendering them at best ineffective and at worst disruptive, they can also introduce compatibility issues into the XIoT environment. Any IT manager will be aware of the resource constraints that already make cybersecurity protection an uphill struggle. Opening up new opportunities for the bad guys to operate is not an option, demanding that businesses find ways of enjoying the value of integrating their infrastructure but without neglecting the risks of doing so.

“Ideally this process would start with an accurate inventory of the infrastructure and systems you have, which sounds simple enough,” adds Grant Bailey, Solutions Engineer with Claroty. “But the reality is that if you buy a conveyor belt or a box folding machine or a crane, it will most likely come with its own OT device rather than one you picked. Each item may need to be configured to sit in your environment. It’s then up to you to put in a firewall so that system can be part of your network. There are a number of challenges around customers just understanding exactly what they’ve got, where it is, and how it’s working for them from an auditing and regulatory point of view.”

This kind of uncertainty has, he believes, profound security consequences: “What you need is a way to spot what ‘good’ looks like on the network, then it becomes a lot easier to spot anything that sits outside of that,” he concludes. “Anomalous behaviour isn’t necessarily bad, it might just be something unexpected. You need a way to spot something that’s unusual in the environment and take action if needed.”

How to safely choose the right tools

But how do you choose the correct tool to help your organisation to embrace the CPS era with safety, reassured that you are not simply introducing new points of potential failure? The Claroty Buyers Checklist is a tool designed for just that purpose, allowing IT buyers to explore the cyber-physical systems technology space with confidence. The checklist recognises that securing technology environments is a difficult challenge, with success dependent on partnering with the right provider. It was designed to assist buyers in focussing their efforts from a position of awareness when evaluating technology solutions.

It kicks off by providing an overview of the current state of cyber-physical systems, exploring the challenges, risks, and issues that organisations must confront in deploying a solution.

Next it tackles the various approaches that different solution providers have adopted, so buyers can be aware of the types of architectures to expect. This provides guidance on the key capabilities they should expect from leading systems.

Then the Buyers Checklist delves into the criteria that an organisation should consider in the evaluation process. This helps organisations to prioritise the criteria that are most important to meeting their requirements.

The ideal solution will feature a central analysis server that collects telemetry for devices it protects. The analysis server works by combining this telemetry with a range of sources, such as external threat information, before applying detailed analysis using AI to present an accurate view of threats and suggest appropriate mitigation steps.

Criteria for telemetry solutions

Collecting telemetry can be more challenging in an XIoT environment than with regular IT systems. And challenges will vary by industry sector, and be different for each organisation.

The following criteria should be applied to every buying decision according to the Claroty Buyers Checklist:

Table stakes: Functionality that should be part of any solution – Given how complex XIoT can be, any solution must have the breadth to provide insights into all devices. Many CPS devices can’t be scanned or interacted with by their nature, so any solution should feature a way to carry out passive checks. Lastly, although regular threat protection tools are not always effective in an XIoT setting, they should at least be able to understand and identify commonly known threats.

Key criteria: Capabilities that depend on the organisation’s needs – Any tool should be capable of using advance analysis and AI to help identify emerging and zero-day threats. Depth is as important as breadth, with solutions needing to identify vulnerabilities and risks at all levels. Solutions should support a broad array of industrial protocols and provide a variety of collection methods so as to be able to properly monitor asset activity. When it comes to network protection, CPS security solutions should play their part in monitoring activity and identifying violations. And remote access tools are often unsuitable for XIoT needs, so the best kind of solutions will offer support for this sort of environment.

Business criteria: Non-functional requirements – Solutions must scale easily to meet fluctuating requirements and unpredictable additional demands. Users want solutions that are easy for them to understand and benefit from, which means web applications with graphical interfaces and ways to connect with familiar tools. The solution should be deployable seamlessly without needing to mess with different configurations. And there must be easy integration with other security tools including endpoint protection, network access controls, next-gen firewalls and SIEM.

It’s important remember that not all security solutions were designed with CPS and XIoT in mind. “There’s lots of IT security people making a big push in the IoT and XIoT space, but they don’t come at it, as we do, as an OT vendor,” concludes Bailey.

Just as the Internet transformed the way people interact with information, cyber-physical systems are transforming the way people interact with engineered systems. But unless the security dimension of this trend is foremost in decision maker minds, and its implications considered in the round, then there are clear and present dangers.

Sponsored by Claroty.