Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Operational Technology (OT)
Network Security Challenges
and Solutions
© Global Knowledge Training LLC. All rights reserved. Page 2
Webinar Agenda
• Operational Technology (OT) Networks Overvie...
© Global Knowledge Training LLC. All rights reserved. Page 3
Operational Technology (OT) Networks Overview
What is an Oper...
© Global Knowledge Training LLC. All rights reserved. Page 4
Operational Technology (OT) Networks Overview
Gartner Definei...
© Global Knowledge Training LLC. All rights reserved. Page 5
Operational Technology (OT) Networks Overview
Although OT is ...
© Global Knowledge Training LLC. All rights reserved. Page 6
Operational Technology (OT) Networks Overview
For the sake of...
© Global Knowledge Training LLC. All rights reserved. Page 7
Operational Technology (OT) Networks Overview
Internet of Thi...
© Global Knowledge Training LLC. All rights reserved. Page 8
Evolution of OT Networks in the Enterprise
Traditionally OT s...
© Global Knowledge Training LLC. All rights reserved. Page 9
Evolution of OT Networks in the Enterprise
IT and OT have alw...
© Global Knowledge Training LLC. All rights reserved. Page 10
Risks associated with OT Networks
OT Networks typically run ...
© Global Knowledge Training LLC. All rights reserved. Page 11
Risks associated with OT Networks
OT Networks have a differe...
© Global Knowledge Training LLC. All rights reserved. Page 12
Risks associated with OT Networks
The Information Technology...
© Global Knowledge Training LLC. All rights reserved. Page 13
Challenges faced with OT Networks
• OT Networks and Devices ...
© Global Knowledge Training LLC. All rights reserved. Page 14
Solutions & Strategies for Securing OT Networks
Traditionall...
© Global Knowledge Training LLC. All rights reserved. Page 15
• The Purdue Model for Control
Hierarchy is a common and wel...
© Global Knowledge Training LLC. All rights reserved. Page 16
Solutions & Strategies for Securing OT Networks
Models, such...
© Global Knowledge Training LLC. All rights reserved. Page 17
Solutions & Strategies for Securing OT Networks
Specialized ...
© Global Knowledge Training LLC. All rights reserved. Page 18
Solutions & Strategies for Securing OT Networks
Cisco Produc...
© Global Knowledge Training LLC. All rights reserved. Page 19
Solutions & Strategies for Securing OT Networks
Cisco Produc...
© Global Knowledge Training LLC. All rights reserved. Page 20
Solutions & Strategies for Securing OT Networks
Using VLANs ...
© Global Knowledge Training LLC. All rights reserved. Page 21
Solutions & Strategies for Securing OT Networks
Single VLAN ...
© Global Knowledge Training LLC. All rights reserved. Page 22
Solutions & Strategies for Securing OT Networks
Multiple VLA...
© Global Knowledge Training LLC. All rights reserved. Page 23
Solutions & Strategies for Securing OT Networks
Multiple VLA...
© Global Knowledge Training LLC. All rights reserved. Page 24
Solutions & Strategies for Securing OT Networks
Micro Segmen...
© Global Knowledge Training LLC. All rights reserved. Page 25
Solutions & Strategies for Securing OT Networks
Cisco TrustS...
© Global Knowledge Training LLC. All rights reserved. Page 26
Solutions & Strategies for Securing OT Networks
One VLAN wit...
© Global Knowledge Training LLC. All rights reserved. Page 27
Solutions & Strategies for Securing OT Networks
Cisco TrustS...
© Global Knowledge Training LLC. All rights reserved. Page 28
Solutions & Strategies for Securing OT Networks
Example of a...
© Global Knowledge Training LLC. All rights reserved. Page 29
ACME Inc. Manufacturing Inc. – Mini Case Study
ACME Inc. Man...
© Global Knowledge Training LLC. All rights reserved. Page 30
ACME Inc. Manufacturing Inc. – Mini Case Study
ACME Inc. Man...
© Global Knowledge Training LLC. All rights reserved. Page 31
ACME Inc. Manufacturing Inc. – Mini Case Study
A major chall...
© Global Knowledge Training LLC. All rights reserved. Page 32
ACME Inc. Manufacturing Inc. – Mini Case Study
Cisco Industr...
© Global Knowledge Training LLC. All rights reserved. Page 33
ACME Inc. Manufacturing Inc. – Mini Case Study
Cisco ISE is ...
© Global Knowledge Training LLC. All rights reserved. Page 34
ACME Inc. Manufacturing Inc. – Mini Case Study
• Control Eng...
© Global Knowledge Training LLC. All rights reserved. Page 35
Courses
Implementing and
Configuring Cisco Identity
Services...
© Global Knowledge Training LLC. All rights reserved. Page 36
Learning More
GlobalKnowledge.com
For additional on-demand a...
Upcoming SlideShare
Loading in …5
×

of

Operational Technology (OT) Network Security Challenges and Solutions Slide 1 Operational Technology (OT) Network Security Challenges and Solutions Slide 2 Operational Technology (OT) Network Security Challenges and Solutions Slide 3 Operational Technology (OT) Network Security Challenges and Solutions Slide 4 Operational Technology (OT) Network Security Challenges and Solutions Slide 5 Operational Technology (OT) Network Security Challenges and Solutions Slide 6 Operational Technology (OT) Network Security Challenges and Solutions Slide 7 Operational Technology (OT) Network Security Challenges and Solutions Slide 8 Operational Technology (OT) Network Security Challenges and Solutions Slide 9 Operational Technology (OT) Network Security Challenges and Solutions Slide 10 Operational Technology (OT) Network Security Challenges and Solutions Slide 11 Operational Technology (OT) Network Security Challenges and Solutions Slide 12 Operational Technology (OT) Network Security Challenges and Solutions Slide 13 Operational Technology (OT) Network Security Challenges and Solutions Slide 14 Operational Technology (OT) Network Security Challenges and Solutions Slide 15 Operational Technology (OT) Network Security Challenges and Solutions Slide 16 Operational Technology (OT) Network Security Challenges and Solutions Slide 17 Operational Technology (OT) Network Security Challenges and Solutions Slide 18 Operational Technology (OT) Network Security Challenges and Solutions Slide 19 Operational Technology (OT) Network Security Challenges and Solutions Slide 20 Operational Technology (OT) Network Security Challenges and Solutions Slide 21 Operational Technology (OT) Network Security Challenges and Solutions Slide 22 Operational Technology (OT) Network Security Challenges and Solutions Slide 23 Operational Technology (OT) Network Security Challenges and Solutions Slide 24 Operational Technology (OT) Network Security Challenges and Solutions Slide 25 Operational Technology (OT) Network Security Challenges and Solutions Slide 26 Operational Technology (OT) Network Security Challenges and Solutions Slide 27 Operational Technology (OT) Network Security Challenges and Solutions Slide 28 Operational Technology (OT) Network Security Challenges and Solutions Slide 29 Operational Technology (OT) Network Security Challenges and Solutions Slide 30 Operational Technology (OT) Network Security Challenges and Solutions Slide 31 Operational Technology (OT) Network Security Challenges and Solutions Slide 32 Operational Technology (OT) Network Security Challenges and Solutions Slide 33 Operational Technology (OT) Network Security Challenges and Solutions Slide 34 Operational Technology (OT) Network Security Challenges and Solutions Slide 35 Operational Technology (OT) Network Security Challenges and Solutions Slide 36
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

3 Likes

Share

Download to read offline

Operational Technology (OT) Network Security Challenges and Solutions

Download to read offline

As cybersecurity threats continue to be a top concern facing organizations today, the Information Technology (IT) Governance team must stay abreast in assuring that the organization is protected. The IT Governance team must continually evaluate the risks to the organization and put in place Processes, Procedures and Technologies to protect the assets of the organization.

In recent years there has been a shift in the IT landscape related to how technology is used to conduct business. Organizations are connecting Operational Technology (OT) Systems that are involved in the direct production of goods or services (that were once siloed) to the network.

While these OT Systems typically run critical infrastructure, they paradoxically often run on aging software and obsolete hardware, which makes them difficult to patch and highly vulnerable to exploits by malicious actors. Cyber Attacks related to these systems could be devastating to the supply chain of products and services.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Operational Technology (OT) Network Security Challenges and Solutions

  1. 1. Operational Technology (OT) Network Security Challenges and Solutions
  2. 2. © Global Knowledge Training LLC. All rights reserved. Page 2 Webinar Agenda • Operational Technology (OT) Networks Overview • The Evolution of Operational Technology (OT) Networks in the Enterprise • Risks associated with OT Networks • Challenges faced with OT Networks • Technology Solutions and Strategies for Securing OT Networks • ACME Manufacturing Inc. - Mini Case Study
  3. 3. © Global Knowledge Training LLC. All rights reserved. Page 3 Operational Technology (OT) Networks Overview What is an Operational Technology (OT) Network? In order to have a meaningful discussion about OT Networks it is important to clearly define terminology related to OT Networks.
  4. 4. © Global Knowledge Training LLC. All rights reserved. Page 4 Operational Technology (OT) Networks Overview Gartner Defineitions: Operational Technology (OT) Hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise. Information Technology (IT) This is the common term for the entire spectrum of technologies for information processing, including software, hardware, communications technologies and related services. In general, IT does not include embedded technologies that do not generate data for enterprise use. Source: https://www.gartner.com
  5. 5. © Global Knowledge Training LLC. All rights reserved. Page 5 Operational Technology (OT) Networks Overview Although OT is a generic term that is often used differently depending on the industry / organization, other terms that fall under OT include: • Industrial Control Systems (ICS) • Industrial Automation (IA) • Process Control Networks (PCN) • Supervisory Control and Data Acquisition (SCADA) Example: SCADA is a subset of ICS and they both fall under OT. Note that these terms are often used loosely.
  6. 6. © Global Knowledge Training LLC. All rights reserved. Page 6 Operational Technology (OT) Networks Overview For the sake of this Webinar we will make the following distinctions between IT and OT for simplicity: • IT refers to systems that primarily deal with the Business and Administrative processes in the Enterprise. • OT refers to systems that are used to manage Industrial Operations as opposed to Business and Administrative operations. Operational Systems include production line management in Manufacturing, Mining Operations Control, Oil & Gas monitoring etc.
  7. 7. © Global Knowledge Training LLC. All rights reserved. Page 7 Operational Technology (OT) Networks Overview Internet of Things (IoT) and Industrial Internet of Things (IIoT) • The Internet of Things (IoT) is a system / device typically embedded with sensors, software, electronics and connectivity to allow it to perform better by exchanging information with other connected devices, the operator or the manufacturer. Extends Internet connectivity beyond conventional computing platforms such as personal computers etc. • The term Industrial Internet of Things (IIoT) refers to systems connecting business systems with automation and control. Just as there is sometimes a fine line between IT and IoT the same is true for OT and IIoT.
  8. 8. © Global Knowledge Training LLC. All rights reserved. Page 8 Evolution of OT Networks in the Enterprise Traditionally OT systems were siloed and were managed by teams dedicated to the OT infrastructure. In recent years Industrial Systems and Appliances have been brought online in large numbers to deliver “Smart Analytics” - using Data generated from the machines to modify and optimize the manufacturing process. Because of the need to capture, process and integrate with Logistics and Business Systems for enterprise use the functionality began to merge with IT.
  9. 9. © Global Knowledge Training LLC. All rights reserved. Page 9 Evolution of OT Networks in the Enterprise IT and OT have always had fairly separate roles within an organization. However, with the emergence of the Industrial Internet and the integration of complex physical machinery with networked sensors and software, the lines between the two teams are blurring.
  10. 10. © Global Knowledge Training LLC. All rights reserved. Page 10 Risks associated with OT Networks OT Networks typically run the Critical Infrastructure that organization depend on to produce a Product or Services. Any impact on OT operations could be financially devastating for an organization. Although the same is true for IT, the impact is greater for OT networks. Disruptions related to these systems could also be devastating to the supply chain of products and services or even cause harm to patients as in the case of the Health Care Industry; not to mention the fallout from the publicity it generates.
  11. 11. © Global Knowledge Training LLC. All rights reserved. Page 11 Risks associated with OT Networks OT Networks have a different set of requirements and challenges that the IT Governance team must address to secure the enterprise. Because of the inherent differences in how these systems operate and the risk factors associated with them, industry had drawn a clear line between what is considered the traditional IT Network (office support systems) and the OT Network that houses the OT/IIoT Systems.
  12. 12. © Global Knowledge Training LLC. All rights reserved. Page 12 Risks associated with OT Networks The Information Technology (IT) Governance team within an Organization must develop a better understanding of OT Networks and must stay abreast of threats associated with OT Environments to assure that the Organization is protected. Organization must put in place Processes, Procedures and Technologies to protect the critical OT assets of the Organization.
  13. 13. © Global Knowledge Training LLC. All rights reserved. Page 13 Challenges faced with OT Networks • OT Networks and Devices tend to use legacy Plant Control Systems often running outdated Operating Systems that cannot easily be swapped out or a custom configuration that isn’t compatible. • Because of the High Availability of Production Schedules, it is often difficult to stop production to upgrade these systems. • OT System are typically upgraded when they are no longer functional for the task at hand. • Industrial environments tend to be more systemic where one small change can trigger a negative domino effect that could disrupt the system.
  14. 14. © Global Knowledge Training LLC. All rights reserved. Page 14 Solutions & Strategies for Securing OT Networks Traditionally OT networks have adopted various Models, Architectures and Systems to secure the OT Infrastructure. An example is the Purdue Model for Control Hierarchy.
  15. 15. © Global Knowledge Training LLC. All rights reserved. Page 15 • The Purdue Model for Control Hierarchy is a common and well- understood Model in the Manufacturing Industry that provides a Blueprint to segments Devices and Equipment into hierarchical functions. • Developed in the 1990s at Purdue University Consortium for Computer Integrated Manufacturing. Solutions & Strategies for Securing OT Networks
  16. 16. © Global Knowledge Training LLC. All rights reserved. Page 16 Solutions & Strategies for Securing OT Networks Models, such as the Perdue Model, are implemented using Technologies such as Firewalls, VLAN and other tools to segment the Infrastructure into hierarchies based on levels of operations. • Some Manufacturers develop Equipment and Devices designed to specifically provide Security in the OT space. • Other Manufacturers have Equipment and Devices with Dual purpose; IT and OT Security capabilities.
  17. 17. © Global Knowledge Training LLC. All rights reserved. Page 17 Solutions & Strategies for Securing OT Networks Specialized OT Security Products: OPshield is an OT Firewall (and related tools) developed by Wurldtech, a GE- owned Company. • Organization specializing in Operational Technology (OT) solutions. • The Firewall is specifically designed to provide protection for Industrial Controls and Critical Infrastructure Networks.
  18. 18. © Global Knowledge Training LLC. All rights reserved. Page 18 Solutions & Strategies for Securing OT Networks Cisco Products designed for OT Networks: Cisco’s line of Industrial Switches designed for OT Networks. Cisco Catalyst IE3300 Rugged Series • Run Industrial Protocols such as Common Industrial Protocol (CIP) – an Industrial Protocol for Automation. • Hardened for harsh Industrial Environments. • Also provide traditional IT Technologies such as VLANs, Port Security, 802.1x etc.
  19. 19. © Global Knowledge Training LLC. All rights reserved. Page 19 Solutions & Strategies for Securing OT Networks Cisco Products designed for OT Networks: The Cisco Industrial Network Director (IND) is a management tools built for managing Industrial Networks. Designed to help Operations Teams gain full visibility into the Automation Network for improved system availability and increase Overall Equipment Effectiveness (OEE).
  20. 20. © Global Knowledge Training LLC. All rights reserved. Page 20 Solutions & Strategies for Securing OT Networks Using VLANs and Firewalls for Securing OT Networks does not provide Micro Segmentation. A major concern for may Organizations is the impact a breach can cause to the Manufacturing lines on the OT Network. • A breach on a VLAN could potentially impact the entire VLAN. • A Breach in a Security Zone separated by a Firewall could potentially impact the entire Security Zone.
  21. 21. © Global Knowledge Training LLC. All rights reserved. Page 21 Solutions & Strategies for Securing OT Networks Single VLAN / Multiple Cells.
  22. 22. © Global Knowledge Training LLC. All rights reserved. Page 22 Solutions & Strategies for Securing OT Networks Multiple VLANs / Multiple Cells.
  23. 23. © Global Knowledge Training LLC. All rights reserved. Page 23 Solutions & Strategies for Securing OT Networks Multiple VLANs / Multiple Cells (Repurposing of Equipment)
  24. 24. © Global Knowledge Training LLC. All rights reserved. Page 24 Solutions & Strategies for Securing OT Networks Micro Segmentation allows VLANs and Security zones to be further segmented to contain potential breaches. Micro Segmentation limits the impact of the breach to a smaller footprint should a VLAN or a Security Zone is compromised. • Micro Segmentation solution must allow for easy deployment of new OT Devices in the production lines (minimal configuration). • Micro Segmentation solution must allow for easy repurposing of OT Devices between production lines (minimal configuration).
  25. 25. © Global Knowledge Training LLC. All rights reserved. Page 25 Solutions & Strategies for Securing OT Networks Cisco TrustSec provides the capabilities to Micro Segment OT network providing enhanced security to compliment the security provided by VLANs and Firewalls. • Dynamically assigning Security Group Tags (SGTs) to the traffic of a device that connects to the network based on it’s identity. • Access Policies can be implemented to limit communication between devices with different SGTs.
  26. 26. © Global Knowledge Training LLC. All rights reserved. Page 26 Solutions & Strategies for Securing OT Networks One VLAN with Multiple Cells with Security Group Tags (SGTs).
  27. 27. © Global Knowledge Training LLC. All rights reserved. Page 27 Solutions & Strategies for Securing OT Networks Cisco TrustSec is implemented and managed using the Cisco Identity Services Engine (ISE). • When OT devices connect to the network, Cisco ISE authenticates the devices and assigns all traffic sent on the network by the device an SGT. • Cisco ISE manages and distributes TrustSec policies. • Switch, Routers and Firewalls enforce TrustSec policies by using the SGT embedded in the traffic.
  28. 28. © Global Knowledge Training LLC. All rights reserved. Page 28 Solutions & Strategies for Securing OT Networks Example of a Design based on the Purdue Model.
  29. 29. © Global Knowledge Training LLC. All rights reserved. Page 29 ACME Inc. Manufacturing Inc. – Mini Case Study ACME Inc. Manufacturing was concerned about OT Network Security. • OT space is secured using VLANs and Firewalls only • No Micro Segmentation in place on the OT Networks • Cybersecurity attack could impact entire Factory • Concerned about the risk of Intellectual Property theft as a result of a Cybersecurity breach
  30. 30. © Global Knowledge Training LLC. All rights reserved. Page 30 ACME Inc. Manufacturing Inc. – Mini Case Study ACME Inc. Manufacturing deployed Cisco TrustSec with the Identity Services Engine (ISE) to Micro Segment their OT Networks using Security Group Tags (SGTs) in addition to the use of VLAN and Firewall Segmentation. Each Manufacturing Cell was completely isolated using SGTs and device in a Cell limited to communicating only within the Cell and to specific Services in the DMZ.
  31. 31. © Global Knowledge Training LLC. All rights reserved. Page 31 ACME Inc. Manufacturing Inc. – Mini Case Study A major challenge encountered by ACME Inc. Manufacturing is the process of classifying a device to place it in a Manufacturing Cell / Production Line. • Cisco ISE has the ability to dynamically profile devices (based on device attributes) in the IT space. • Classification for this OT requirement was based on a “Functional Attribute” and not an Identity embedded in the device. • Example of “Functional Attribute” - “Heat Treat” vs. “Coating”. ** A control device can be used in either a “Heat Treat” or “Coating” Process and typically the Control Engineer makes the determination.
  32. 32. © Global Knowledge Training LLC. All rights reserved. Page 32 ACME Inc. Manufacturing Inc. – Mini Case Study Cisco Industrial Network Director (IND) was considered for the classification process in the design, • Cisco IND includes a Self-Service Portal to assign devices to a group; did not fulfil the customer requirements. • Customer is considering IND for managing Cisco Industrial Ethernet (IE) Switches and other Management functions related to the Industrial Space.
  33. 33. © Global Knowledge Training LLC. All rights reserved. Page 33 ACME Inc. Manufacturing Inc. – Mini Case Study Cisco ISE is extremely flexible. Can integrate with a variety of systems through an Open Standard interface (REST API / PxGrid). Customer worked with a Company that has an IOT Application that was customized for the Classification process.
  34. 34. © Global Knowledge Training LLC. All rights reserved. Page 34 ACME Inc. Manufacturing Inc. – Mini Case Study • Control Engineer uses a “Self Service Portal” to assign an OT device to a Cell –meets customer requirements. • Application was Leveraged for visibility related to Asset Management. • Provides HA of Database. Some features of the Custom Application:
  35. 35. © Global Knowledge Training LLC. All rights reserved. Page 35 Courses Implementing and Configuring Cisco Identity Services Engine v3.0 Introduction to 802.1X Operations for Cisco Security Professionals
  36. 36. © Global Knowledge Training LLC. All rights reserved. Page 36 Learning More GlobalKnowledge.com For additional on-demand and live webinars, white papers, courses, special offers and more, visit us at…
  • HazmyHazemanZulkifli

    Oct. 21, 2020
  • KarthikKrishnamoorth6

    Oct. 21, 2020
  • FernandoSiqueira44

    Jun. 22, 2020

As cybersecurity threats continue to be a top concern facing organizations today, the Information Technology (IT) Governance team must stay abreast in assuring that the organization is protected. The IT Governance team must continually evaluate the risks to the organization and put in place Processes, Procedures and Technologies to protect the assets of the organization. In recent years there has been a shift in the IT landscape related to how technology is used to conduct business. Organizations are connecting Operational Technology (OT) Systems that are involved in the direct production of goods or services (that were once siloed) to the network. While these OT Systems typically run critical infrastructure, they paradoxically often run on aging software and obsolete hardware, which makes them difficult to patch and highly vulnerable to exploits by malicious actors. Cyber Attacks related to these systems could be devastating to the supply chain of products and services.

Views

Total views

2,532

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

218

Shares

0

Comments

0

Likes

3

×