What every OT and IT leader should know about protecting industrial control systems and critical infrastructure

From baby food to nuclear power, providing effective cybersecurity for the industrial control systems that underpin the foundation of national critical infrastructure presents a unique challenge. I have been focusing on this area for the past eight years, and in this blog post, my first as a new member of Forcepoint, I want to share why I joined the team to head up the Critical Infrastructure business and explain Forcepoint’s mission.

Over the past 18 months, critical infrastructure asset owners have been challenged by a mushrooming threat landscape coupled with a significant rise in digital transformation and the industrial internet of things (IIoT). Customers are trying to leverage the promise of cloud-driven data services in the industrial space while navigating a landscape that can be overwhelming and unpredictable. We have seen an increase in attacks like NotPetya that expose security challenges in the industrial area including basic controls and practices such as patching. Furthermore, there has been an increase in attack sophistication, such as the Ukraine substation where a multi-faceted attack shut down a distribution load, and the recent Triton/Trisis attack where the attackers successfully demonstrated their ability to shut down a safety system -- the final element of a process protecting human life and safety. Recent attacks have also been seen on manufacturing plants where an insider leveraged trusted access to compromise the manufacturing system of his company and exfiltrate sensitive production data.

So where are we in the industry today and who is responsible? A recent study by the ICS-CERT/NCCIC showed that of the incidents they surveyed, 34 percent were attributed to “unknown” while 3 percent were classified as spear phishing attempts. According to Gartner¹, “By 2021, 70 percent of OT security will be managed directly by the CIO, chief information security officer (CISO) or chief security officer (CSO) departments, up from 35 percent today.” Currently, most companies are struggling to rapidly deploy visibility, detection and response across their plant floor without impacting availability. As CISOs start to take their first steps to gain visibility and to ”do no harm” in their plants, they need to address the “unknown” vector mentioned above, to leverage network tools to build asset information and vulnerability management simultaneously. At the same time, CISOs are challenged with addressing the spear phishing attacks and knowing how their users interact with data in the operational network in order to develop user behavioral context that will help them develop robust security awareness, identity management and privileged access control.

How does Forcepoint fit into this picture? 

Unlike other vendors in this market, we are offering our entire portfolio of behavioral-based cybersecurity products that protect users and critical data to give customers multiple solutions to address their unique challenges.  

Our approach to cybersecurity within critical infrastructure provides the end-user an option to quickly move from visibility to control with Forcepoint NGFW and Forcepoint Data Guard to provide robust network defense and secure segmented network communications. Leveraging defense-grade approaches which are used by top government agencies, customers can deploy a variety of solutions for highly sensitive areas like nuclear and power generation, or meet simple DMZ and remote access requirements. Furthermore, the Forcepoint pedigree of understanding insider threats, or how actors behave once inside an environment to compromise system operations, gives us a unique viewpoint to address ICS challenges where they are most vulnerable—the human point of interaction with systems and data.

These challenges were abundantly apparent at the industrial control systems conference I attended last week, where a presenter asked two questions:

1. “How many of you are concerned with insider threat as the biggest risk to your ICS environment?” 

80 percent of the audience raised their hands.

2. “How many of you have visibility today into your environment to build the forensics to do this?” 

Not one person raised a hand.

It is my team’s mission at Forcepoint to help critical infrastructure customers along their maturity model from visibility to detection and response. This journey starts with understanding the rhythm of users and flow of data at the convergence of IT and OT networks. We will have achieved our goals when everyone’s hands are raised when asked if they have visibility into their environments to make good cybersecurity decisions.

¹Gartner, Inc., 2018 Strategic Roadmap for Integrated IT and OT Security, Saniye Alaybeyi, 3 May 2018