DATA CENTER IT/OT SECURITY FOR DATA CENTERS FOXGUARD SOLUTIONS 2285 PROSPECT DRIVE CHRISTIANSBURG, VA FOXGUARDSOLUTIONS.COM

Transcription

1 DATA CENTER IT/OT SECURITY FOR DATA CENTERS I N D U S T R I A L C O N T R O L S Y S T E M S FOXGUARD SOLUTIONS 2285 PROSPECT DRIVE CHRISTIANSBURG, VA FOXGUARDSOLUTIONS.COM

2 DATA DENTER IT/OT SECURITY FOR DATA CENTERS In today s data-driven business environment, organizations must ensure that their data center functions at maximum uptime, with an industry goal of five 9 s. The % uptime goal applies to both traditional brick and mortar centralized data centers as well as decentralized data centers located around the world. Enterprise businesses invest billions of dollars across a broad range of Information Technology (IT) and cyber security solutions. However, many still overlook a fundamental risk to the business - system outages caused by a failed piece of Operational Technology (OT) that supports IT functions. When key business systems (e.g., data storage, ERM, CRM, , etc.) become unavailable or unreliable, organizations and their customers are negatively impacted. The list of OT equipment that is needed to maintain continuous IT operations are significant and include Building Automation Systems (BAS), Electric Power Monitoring System (EPMS), Cabinet Power Systems (CPS), Universal Power Supply (UPS) networks, backup generator networks, cooling, and power systems. If not managed properly, any one of these systems can very quickly become the Achilles Heel for a data center. Adding to the complexity, many OT systems do not fit the mold of a contemporary IT security infrastructure, as they were built using older OT proprietary networking technology, not designed for today s interconnectedness. This document is intended to help enterprise organizations understand the potential risks that OT networks have on continual This document business operations. is intended It is also intended to help to enterprise start the discussion organizations about creating a understand holistic cyber security plan the at potential the enterprise risks level in that order OT to mitigate networks the impacts have of on business continual system business outages. operations. It is also intended to start the discussion about creating a holistic cyber security plan at the enterprise level, to mitigate the impacts of business system outages. DRIVERS TO INCREASE OT RESILIENCY AND SECURITY The continual operation of networked business functions drive both resiliency and cyber security concerns for IT and OT systems. Executives have a fiduciary responsibility to provide business continuity through proper information management and security best practices. Recently, Gartner placed a conservative estimate of $300,000 per hour (Lerner, 2014) for a network outage. To reduce the risk of system outages, organizations must ensure that OT isn t the weak link in their business operations. Impacts of a system outage may include; LOST REVENUE Inability to perform transactions, amplified in high transaction industries like finance, banking, retail, and transportation. STAFF PRODUCTIVITY Inability to perform duties during the outage and post-incident clean up. RECOVERY COSTS including compliance fines Legal expenses, fines, 3rd party services, and other remediation requirements. BRAND REPUTATION Potential loss of customers, increased churn, and customer dissatisfaction. Many regulatory requirements assign the burden of protecting a customer s private data at the steps of an organization s executive team. Therefore, executives MUST ensure their organization has a detailed enterprise plan for their IT and OT networks that drives resiliency and security. The implications listed above are well documented in the realm of IT and are quickly becoming as, if not more, important to the teams that maintain the OT infrastructure. 2

3 STATUS QUO NOT SUFFICIENT The if it isn t broke, don t touch it position is no longer viable in today s world of cyber vulnerabilities. The OT systems of today are not only being compromised by chance, but are intentionally targeted. As the risk increases, executives must begin to invest in solutions to protect and build resiliency into their existing cooling and power systems for the N+1 designs. The closed nature of the OT architecture creates a significant challenge, as many systems are designed to provide operational functions for chillers, generators, switchgear, and other control systems. The primary objective in the design of OT components is mechanical and electrical resiliency and longevity, not network connectivity and certainly not cyber security. Over time many OT components have been adapted for network connectivity, however, network security has not been a driving force of the design. As luck would have it, many of these systems did have some inherent properties that helped from a cyber security perspective (e.g., proprietary protocols, security through obscurity, etc.). Additional security measures can be incorporated to decrease the likelihood that a bad actor could successfully penetrate the system, but these properties do provide an opportunity for cyber criminals. Regardless of whether the OT system is new, old, or a combination of both, facilities that support continuous data center operations need to ensure the system is adequately protected against a breach. There are multiple governing bodies, such as NERC CIP, SEC, Sarbanes Oxley, PCI, HIPAA that provide guidance across different sectors (finance, publicly traded, healthcare, and technology companies) and each sector has varying regulations. These variances are why the OT security team needs to start thinking outside of the traditional security box and look for solutions that address the nuances and challenges of an OT system. OT security team needs to start thinking outside of the traditional security box 3

4 DATA CENTER ORGANIZATIONAL ALIGNMENT TO SOLVE OT CYBER SECURITY The cross-functional nature of OT demands that system owners have a single point of ownership for OT cyber security across the entire organization. Security by committee leads to gaps in the cyber armor due to assumptions made on a cross-functional team. Misaligned departmental budgets and shifting priorities lead to deficiencies in risk mitigation when OT security is not controlled centrally by one point of contact. Organizations need to decide which silo best fits the skill sets to manage these investments, and traditionally, Information Security teams are often the first choice. However, an understanding of the control system fundamentals of mechanical and electrical systems are needed to manage the operational risk of these critical systems, which is why the team must involve subject matter experts with extensive experience securing building security controls for OT. OT operations teams have been leading control system risk management for decades and may be the best choice for ownership as they own the networks and the uptime requirements. Information security return-on-investment is challenging due to the asymmetrical nature of the threats and vulnerabilities. Cyber-attacks on OT networks are binary in nature and are not problems, until they are. (e.g., Ukraine Power Attack, WannaCry, TRISIS, Stuxnet) Mission critical data center owners should use risk maturity models to remove risk at a pace aligned with their budgets to improve the OT cyber security over time. Cyber-attacks on OT networks are binary in nature and are not problems, until they are. (e.g., Ukraine Power Attack, WannaCry, TRISIS, Stuxnet) SOLUTION REQUIRES INVESTMENT IN PEOPLE, PROCESS & TECHNOLOGY Once the decision is made to assign responsibility and appropriate the necessary funding to create an enterprise OT strategy, it s critical for the organization to adapt well-accepted risk management models to ensure optimal results. An effective risk management program includes staffing the right people and implementing the best solutions to address high priority concerns. If a Mission Critical system owner is unable to confidently evaluate their system with internal resources, an impartial 3rd party company should be used to evaluate the system and collaborate with the system owner to design the enterprise solution. As the solutions are defined, resource allocation can become difficult. New solutions and programs require additional headcount, which is difficult as there is a labor shortage within the OT and cyber security markets. Companies are increasingly outsourcing opportunities, but most need to adjust their efforts and budgets to align with the new needs. The traditional procurement processes select a low-bid winner that usually has expertise with OT systems or information security infrastructure, but not both. Guidance from vendors is logical, however, it is ill-advised to allow a vendor to single handedly consult on the system design and cyber security solution. The vast majority of traditional IT vendors are deficient in their knowledge of OT security and will turn to the OT system manufacturer to try and understand the security posture of the components. It is important to ensure that the selected partners have an understanding of IT and OT systems and how they differ. Companies must develop right sized solutions that deliver the right people, processes and technology for a scalable and ever changing OT environment. As the cyber maturity program is designed, companies will need to balance resources to find the best solution for their specific needs. Regardless of whether this is handled by adding headcount or outsourcing to reputable experienced companies, there are several must haves in the design. These must haves are often referred to as Cyber Hygiene. These security controls often differ from traditional Cyber Hygiene in IT environments. 4

5 OT CYBER HYGIENE SECURITY CONTROLS Organizations that are committed to a complete OT cyber security strategy should look to incorporate a well-established risk management framework. This will introduce a continuous improvement model for each relevant security control that is implemented against the plan. Once the framework is established, the OT owner must define the security controls to be implemented. Cyber security improvements must balance the associated risk with the required investments in operational and technical capabilities, reaffirming the need to have a single decision maker at the enterprise level. As we have discussed, the nature and design of OT systems ensure that each one is unique. However, there are best practices that are applicable to all systems, regardless of their architecture. Universal best practices include: ASSET IDENTIFICATION Identify the baseline and create a detailed list of all the components and sub-components of OT systems to include all operating systems, 3rd party software, network hardware, and OT firmware patch levels for a mature cyber security program. Show caution when using active scanning methodologies inside critical OT environments to keep operational uptime intact, i.e. do not take a chiller off line while scanning the HMI Operating System for vulnerabilities with an IT security tool. OT SPECIFIC MONITORING Ensure that OT cyber security monitoring tools are engineered to work on fragile and operationally sensitive critical assets. Additionally, the tool must function across ever changing OT networks and recognize a multitude of OT protocols like BacNet, ModBus, LonWorks. VULNERABILITY INTELLIGENCE Target specific vulnerabilities within the most critical assets. Vulnerability analysis and mitigation should be part of a plan, i.e. understanding how WannaCry may impact operations across multiple OT networks in multiple data centers. PATCH MANAGEMENT Create a detailed Patch Management program that includes a defined process and plan for discovery, assessment, validation, and deployment of patching for each asset and OT network within the facility. Patching does not scale in OT like it does in IT and not all things need to be patched with the same frequency due to operational risk. Data centers must continually keep an eye on resiliency and security as the world continues to move into the digital space. The business impacts of a breach or network outage are measured in financial terms, as well as brand reputation. Companies must create a unique strategy that serves their unique network architecture. Although each system is different, there are core elements that apply universally. A complete OT strategy must contain several core elements; ENTERPRISE ALIGNMENT ENTERPRISE COMMITMENT DEFINED RISK MANAGEMENT FRAMEWORK Organizations can leverage those core must haves to develop a program that is scalable and nimble in an ever changing environment. Reputable 3rd party companies brought in as additional resources in the design and evaluation process may provide ongoing assistance. FoxGuard Solutions has over 36 years experience in the Industrial computing market and over 13 years experience within OT/ICS/SCADA cyber security space. We can help your organization navigate these challenges. 5

6 DEFENSE IN DEPTH STRATEGY SECURING IT AND OT ASSETS Protecting IT and OT equipment in critical infrastructure markets takes strategy, planning and layers of defense. Our Sentrigard Security Platform delivers a defense in depth strategy to secure client assets using best in class software and hardware solutions. To make it even easier, our platform is delivered on hardware that has already been configured, set up, tested and is ready to go upon delivery with simplified dashboards. Having a multi-layer plan-of-attack ensures you re tackling this with a defense in depth approach. There s safety in layers. Visit our website and talk to one of our security experts about your cyber security needs. requestinfo@foxguardsolutions.com