This past July, over 2,400 people gathered at Lansweeper 360, our first ever user conference, to engage in discussions about maximizing the full potential of the Lansweeper platform. One of the sessions explored the new OT Discovery capabilities of Lansweeper, showcasing a new tool designed specifically for discovery, recognition and management of Operational Technology Assets. Paul Veeneman, a Cybersecurity and Risk Management specialist, provided an overview of trends and challenges for enterprise organizations related to tracking, monitoring, maintaining and securing a growing number of OT assets, and how Lansweeper simplifies and streamlines these activities.
Veeneman has more than 25 years of experience with enterprise infrastructure across the finance, healthcare and manufacturing industries, as well as engineering and supporting industrial controls and OT within the critical infrastructure sector. He began his presentation by emphasizing the importance of having visibility across the technology estate.
Learn How to Scan your OT
Introducing Lansweeper OT Scanner
HOW TO SCAN YOUR OTOT Oversight Ramps Up to Combat Attacks
According to Veeneman, historic cyber attacks such as the ransomware attack on the Colonial Pipeline, and in Oldsmar Florida, when a criminal attempted to poison the water supply, demonstrate the potential impact to human safety when OT is compromised. Events like this are being enabled by the increased convergence of IT and OT, which has broadened the attack surface and provides additional attack vectors for bad actors seeking to infiltrate corporate networks.
As governments and industry-standards look to battle this immediate threat to critical services they have focused on the definition of guidance, policies and regulations. These regulations look to advise, enforce and provide oversight of OT security and together provide part of a layered defense for protecting the OT Estate. These include:
- NERC CIP
- NIST 800-53
- ISO 27001, ISA/IEC 62443
- TSA Pipeline
- DHS CFATS
- ISA 99 series
These regulations strive to protect the ever-expanding attack surface. “While there may be boundaries and information protection systems that separate the IT enterprise from the OT, we still need to protect those infrastructure elements,” Veeneman said. “A ransomware attack could take out the administrative controls and systems that preside over OT.”
It’s important to note that all of these regulations have as their fundamental requirement a complete and accurate technology asset inventory – without data about the OT assets that need to be protected, securing them is impossible.
What Is Defense-in-Depth
As OT and IT continue to converge, it’s critical to deploy “Defense-in-Depth,” which is an approach based on the Purdue Enterprise Reference Architecture (PERA). PERA is a reference model for enterprise architecture, developed in the 1990s as a way to define best practices for the relationships between industrial control systems and business networks (i.e. OT and IT).
The PERA model separates the infrastructure into five zones of defense:
- Level 5: External Boundary Internet Firewall
- Intrusion prevention, content filtering, deny-all policies and SIEM logging
- Level 4: Enterprise IT Infrastructure Segmentation, App and Endpoint Security
- Endpoint protection, anti-malware, network IDS, Host IDS and SIEM logging
- Level 3.5: Demilitarized zone (DMZ)
- Firewall Protection
- Level 3: Manufacturing operations systems
- Site, Plant, Supervisory Controls
- Network SIEM, logging, event tracking
- Management and logging of data
- Level 2: Control systems
- Level 0/1: Field Bus and Device-level Communications and Instrumentation
At all levels, a complete inventory of all connected devices is an essential first step. However, Veeneman pointed out that this is no easy task. “We tend to be in a digital fog when it comes to identifying assets,” he said. “About 86% of organizations don’t have visibility into their ICS environment, which has a significant impact on asset management. You can’t protect what you don’t see.”
Challenges of Asset Visibility
IT teams across industries have realized that cyber threats are increasing, and cybercriminals are looking to exploit vulnerabilities in OT and ICS systems. “That’s a dangerous proposition, especially in regions that are dependent on critical infrastructure, which is largely made up of industrial controls and other OT.”
Lansweeper is a leader in IT asset management (ITAM), but the same capabilities are essential for managing OT. The challenge is that the protocols – Modbus TCP/IP, PROFINET and others – were derived from analog protocols operating over wire and signaling, and most of them were simply put inside a TCP wrapper. “The Common Industrial Protocols, or CIP, are largely devoid of any type of encryption, authentication, or authorization from endpoint to endpoint,” Veeneman said. “The standards and the usual ports are open and known not only by engineers, practitioners, designers and manufacturers, but also by threat actors – and they’re vulnerable to a number of different attacks.”
According to Veeneman, it’s critical to be able to identify communication information within industrial controls and environments. It’s also important to have access to information about the devices such as manufacturer, asset model number, firmware versions and more, to be able to take appropriate corrective action.
Learn How to Scan your OT
Introducing Lansweeper OT Scanner
HOW TO SCAN YOUR OTOT Scanner: Complete Visibility Across Your OT
Lansweeper’s OT Discovery capability helps to create the foundation for an ICS and OT Defense-in-Depth strategy and risk management. Easy to deploy and use, the solution leverages a hub-and-spoke distributed model, which enables it to scale for small to large OT and ICS production environments. An intuitive dashboard provides an overview and site list, plus the ability to drill down into granular details about connected OT assets.
Leveraging proprietary discovery capabilities, Lansweeper OT automatically detects and identifies all connected OT devices and systems, such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and other network connected equipment. It collects detailed information about each device, such as manufacturer, model, serial number, firmware versions and more, enabling administrators to plan and manage changes, maintenance and equipment refreshes, and remediate firmware vulnerabilities. In case of a security incident, teams have rapid access to the information they need to isolate and disable impacted devices before damage spreads.
For a complete understanding of the level of visibility Lansweeper’s new OT Discovery tool surfaces, watch the Lansweeper OT webinar. If you want to get started directly, it’s easy to download and setup the new Lansweeper for OT installer.