so if you look at those 10 different uh checklist items that the EPA recommends they largely fall into four categories
in what we call converge uh IoT, IT, and OT cybersecurity solutions right and the first thing is the ability to discover everything on your network so whatever solution that you have and sector does this really very well is to do this in a passive way so today
many of those ot or process control networks don’t necessarily I mean they don’t necessarily know not many people
know what is necessary what is there on the network and if you look at an i.t asset visibility software.
It looks uh they do it in a very intrusive manner they actually ping the device they try to figure out information from the device and that’s what we call active discovery active discovery is not necessarily something that works very well in the ot space and what we need to do is something called passive discovery and ot solutions are you know very good at passive a discovery so without actually hitting the network just by looking at the network traffic what is coming out of those devices and how they’re communicating the ability to classify the device and say okay this is that device this is the os and operating system and this is the firmware or firmware that’s running we also see that it has some kind of antivirus and that antivirus is of this date, uh the system itself is uh end of service or end of life and listing out. This is why we recommend, Sectrio converged IoT, IT, and OT cybersecurity Solutions to all.
All the particular vulnerabilities that exist on the system is what good ot systems do so it gives you the lay of the
land of what you are trying to protect uh who what assets exist out there how are they communicating with each other uh
uh which services are they using what protocols are using and when you notice the protocols you also understand what
network level attacks could occur and hence because the protocol themselves are so old that they have vulnerabilities
that could be exploited so it gives you a good, uh you know attack surface of your complete ot net uh uh ot network and
that is the first step even the EPA is basically suggesting right in terms of discovery of your whole network knowing
your assets and your vulnerabilities once that is identified you are trying to mitigate or reduce that attack surface
and the way you do that is through VLAN segregation.
The EPA calls it specifically of segregating your enterprise your control system networks and your mobile networks but they also go and make recommendations of whitelisting and things like so the ability to micro-segment that network non-intrusively without many of these networks containing unmanaged switches so it’s not easy to deploy a VLAN solution without actually pulling out equipment that already exists.
So you may want to actually put an, I mean a lot, IT, and OT cybersecurity solutions that are capable of segregating or micro segmenting the network to the degree that you can go out and identify the device the service and say hey this particular asset talks to this asset only on this particular service and that is the micro segmentation, uh piece that needs to go in the third piece is
obviously the detection piece uh today a lot of ot cybersecurity solutions are looking for what we call tags or process
control commands that are going on from specific programs or assets uh that are trying to.
For example change uh the state of a valve right to open or close or change the pressure sensors or you know or some actuator down the line in the water utility uh now that if there is you know a tag that is going out which type is not seen on you’re seeing a
the new file is downloaded on any asset all of those are what normal ot cybersecurity solutions do but they are all post facto
in the sense that uh you will see um a bad tag or an attack trying to exploit a vulnerability only after malware has
actually, come into the network right uh so when we are talking about detection in IoT, IT, and OT Cybersecurity solutions.
What to look for in IoT, IT, and OT Cybersecurity solutions?
when you’re looking at ot cybersecurity solutions the detection you need to also look at signatures and heuristics and these are patterns that we are matching for specific malware before they actually enter into the network and able to flag that off we are not necessarily waiting for that.
Malware to get residents into the network and then when it is trying to instrument and do something in the network you’re
basically detecting it by then you’re already too late so the ability to detect that uh whole you know attack vector as
it occurs or indicator of compromise as it as it’s occurring is a very key differentiation that most folks need to look
in in an ot solution and the third thing is remediation or playbooks so once you’ve discovered an attack once you’ve
discovered a vulnerability of you know the IT – OT cybersecurity solutions world the while the networks are converging the folks and the skill sets are yet to converge so uh IT folks don’t necessarily know what needs to happen on a multi in the north network to
remediate any of the vulnerabilities or remediate any threats without actually I mean the risk is to actually impact.
The process or the control that is running their water utility and the OT cybersecurity solutions folks don’t necessarily know enough about you know IT or OT cyber security Solutions to even say that okay this is uh this is a known attack so where you need the playbooks and the remediation plans and the sop standard operating procedures that the EPA is basically suggesting I have to be built into that OT cybersecurity solution essentially for them for you to instrument uh you know solutions or remediations on the network as and when you see uh things occurring without the risk of actually taking the process down the right and to do it at a low.
I mean uh low-risk situation and to do it consistently and make sure that uh you know it’s effective uh so that’s where
playbooks come into the solution those playbooks have to be uh I mean specifically designed and orchestrated for that
particular utility because not only all utilities are different many there are different you know uh OEM or suppliers of
different equipment also every uh you know uh every utility has their own code running it because they runoff
programmable logic controllers and by you know by nature it’s the program that runs on that uh controller.
That makes yeah you know that controller behavior it’s not the same as having a windows machine but you know knowing the specific code so uh orchestrating and basically implementing that playbook specific to that network so that if you are able to
not create a response plan implement a standard operating procedure and make sure that there’s uniformity and very
low risk to actually impact the control system is a key critical component.