what we see here is the overall OT Security landscape and in this webinar we want to cover uh the overall infrastructure security that can span across your ip your iot and your operational technology what we’re seeing here uh especially with the ip security that that currently majority of the companies have adopted to is just the tip of the iceberg there is a big depth of operational technology security out there which is still unknown most of the companies still find it as a wild west because of various reasons and it will be an interesting way how these two merge together and that’s something that we uh provide to most of our customers and uh glad to be part here having this conversation with you uh trying to exchange some thoughts more about the operational technology space uh how the critical infrastructure how the cyber physical systems are closely connected and getting connected with the ip environment and what are the implications challenges that we see and how do we overcome that so it’s an interesting topic and uh personally my favorite one uh so with that uh directly diving uh deep into uh what what do we have so nist has been working uh you know extensively on building the uh cyber security framework for many years now uh however the most recent one uh due to the large attacks that we have seen especially in the united states uh you know requires this you know requires this attention that is uh that is uh you know that’s the topic of the r uh today uh where the nist cyber security framework uh you know globally covers uh you know main uh five main areas as we put it so while there is uh the whole uh aspect of what does the confidentiality to our data look like where is our information what does the integrity of our data look like and where is how how do we maintain the availability personally when we look at cyber physical systems we see that yes there is confidentiality to the data that is being sent out with the ip the information that is required is important but also most importantly when we talk about operational technology it’s the availability that is critical to us so when we talk about the availability it can have direct implications towards the physical access to those systems uh they are generating or they’re actually responsible for day-to-day operations and any cyber attacks on those physical systems can uh negatively impact the businesses have caused downtime uh i mean recently we had seen about a year and a half ago pemex one of the largest uh companies working on critical infrastructure in mexico had about two weeks downtime they had to pay almost five million dollars in ransom and they also uh ended up losing their productivity for over two weeks and there are several several instances as that most recently i was reading today where aws has a major outage that’s causing several amazon and related sites and businesses to uh stop still for a few hours losing millions and millions of dollars so looking at all these things uh what we see when we talk about uh cyber security framework especially building a profile is to have two main uh you know two main footprints or blueprints uh where we we kind of look at uh you know what does our current profile look like and what should be our target profile uh that we will be building and how do we how do we customize that to our business now uh there is no uh you know based on based on uh i think the experiences that the industries have today there is no specific template that the csf mandates or guides it actually gives the guidelines the best practices that can be customized to individual organizations based on how their infrastructure is laid out based on how their network topology is what kind of iit and ot integrations they have today so with that starting with the first step it’s critically important to ensure uh uh where and how do we look at uh you know what is the identification so what is what what are where and how our assets uh are identified so now this is a continuous process the first thing to know is what is out there that we know or we do not know maybe there is something there are some attack surfaces that has been existent for years and we just do not have the existing controls or do not have the existing skills uh within the company uh to actually look at specific areas how these uh you know how these assets respond to potential intrusions or potential data explorations or anything that is related to a potential attack let’s say uh so the most important thing that uh the the cyber security framework guides is to be able to identify uh conduct a risk uh mitigation process so a risk assessment followed by the risk mitigation where uh i’m able to identify understand what exactly is my vulnerability where is my attack surface today uh what does uh you know uh basically talking about uh what is the risk appetite that our businesses have and then scoring those risk appetites based on the criticality or the severity of the information that we identify now this has been an existing uh for years or for decades in i.t but the most important thing is when i look at industrial or operational technology there are top three things that come into picture one is the protocols that are actually used to communicate between or communicate by these industrial purpose-built devices they may be using legacy protocol some of them using proprietary protocols which are very vendor specific now how do we know that some of those protocol level vulnerabilities are not exposed identifying what assets are in the system so most of the second point is to understand how many assets are that are out there which are connected we might have uh you know our operational technology air gap for the most part of it but even with an air gap network there’s always internal activity connectivity that will require an access to some of these endpoints what do we have on the endpoint security how are when we are moving into the digital transformation how are we looking at network security assessment of these operational technology uh rolling out the mitigation plan rolling out what kind of templates we have so those are the two top two important things when we conduct the vulnerability management when we conduct the risk mitigation process and then we all uh you know we all understand that once we identify and build the specific priorities that are there uh we need to have necessary protection mechanism so this is where we bring in a specific monitoring technique so once you identify what are the top three or four critical things that we have to identify in our official technology network and how many of them are you know interacting with my existing id or how many of them are still air gap so there has to be a baseline that we will they recommend building so once the baseline is built the most important aspect of that of what nist recommends is to isolate the part of the network that does not require or maybe that’s critical to operations what are the different controls we can see it later but these are some of the things that uh they recommend having uh specific segmented networks at layer 0 layer 1 layer 2 and above until 3.5 where you have your dmz and your ip comes into picture but within this operational technology creating an incident management program so the incident management program detects whether or not we have the baselines that we’re conducting regular audits we need to have a continuous monitoring process do i have sufficient anomaly detection process that is important is my operational technology led by threat intelligence driven which is which is now driving my cyber security for you know overall my cyber security incident management and response program and then most importantly when we talk about while detecting itself nist also mandates that when building a profile it’s very important to map these profiles to its relevant compliance metrics so what does nigel existing company compliance look like what does my organizational risk posture look like how do we apply the compliance and make sure that my existing incident response plans and whatever incidents that our systems are generating in our operation center how are we mapping it with the uh you know with the policies with the compliance metrics and then be able to respond to any kind of breach with the playbooks that we have in place so this is where we see when we are responding remediating and recovering this is where we see quite a lot of you know attack remediation techniques mitre attack frameworks that come into play which gives us a full kill chain of how the initial how the cyber threats start from reconnaissance all the way to your exploitation phase uh how exactly are these different techniques that are focused on the adversaries what do we need to have in place to address them and how do we build our playbooks which are specific to our network so this is something that uh you know in a few minutes to discover what exactly the cyber security framework for manufacturing profile covers