Our Videos

Audio Transcript A lot of folks have and we’ve seen over the past years that it tools have been out there for 15 20 years and they’ve continuously evolved and developed but the rit security tools typically aren’t going to help you are not best coveraged are not best designed to cover your ot and iot networks and here’s a quick breakdown of why the next slide will explain just a little bit more as well so we’ve all seen that that triangle picture of the the CIA trad that talks about confidentiality integrity and availability on the it side of the house the priority is keeping that data confidential keeping it protected as well as then making sure the priority list goes in down order confidentiality is number one the integrity of that data is number two and the availability to have that that data available to you is number three the third most important thing when you start to look to the ot environment that actually flip-flops integrity still be in the middle but the availability having mission having actually the system itself especially the water wastewater side having the the system be 24/7 accessible having the availability to always be there and be able to be used is number one priority integrity still comes at number two and then confidentiality keeping that data protected it comes in a number three and then you actually see on the iot side of the house the integrity so iot side being more um sensors what have you that’s actually just reporting data back and you need to have of course if it’s data that’s coming back in you need to make sure that data is in fact valid and accurate so you see integrity being number one availability and confidentiality so it’s pretty much turns itself on its head and reverse the roles.

Audio Transcript So the 10-point EPA cybersecurity checklist is largely around uh these are the key things that they’ve called up uh the most important thing is to audit your IT systems and I identify vulnerabilities uh like utilities most ot and other networks many folks don’t know what connected infrastructure that they have that has been laid out in those networks largely because they have been there for the last 20 15 to 20 years or maybe earlier right so knowing what is on that network what those assets are what vulnerabilities what you know what vulnerabilities exist on that on those assets and how those vulnerabilities can be uh you know exploited is a key uh is the first step that the EPA prescribes the second one is to make sure this is an easier one uh all it systems that connect to that ot network have to be patched have to have the latest antivirus and anti-malware updates. EPA cybersecurity checklist all right uh always make sure i mean alerted if that is not the case right uh all patches are installed on i.t systems. But do you know they don’t specifically call our to systems but that is a fundamental reason why they don’t do that is many times patches are incompatible so if you went to a higher patch this you know the process control systems that interact with that asset may not interact with them so they have not specifically stated ots but it’s for sure they won’t have wanted to be patched uh they have I mean this is a relatively new document so they do uh identify that remote access EPA cybersecurity checklist secure remote access is a critical need so the ability for you know your technicians your operators to connect into that ot facility or into that water plant facility and work or rectify issues as they see is critical but when they when that connectivity is made it should be as secure as possible right uh one of the key ways of doing that is segregating your control axis and you’re other it networks so when you’re talking control access is your ot network making sure that the EPA cybersecurity checklist is followed. What does the EPA cybersecurity checklist mean for the IT Department? I mean there is no easy way of hopping into from the i.t world into the ot world there has to be you know an identity an access management system or some kind of a gate that uh that is you know that is preventing anyone or anything from coming from the id world into the ot world okay uh constantly monitoring your network for suspicious activity right uh so this means uh looking at all the traffic that is typically many of the ot systems you may not be able to actually get uh antivirus or an anti-malware you know solutions on them are unlikely because they’re sometimes very small constraints being you know things like plcs or controllers uh they don’t necessarily run an operating system that is conducive to running or running an anti-virus or an anti-malware right so you may want to actually monitor these systems primarily on the network to see what is going in what is going on how are they behaving? The EPA cybersecurity checklist all right uh always make sure i mean alerted if that is not the case right uh all patches are installed on i.t systems but you know they don’t specifically call our to systems but that is a fundamental reason why they don’t do that is many times patches are incompatible so if you went to a higher patch this you know the process control systems that interact with that asset may not interact with them so they have not specifically stated OT but it’s for sure they won’t have wanted to be patched uh they have I mean this is a relatively new document so they do uh identify that remote access EPA cybersecurity checklist secure remote access is a critical need so the ability for you know your technicians your operators to connect into that ot facility into that water plant facility and work or rectify issues as they see is critical but when they when that connectivity is made it should be as secure as possible right uh one of the key ways of doing that is segregating your control axis and you’re other it networks so when you’re talking control access is your ot network making sure that the EPA cybersecurity checklist commands are they descending baselining that behavior and then looking for deviations against that behavior right uh to notice if there’s some uh uh especially to identify there’s some kind of you know attack or some kind of a malicious code being executed in that network application white listing um so this is this goes beyond segregation of network so today uh while the EPA says you segregate the network so that you have specific VLANs uh so uh the VLANs themselves could have systems could have multiple systems that are all talking to each EPA cybersecurity checklist other if you know any system is on a wheel and they today what we’re seeing is a large number of them I mean they can basically communicate to each other on any service that exists so application whitelisting goes to their degree of something like micro segmentation where you are actually specifying that there are only certain applications that can communicate with different assets within the network and going to that granularity and stating that these services at these times can only talk to these assets right uh physical security of all your it equipment and your equipment is a key consideration that they have put together largely because if you i mean there have been numerous studies around throwing USB sticks on i mean on the ground you throw 10 USB sticks six of them find

Audio Transcript so if you look at those 10 different uh checklist items that the EPA recommends they largely fall into four categoriesin what we call converge uh IoT, IT, and OT cybersecurity solutions right and the first thing is the ability to discover everything on your network so whatever solution that you have and sector does this really very well is to do this in a passive way so todaymany of those ot or process control networks don’t necessarily I mean they don’t necessarily know not many peopleknow what is necessary what is there on the network and if you look at an i.t asset visibility software. It looks uh they do it in a very intrusive manner they actually ping the device they try to figure out information from the device and that’s what we call active discovery active discovery is not necessarily something that works very well in the ot space and what we need to do is something called passive discovery and ot solutions are you know very good at passive a discovery so without actually hitting the network just by looking at the network traffic what is coming out of those devices and how they’re communicating the ability to classify the device and say okay this is that device this is the os and operating system and this is the firmware or firmware that’s running we also see that it has some kind of antivirus and that antivirus is of this date, uh the system itself is uh end of service or end of life and listing out. This is why we recommend, Sectrio converged IoT, IT, and OT cybersecurity Solutions to all. All the particular vulnerabilities that exist on the system is what good ot systems do so it gives you the lay of theland of what you are trying to protect uh who what assets exist out there how are they communicating with each other uhuh which services are they using what protocols are using and when you notice the protocols you also understand whatnetwork level attacks could occur and hence because the protocol themselves are so old that they have vulnerabilitiesthat could be exploited so it gives you a good, uh you know attack surface of your complete ot net uh uh ot network andthat is the first step even the EPA is basically suggesting right in terms of discovery of your whole network knowingyour assets and your vulnerabilities once that is identified you are trying to mitigate or reduce that attack surfaceand the way you do that is through VLAN segregation. The EPA calls it specifically of segregating your enterprise your control system networks and your mobile networks but they also go and make recommendations of whitelisting and things like so the ability to micro-segment that network non-intrusively without many of these networks containing unmanaged switches so it’s not easy to deploy a VLAN solution without actually pulling out equipment that already exists. So you may want to actually put an, I mean a lot, IT, and OT cybersecurity solutions that are capable of segregating or micro segmenting the network to the degree that you can go out and identify the device the service and say hey this particular asset talks to this asset only on this particular service and that is the micro segmentation, uh piece that needs to go in the third piece isobviously the detection piece uh today a lot of ot cybersecurity solutions are looking for what we call tags or processcontrol commands that are going on from specific programs or assets uh that are trying to. For example change uh the state of a valve right to open or close or change the pressure sensors or you know or some actuator down the line in the water utility uh now that if there is you know a tag that is going out which type is not seen on you’re seeing athe new file is downloaded on any asset all of those are what normal ot cybersecurity solutions do but they are all post factoin the sense that uh you will see um a bad tag or an attack trying to exploit a vulnerability only after malware hasactually, come into the network right uh so when we are talking about detection in IoT, IT, and OT Cybersecurity solutions. What to look for in IoT, IT, and OT Cybersecurity solutions? when you’re looking at ot cybersecurity solutions the detection you need to also look at signatures and heuristics and these are patterns that we are matching for specific malware before they actually enter into the network and able to flag that off we are not necessarily waiting for that. Malware to get residents into the network and then when it is trying to instrument and do something in the network you’rebasically detecting it by then you’re already too late so the ability to detect that uh whole you know attack vector asit occurs or indicator of compromise as it as it’s occurring is a very key differentiation that most folks need to lookin in an ot solution and the third thing is remediation or playbooks so once you’ve discovered an attack once you’vediscovered a vulnerability of you know the IT – OT cybersecurity solutions world the while the networks are converging the folks and the skill sets are yet to converge so uh IT folks don’t necessarily know what needs to happen on a multi in the north network toremediate any of the vulnerabilities or remediate any threats without actually I mean the risk is to actually impact. The process or the control that is running their water utility and the OT cybersecurity solutions folks don’t necessarily know enough about you know IT or OT cyber security Solutions to even say that okay this is uh this is a known attack so where you need the playbooks and the remediation plans and the sop standard operating procedures that the EPA is basically suggesting I have to be

Audio Transcript Ao just a quick overview of jumping right into it who is sectrio so we’re actually a division of Subex. Subex is a publicly-traded company we’ve been in the industry for over 25 years build multiple different patents we have almost a thousand employees so we’ve been heavily involved in the security and fraud management aspects working with over 180 different companies 180 different customers globally on the telecom space over the past three to five years we’ve been slowly evolving a new product to focus specifically on OT and IoT cybersecurity converged network security specializing also in 5g but as well as threat intelligence and one of the cool things about us is our threat intelligence is so advanced we have one of the world’s largest IoT ot honeypot networks

Audio Transcript So what are some of these threats that are impacting specifically the water and wastewater facilities um I’ll start at the 11 o’clock position and make my way counterclockwise so ransomware is one of the cornerstones that the hackers use to monetize these efforts? it’s no surprise that year and year the actual monetization and fees demanded to get data back or get passwords back or increasing exponentially but also you’re starting to see a little bit of espionage and issues with remote connectivity so covid has ushered in a new era of work from home and that’s also remote connectivity for the water and wastewater facilities for remote management remote sensors what have you but every time you have a different connection being remote it actually opens up another potential threat vector and so those are starting to be exploited if they’re not secured point to point SCADA attacks are increasingly on the rise SCADA systems typically are in production for 10 to 15 years plus and takes multiple years to replace those systems very costly very time consuming as these systems that weren’t originally designed to come online are now starting to come online. This is opening up a whole slew of different problems some that can be patched some that can as you’re starting to see is the lowest entry point also be on the actual SCADA networks themselves phishing attacks it’s self-explanatory that’s one’s always been out there even on the i.t side of the house trying to get users data passwords spoofing attacks via emails typically the most common method there but the last two attacks on command center so this is the command center where you can orchestrate all the different parameters inside the water wastewater utility the chemical levels what have. Similarly related the valve controls in order to increase the pressure of potential elements or release water or potentially release chemicals as you saw in the Florida attack as well so all these different things are starting to concatenate of potential threats they’re impacting the water and wastewater facility and actually those are actual those can have catastrophic effects to where it can actually kill people um so that’s definitely something that is definitely on the top of the federal government’s notice watch list for critical infrastructure.

Watch this video and learn more about the Geographical Distribution of Cyberattacks and solutions to help you mitigate these threats from sophisticated cyberattacks

Watch the video and Learn more about the Key Advanced Persistent Threat APT Detection and solutions to help you mitigate APT threats