Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Industrial Security: Not Just IT and OT, but Old OT and New OT
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach

Industrial Security: Not Just IT and OT, but Old OT and New OT

5 years ago Ray Lapena
Industrial Security: Not Just IT and OT, but Old OT and New OT

Lane Thames, PhD and principal security researcher at Tripwire explains the challenges you might not have considered in IT/OT convergence.

Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnm
Stitcher: https://www.stitcher.com/podcast/the-tripwire-cybersecurity-podcast
RSS: https://tripwire.libsyn.com/rss
YouTube: https://www.youtube.com/playlist?list=PLgTfY3TXF9YKE9pUKp57pGSTaapTLpvC3

Tim Erlin: Welcome to the Tripwire Cybersecurity Podcast. I’m Tim Erlin, vice president of product management and strategy at Tripwire. I am joined by Lane Thames, principal security researcher at Tripwire. Today, we’re going to talk about industrial cybersecurity and the IT-OT divide that we see in the industry. Lane will come at from a security researcher standpoint. I will come at it from a market standpoint. We’ll see where we end up. Welcome, Lane.

Lane Thames: Hi, Tim. Good to be here.

Background on the IT-OT Convergence

TE: Awesome. I wanted to start out with the term “IT-OT convergence.” How did that term surface in the security research space that you’re in, Lane?

LT: Let’s go back the late 90s, early 2000s. When we dealt with manufacturing, we were living in what was called the “third industrial revolution” where we had machines that had computers and controllers. We also had digital technology where we could process signals and such. What happened is folks wanted to start connecting their operational technology (OT) devices—things like sensors, actuators, robots, programmable logic controllers, etc.—to their IT or internet protocol-based networks.

TE: I want to point out what I think you’re saying and make sure I understand it. There was a time where the manufacturing and industrial technology was built, developed and placed in market parallel but separate from what we would traditionally call IT. Is that right?

LT: That is correct. There’s a whole plethora of industrial-based protocols that would speak their own language. Sometimes, it will just use serial communication. For example, their focus was on digital and analog inputs and outputs. And your sensor would connect to a programmable logic controller, which was a very, very simple computer. At most, those devices would connect to machines on the shop floor. And those devices are still connected on the shop floor, but they were totally isolated. They spoke their own language, and there was no way to get data into higher-level analysis outside of what we called sneaker nets—people running into the field with a clipboard, taking measurements, coming back and entering in that information into spreadsheets and such.

TE: I think that’s important because it’s not like these industrial technologies are just showing up now and being introduced to our IT networks. They’ve been around for a long time. So, there’s an established industry there that just happens to have been built very differently from IT.

LT: Absolutely. Totally disconnected from IT. Totally different technologies.

TE: That brings us to this point about convergence, which I think is where you were going.

LT: Right. So, two things are happening right now in terms of this IT-OT convergence. One is retrofitting. We’re taking cheap computer devices like Raspberry PI and interfacing these devices with old equipment.

But on the other hand, you have new equipment that is being built now with ethernet or Wi-Fi already built in. And so over time, as people start replacing their equipment, these devices will still sometimes speak the old languages. They still have to interface with other technologies, but they’re also going to be equipped with a little bit more intelligence and the ability to communicate over the internet.

The Industrial Internet of Things (IIoT)

TE: That brings me to another term that I wanted to throw into the mix here that you see everywhere these days, which is IoT. Where does IoT fit into this trend of convergence?

LT: The Internet of Things (IoT) kind of originated a long time ago—even before we had lots of mini-computers. This was back in the time where flip phones were still the thing but where RFID technology existed. So, the idea of IoT originally originated from, “Okay, we’re going to put these RFID chips on everything, and that way, we can start tracking it.” It was initially a tracking mechanism for inventory, as an example.

Then computing got cheaper and cheaper, and bandwidth got greater and greater. Now we have this idea of building intelligence. When I say intelligence, I’m really meaning computing and communication. And when I say communication, I’m talking about Internet-based communication or IP networking. It got to a point where everything needed to have a computer and a networking capability. That’s where the idea of the Internet of Things evolved.

There’s also another term that we should mention—the Industrial Internet of Things (IIoT). The IT-OT convergence and IoT come together in all the devices that are coming onto the shop floor with computer and Internet-based communication capabilities. That is the Internet of Things pretty much by its definition. The IT-OT convergence exists because of the so-called Internet of Things paradigm.

TE: And the term “IoT” really seems like it’s a modern label for things that were already in existence but have now continued to develop. There have been devices that have a network interface to a physical device that makes a physical change in the environment prior to the emergence of the term “IoT.” I had an OT engineer who categorized IoT as just the cheap consumer version of what he’s been doing for years and years.

LT: I would take it a step further. You have devices that are at the shop level. If you look at what’s called the Purdue Model, you have various levels. These devices on the bottom of the drawing, level zero, are all of the sensors and actuators and equipment on the floor, and they connect to say engineering workstations, HMI (human machine interfaces) and such. They’re connecting over a network, whether it be IP or their original industrial protocols.

To me, one of the things that stands out with IoT is that these future devices might still connect in that way, but there are going to be capabilities for these devices. They’re going to be communicating into the cloud either directly or through a gateway. This is where various newer protocols like Message Queuing Telemetry Transport (MQTT), for example, are going to help shine because we will be able to do that in a secure fashion.

TE: Let’s talk about the technology there for a minute. You mentioned MQTT as the technology that might allow these devices to connect to the cloud directly. What’s the alternative today?

LT: You have your legacy integration that’s kind of following the Purdue Model where everything is separate. All the different networks are separated via firewalls and switching and things of that nature. And the data doesn’t necessarily leave the organization. It flows up and down these levels of the Purdue Model. But this is where you start getting into the IT-OT battles. IT, for example, might want to connect through the different networks to a device for some reason, but then the OT guys might want to be able to send the data from PLC controllers up to say their ERP (enterprise resource planning) systems for manufacturing optimization purposes.

Right now, that’s being done via opening firewalls and stuff and allowing this communication. But it’s very complex just because of how the systems are involved, just because of the complexity of the network. And it’s not scalable. So, you might have 500 devices on your floor today, but in 10 years, you’re going to have 50,000 that are potentially communicating. And so that’s the other option.

Going back to your question, it’s like the wild west right now. Anytime something new arises, you have a lot of folks that are offering various gateways. The gateway will ship it into the cloud, but it’s usually on a per-vendor basis. So, the idea of something like MQTT is a big idea in the advanced manufacturing space. It’s not vendor neutral; it’s a unified and open architecture.

TE: That brings us back to that challenge of the convergence, not just of IT and OT but also of old OT and new OT. If you want to think of it that way, MQTT isn’t suddenly going to show up on those devices that you installed 10 years ago. You’re going to be stuck with a mix of approaches until you fully modernize that plant floor or that manufacturing facility.

LT: I think it’s going to stay that way forever. We know for a fact that the cloud is forever going to be hybrid, right? Organizations are going to have legacy systems, and they’re going to have cloud systems. And that’s why we call it “hybrid.” I personally believe that this IT-OT convergence is going to be hybrid at least for the next 20 years.

Security Challenges of Managing Legacy Environments

TE: Given that we have this future that’s hybrid, how are you seeing security professionals dealing with legacy environments today? What are the trends and complications there?

LT: They’re fairly significant. So, you have all these folks that are just buying whatever kinds of devices they can find to solve their current problems. That’s in addition to the new devices we have that are coming in. The problem is inventory, you know, visibility. How do we know what’s out there? And then, how do we know what kind of weaknesses they have?

What’s going to happen, and where the security problem lies, is when the malicious actors penetrate the top level of the Purdue Model—our enterprise IT systems. And then they work their way down through the networks and gain access to these devices on the shop floor. And this is a huge problem because one thing we haven’t really mentioned are really the priorities in terms of security when we talk about devices on the floor, the shop floor. Safety and availability are the two main drivers. And so, the security concern here is not so much that they can hack into the device. The data that’s down there, living on these little devices, is insignificant. It’s misconfiguring the devices so that they screw up a real-world process and damage equipment or even cause of death or harm to people.

When we talk about security, what I constantly want to say is making sure your IT systems are safe and secure is priority one. That is their entry to the networks. And then, you know, as an industry, we’re learning about OT. How do we solve the security problems? It’s a very complex environment. You can’t just update software. The biggest thing is scale. Today, it might be 500, but in five years, it might be 50,000. How do you deal with that scale? These are going to be some challenges that we’re going to have to address and find new, innovative solutions for.

TE: Well, Lane, it seems like we didn’t come up with any solutions here, but we certainly covered the problems in interesting ways. There’s a lot more to talk about as we move forward. So, I really appreciate you spending the time with us. I hope it was interesting for all the listeners. Thank you. Please tune in for the next episode of the Tripwire Cybersecurity Podcast.

The post ” Industrial Security: Not Just IT and OT, but Old OT and New OT” appeared first on TripWire

Source:TripWire – Ray Lapena

Tags: Cloud, Critical Severity, TripWire

Continue Reading

Previous The Winds of Change – What SolarWinds Teaches Us
Next 3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails

More Stories

  • Cyber Attacks
  • Data Breach

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

10 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

10 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

13 hours ago [email protected] (The Hacker News)
  • Data Breach

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

15 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

17 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

20 hours ago [email protected] (The Hacker News)

Recent Posts

  • Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
  • DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
  • China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
  • Orchid Security Introduces Continuous Identity Observability for Enterprise Applications
  • The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT