How modular product expansion supports organizations as OT security programs mature.
Leaders and boards of industry organizations want to understand current risk profiles and whether a recently disclosed vulnerability puts the organization at risk. However, OT cybersecurity is less mature than IT cybersecurity. Most industrial organizations are still in the early stages of improving their OT asset inventories, relying on manual approaches to risk identification, prioritization, and remediation. OT cybersecurity maturity can also vary significantly from site to site within a large organization. Hexagon finds that OT cybersecurity can be grouped into three general stages: visibility, vulnerability, and comprehensive OT security and risk management. Hexagon’s PAS Cyber Integrity™ provides a modular solution that provides these capabilities and can expand as OT security needs evolve.
Step 1: Visibility
Obtaining an accurate and detailed inventory of OT assets is key to improving OT cybersecurity maturity. It is also a prerequisite for cyber vulnerability and OT risk management, meeting internal and external compliance requirements, understanding potential attack vectors and investigating incidents.
Cyber Integrity – Inventory provides unmatched industrial control system discovery and topology mapping – down to Tier 0 devices – without passive network discovery limitations or active network polling risks.
- Automatically discover IT and OT assets (Tier 3 – Tier 0) for over 120 multi-vendor OT systems.
- Maintain a complete hardware and software inventory of computer and OT systems, I/O boards, firmware, applications and all custom data.
- Identify compromised endpoints, their relationships and connections to other endpoints, and their role in the process.
Step 2: Vulnerability
With a full inventory of OT assets in place, vulnerability management is the next step. Identifying and remediating known vulnerabilities is one of the best ways to reduce critical infrastructure risk. However, despite many known vulnerabilities for industrial control systems, OT teams often struggle to identify vulnerabilities.
Cyber Integrity – Vulnerability Management understands inventory management and identifies and assesses hidden vulnerabilities in industrial infrastructure.
- Automatically compare and assess the latest vulnerability information from the US National Vulnerability Database (NVD) — and augmented by PAS cybersecurity analysts — with inventory data to identify OT assets with vulnerabilities likely to endanger production systems.
- Get a centralized, unified view of current patch levels across all managed cyber assets.
Step 3: Comprehensive OT security and risk management
With a detailed and accurate inventory of OT assets and operational vulnerability and patch management in place, the final stage of maturity is to enable capabilities for comprehensive OT security baselines, configuration management, policies and workflows to manage compliance.
Cyber Integrity – Business includes inventory, vulnerability and patch management, and adds in-depth OT asset configuration management from Tier 3 to Tier 0, comprehensive cybersecurity configuration baseline, configuration change detection unauthorized access, workflow-focused vulnerability remediation and incident response, risk scans, compliance workflows, and backup and recovery reporting and support.
- Track configuration changes against established baselines.
- Establish configuration policies to monitor unauthorized changes to control policies, device inventory, asset configuration, and logic and graphics files.
- Enable workflows and documentation for vulnerability remediation and compliance with NIST, ISA/IEC 62443, NERC CIP, ISO 27001/2, NIS directive and other regulations.
- Capture full configuration backups to support in-depth forensic analysis and speed recovery in the event of the worst-case scenario.
Built for today and tomorrow
Cyber risk to critical infrastructure and process industries is greater than ever. Digitization projects and remote working have expanded the attack surface. Cyber Integrity’s modular licensing and deployment capabilities provide the flexibility to meet today’s needs and expand to support future needs as sites progress through their OT cybersecurity maturity.
Hexagon is a world leader in digital reality solutions, combining sensors, software and autonomous technologies. Hexagon leverages data to improve efficiency, productivity, quality and safety in industrial, manufacturing, infrastructure, public sector and mobility applications.
The company’s technologies are shaping production and people-related ecosystems to become increasingly connected and empowered, ensuring a scalable and sustainable future. Hexagon’s PPM division enables its customers to transform unstructured information into an intelligent digital asset to visualize, build and manage structures and facilities of all complexities, ensuring safe and efficient operation throughout the life cycle.
Hexagon (Nasdaq Stockholm: HEXA B) has approximately 21,000 employees in 50 countries and net sales of approximately €3.8 billion. Learn more at hexagon.com and follow Hexagon @HexagonAB.
Read the article online at: https://www.hydrocarbonengineering.com/special-reports/21062022/a-three-step-approach-to-ot-cybersecurity/
Hydrocarbon Engineering is not responsible for the content of external websites.