| Blog

Reviewing Security at the IT/OT Boundary

Barely a week passes without news of a new attempt by cyber attackers to compromise critical infrastructure. From major ransomware attacks to attempts to penetrate industrial networks and directly target operational technology (OT), critical infrastructure is in the cross hairs. Now more than ever, organisations need to review their cybersecurity provision.

Like all other industries, critical infrastructure has benefited from digital transformation and the move to Industry 4.0. The benefits of this interconnectivity are game-changing.

However, with benefits come risks. There is a long history of attacks against organisations that deliver critical infrastructural services, and these are becoming more frequent, sophisticated, and targeted. 

Against this backdrop, it’s important to review the type of cybersecurity solution being employed at the IT/OT boundary and the best way to do this is to consider the business need and how best to meet it while mitigating the threat.

Data Extraction

One of the most common requirements at the IT/OT boundary is the need to extract historical data or logging information from the OT network for analysis in the IT network. Data travelling in this direction can be assumed to be “safe” and therefore the primary concern is to ensure that the communication channel itself cannot be used by an attacker to jump the electronic air gap and cross from the IT to the OT network.

Traditionally this communications channel is guarded with a data diode. In normal operation, networked machines are capable of both transmitting and receiving data. When connecting between two networks, one of which is untrusted, a data diode physically removes one of the transmit/receive channels and enforces a unidirectional flow at a hardware level.

This is a great solution to mitigating the risk that the channel can be used by an attacker to get in, but it creates a problem that is frustrating and potentially costly to resolve. With a unidirectional flow enforced in hardware there will necessarily be problems getting data efficiently from OT to IT and knowing it got there. Without a mechanism for reporting back to the sending application that all the data has successfully arrived, the organisation risks losing data. Solving this problem reliably and with the assurance of high availability is frequently complicated and costly. Indeed, the problem of reliably supporting bi-directional communication becomes more significant as we explore some of the other requirements for communication at the IT/OT boundary.

Importing Software Updates

Another common requirement at the IT/OT boundary is the need to import software updates such as Windows/Linux updates and antivirus signature updates. Here again a data diode can be an effective solution in that it ensures traffic can only flow in one direction between pre-configured update servers residing either side of the boundary. However, using a traditional diode, the same limitations make implementation complex and costly. With a unidirectional flow enforced in hardware, it can be difficult knowing that all the updates have crossed from IT to OT and arrived intact.

Importing IT Files

The challenge of managing security at the IT/OT boundary becomes much more complex and nuanced when it comes to importing IT files (rich content of the kind used every day in the enterprise network) from IT to OT or supporting bi-directional application protocols.

Office files, PDFs and diagrams are all essential to the smooth operation of plant and machinery. However, this type of complex data is the carrier of choice for cyber attackers intent on getting malware in and establishing remote command and control channels. Sadly, detection-based antivirus all too often fails to detect malware concealed in this way and another solution must be found.

Deep Secure Threat Removal Plus is an Industry 4.0 data diode, a combined hardware & software security solution designed to address exactly this challenge. At an application level, the Threat Removal Content Disarm and Reconstruct (CDR) process ensures files crossing the boundary are always 100% malware-free. To address the need to support bi-directional protocols, Threat Removal Plus enforces separate unidirectional data flows along with IP breaks to secure the communication channel at a network level. As a further safeguard, each file is verified as safe in hardware logic (something that can’t be remotely compromised or manipulated by an attacker) creating an incredibly small attack surface.

Fortifying the IT/OT Boundary

For organisations that are responsible for the critical infrastructure on which we all depend, the IT/OT boundary has long been a potential Achilles heel. At Deep Secure we believe the risk is best mitigated using Threat Removal Plus, an Industry 4.0 data diode that is equally suited to simple data export/import tasks and to scenarios where bi-directional protocols must be supported and application data must be rendered threat-free. Threat Removal Plus enables to the organisation to fortify the IT/OT boundary, and still enjoy the benefits of Industry 4.0 and digital transformation.

In our next blog we’ll examine how the ability to remotely monitor OT networks from the cloud needs to be appropriately secured to provide assurance that it cannot be used as a vector for attack.

Download our free eBook "Securing Critical Infrastructure from Cyber Attack"

To learn more about Deep Secure Threat Removal Plus, go to www.deep-secure.com/ci or email contact-us@deep-secure.com.

View all posts