Protecting industrial operations from cyberthreats should always be top of mind. However, with operations networks being often very complex and cyber threats growing increasingly more sophisticated, it can be difficult to know where to start. Kam Chumley-Soltani recently held a webinar outlining best practices to protect your industrial environment from cyber threats. Kam is a Technical Solutions Architect in Cisco’s industrial IoT group, working with customers every day to help them drive their OT security projects.
In the webinar, Kam recommends a stepped approach towards a mature ICS/OT security strategy, implementing the following best practices:
1. See everything on your industrial network
You can’t secure what you don’t know about. You need full visibility into your industrial network and OT security posture, so you have the information you need to reduce the attack surface, segment the industrial network, and enforce cybersecurity policies. Cisco Cyber Vision gives you real-time, detailed visibility into your industrial assets, their communication patterns, and application flows. It embeds visibility capabilities into industrial network equipment, so there’s no need for dedicated security appliances or to build out-of-band SPAN collection networks.
2. Segment the network into smaller trust zones
Network segmentation is key to securing your network and protecting critical industrial processes. It’s also a requirement of the ISA/IEC62443 security standards. Using dedicated security appliances for zone segmentation requires you to deploy additional hardware, create and maintain firewall rules, or even change network wiring and IP addresses. You can avoid this extra cost and complexity by extending software-based network segmentation policies to industrial control networks. Cisco Identity Services Engine (ISE) works with network switches, routers, and wireless access points to restrict communications as per the defined zones. And it uses groups defined in Cyber Vision to allow/deny communications for each asset and drives collaboration between IT and OT teams.
3. Secure remote access to OT assets
Remote access is key for operations teams, vendors, and contractors to configure, maintain, and troubleshoot OT assets without time-consuming and costly visits. However, many existing remote access solutions create security backdoors or come with many tradeoffs Cisco Secure Equipment Access (SEA) is solving the challenges of deploying secure remote access to operational assets at scale and brings all the benefits of a zero trust network access (ZTNA) solution to industrial operations. There is no dedicated hardware to install and manage and no complex firewall rules to configure and maintain.