Internet security is a key concern of business, and this goes beyond malware and antivirus software protection. IT and production Operational Technology (OT) teams are aware of the cybersecurity obstacles to overcome in order to achieve successful Industrial Internet of Things (IIoT) implementations. Yet, each department addresses those threats with different priorities and requirements.
For IT teams, endpoint security software management demands consistent attention to detail as teams work towards ensuring safe and secure data access for authorised network users. Obversely, constrained by the need to maintain a steady production line, OT teams are wedded to a mentality that dictates ‘if it isn’t broken, don’t fix it’. One example of this dichotomy is seen in the coal industry where ‘quick fixes’ to sensors, machinery and control systems just do not exist and can grind the whole system to a halt, hampering vital production.
In a recent report by consulting group McKinsey & Co., differences in the IT/OT “last mile” have been shown to act as a barrier for companies trying to convert IIoT pilot programs into enterprise-wide deployments, especially when it comes to maintenance management software. Here, the challenge comes in helping the two teams to understand each other’s operational language while using procedure-driven vulnerability management practices adapted to their environments.
Patching over problems
Within patch management, there exists the most obvious differences in the language of IIoT for IT and OT professionals. The purpose of a patch is to close security gaps, correct errors, and extend features as well as functionality of systems. Overall, this ensures security within a network. This is a great starting point to bridge the gap in IT and OT procedures.
For IT professionals, patch management is pursued with vigour. Most notably, this is seen on ‘Patch Tuesday’ when weekly improvements are made to a system’s functionality and security. With an automated software such as a unified endpoint management (UEM) system, patches can be pre-configured and tested, then deployed overnight with systems automatically powered up, rebooted and shut down before users arrive the next morning.
In turn, endpoint users are faced with little to no disruption whilst their regular and new updates avert illegal attempts to access an individual’s device. This is an extremely effective process to guard against persistent cybersecurity threats.
The challenge for OT
In comparison, OT professionals face an uphill battle with patch management. Attacks on industrial control systems rise year on year, usually targeted at disrupting production or for industrial espionage. Whilst the threat is clear and OT staff recognise the need for regular patching, their ability to respond is constrained by complex multi-vendor environments in continuous operation.
Indeed, the average medium-sized industrial plant may have more than 200 pieces of equipment from suppliers using various configurations and protocols. Consequently, OT staff cannot routinely take control systems offline for patching and rebooting when it would disproportionately hamper production.
The output of constrictions on OT staff patching has resulted in a recent SANS study noting that 56 percent of respondents see patching difficulties as one of their biggest security challenges. Likewise, only a mere 40 percent of respondents said they applied patches, dangerously preferring to wait for more complete software updates to justify service interruptions. This results in ‘Patch Tuesday’ being more like ‘Patch Q3’ or ‘Patch November’ for OT staff as deployments need to be planned, tested and deployed way in advance.
Bridging the OT/IT vulnerability management divide
As many analysts have suggested, including IDC and Gartner, IT and OT companies within IIoT must build more cohesive policy-based procedures to mount a viable defence against challenges by providing adequate cybersecurity training and supervision. One way of achieving this is through bridging the language divide. Just take devices in industrial production, these must be recognised as endpoints in a similar vein to PCs and smartphones.
Indeed, many OT devices are already PC-based, giving companies a great opportunity to design uniform safety procedures to identify vulnerabilities at the earliest possible stage.
Here, patch management becomes part of a wider war on system vulnerabilities. For example, by using a UEM system, OT and IT professionals within IIoT can find potential vulnerabilities quickly through being able to discover, map and inventory all network enabled endpoints.
In turn, appropriate patches can be developed for deployment based on network requirements and the severity of the risk, minimising disruption to production. Here, UEM enables improved security measures for a firm working in IIoT.
Now is the time for IT and OT staff to embrace a shared language through shared procedures and policies on IIoT vulnerability management in order to ensure security and enable vital updates across their systems.
Peter Meivers is Senior Product Manager at baramundi Software AG.
- Find the best cloud antivirus here