Security and uptime through design
IT4A believe security is now (or should be) at the heart of every OT network design; especially when considering Critical Infrastructure project. IT4A OT network designs implement device features to mitigate the impact of a recognised threat.
Risk Based DesignA product with a fantastic feature set that has an environmental limitation of 40°C max operating temp may seem a great choice when deployed in a data centre or office. However, when installed in a roadside enclosure that can exceed 60°C in direct summer sun – not such a good choice. Our aim as OT network designers is to understand and mitigate risk to an acceptable level. Acceptability is derived from the ‘appetite for risk’ of the asset owner preferring to carry risk normally to reduce cost. Making design decisions on the basis of risk mitigation allows design challenges based upon cost or otherwise to be batted back with a reason based upon agreed and hopefully documented business need. Getting security right from the start allows high availability features to be designed in with confidence.
Why are some products more expensive?How many people actually know why a particular network design was implemented or a particular product selected? It is IT4A’s experience that, across many OT industries, an industrial network product’s feature set has been made largely irrelevant by an overwhelming desire to achieve connectivity requirements at least cost and/or investment in deployment. Where least cost is not the driving factor, selection criteria tends to be brand related or managed vs unmanaged. The features supported by these managed devices are rarely understood and even more rarely deployed and then managed. The consequence is a significant proportion of industry relying upon good fortune alone for their Cyber protection. IT4A’s mission is to help it’s OT customers build better automation networks. We achieve this by adopting best practice promoted by independent sources such as the National Cyber Security Centre and having highly skilled and experienced OT network engineers cleared to SC that understand OT systems and practices. What follows is a little ‘Off Piste’ but hopefully is explain why, and more specifically where, design £££ (or €€€) are best spent. We look at the network from the perspective of the assets it serves; we make design decisions based upon the need of the application and the environment in which it resides.
Asset IdentificationThis is your list of systems or devices you are trying to protect. Assets can be classified in groups, understanding and classifying where assets connect to the infrastructure enables their security and performance to be optimised, Traditional asset groups include:
- Static / Flow Data;
- Hardware / Software;
Threat IdentificationThreats can be classified in groups, understanding and classifying the threats your assets face will help scope out the capabilities and defenses your network must deliver.
- Environmental / Human (physical damage);
- Internal / external service failure;
- Network / System hardware failure;
- Software failure;
- Theft of hardware/software/removable media/data;
- Deliberate or accidental internal misuse/error;
- Unauthorised access or disclosure; or
- Electronic and interception attacks
Vulnerability IdentificationIdentify and score any vulnerabilities – consider inherent weakness relating to the asset, including within related policies and procedures. i.e. a Windows XP machine is vulnerable to many vulnerabilities as it is end of life.. The following factors should be taken into account when describing and assessing the level of vulnerability.
- Connectivity of the system failing (more connections, particularly remote connections to untrusted networks will increase the vulnerability);
- Complexity of the system (more complex systems are harder to secure);
- How much testing has taken place and the results of testing (penetration testing, approved/validated systems, or otherwise);
- Known defects / faults;
- Technologies used;
- Type of access control model used;
- Who will be provided with access to the system; or
- Single points of failure, etc.