Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AntoinetteHodes
Employee
Employee

OT | Processes, Protocols, Procedures and People

OT NAIC.JPG

          Figure 1: High-Level OT network diagram, using Quantum IoT Embedded and Quantum IoT Controller with Spark gateways

 Today I want to discuss processes, protocols, procedures and people in the OT, Operational Technology realm.

Processes

  • Discrete/manufacturing | Discrete manufacturing is an industry term for the manufacturing of finished products that are distinct items capable of being easily counted, touched or seen. Discrete manufacturing involves parts and systems like nuts and bolts, brackets, wires, assemblies and individual products. Examples of products made from discrete manufacturing include automobiles, furniture, airplanes, toys, smartphones and defense systems. In theory, a discrete product can be broken down at the end of its lifecycle so its basic components can be recycled.

discrete OT.jpg

                                                                            Figure 2: Example of an discrete OT process

  • Service / Distribution | Service and distribution setup is used by energy companies.

servicedistribution process.jpg                                                                          Figure 3: Example of Service/Distribution process

  • Continuous |  Continuous production system involves a continuous or almost continuous physical flow of materials. It makes use of special purpose machines and produces standardized items in large quantities. Examples are petrochemical, cement, steel and sugar. 

continous process.jpg

                                                                       Figure 4: Example of a continuous process 

Protocols

Insight and visibility on the critical assets with protocols, traffic flows etc. in the OT network is a must. We offer with IoT Controller in depth visibility on all assets. Another OT need is segmentation. Our security gateways could be a nice fit to segment or microsegment the network. Besides that you need (dedicated passive/detection only) security controls. We all remember Maersk. Why do people need to have internet access to the environment over unsecure protocols? Why is SMBv1 open and available from the internet? NotPetya was a nasty ransomware attack, it exploited the EternalBlue vulnerability in windows. What other protocols do we see in those environments? Think of MQTT, CIP, BACnet, Modbus and DNP3. Did you know we even have a category (tag) SCADA protocols in place on our gateways? It contains 1507 applications!

SCADA apps.png

                                                                              Figure 5: OT Access Policy example 

We also offer special SCADA IPS signatures. It is up to you to configure those in detect or prevent mode!

OT TP.png

                                                                 Figure 6: Custom OT Threat Prevention profile 

Procedure

We have a great solution, the Compliance Blade. Below an overview of the standards and regulations we have in place in our management for OT environments. You can add a report as a view, create a dashboard and schedule recurring tasks for emailing the Compliance report.

regulations.JPG

                                                        Figure 7: Random selection of  OT related, supported regulations and standards

Regulations info.jpg                                                           Figure 8: Compliance score overview of selected regulations

People

People, OT admins, OT operators, contractors and suppliers need to have (remote) access to specific critical OT assets to do for example maintenance. We recommend to use the principle of least privilege, zero tolerance and zero trust. Minimizing the possible attack surface with the right security controls in place. 

RA to Robot.jpg

                                                                             Figure 9: Access Policy example to Robot 

Overall we recommend to address the 4 "P" pillars to ensure safety and integrity!

 

Nano Agent.JPG                                                Figure 10: Quantum IoT Embedded, Nano Agent deployed in "online" setup

 

0 Kudos
0 Replies
Upcoming Events

    CheckMates Events