Risk is a fact of everyday life, whether we are making a cup of coffee or manufacturing the latest product. While we cannot remove risk from our lives, we can however reduce it, accept it or transfer it to a 3rd party. A blended approach should be taken for risk reduction by incorporating all three elements to a greater or lesser degree, similar to a defence in depth approach. There is no silver bullet.
Cyber threats are estimated to cost the UK economy £27bn according to report from Detica and the cabinet office, while Ponemon institute estimates a lower end cost to business of £4m per year (based on 39 businesses) and the Oxford Economics estimate that £0.8m may be needed to clean up post cyber attack (https://tinyurl.com/y7jpvmdc). Whichever source of information you review, prevention is likely to be more cost effective in the long term.
Recently in the news, Mondelez, the US food company that owns the Oreo and Cadbury brands, are suing Zurich for refusing to pay out on a $100 million claim for damage caused by a NotPetya cyberattack. It is reported this event rendered 1,700 servers and 24,000 laptops unusable and systems were permanently disabled creating high overall cost to their business. Zurich are challenging this claim by stating that liability exclusion exists for “a hostile or warlike action” by a government or sovereign power, or people acting for them. The challenge for Zurich is to prove NotPetya was in fact an act of war.
Increasingly, cyber attacks may be attributed to nation states which could make insurance claims void if Zurich win this case, resulting in companies having a false sense of protection or losses being uninsured. In some cases, cyber security insurance may not be possible if you are deemed to be uninsurable (https://tinyurl.com/ya4phrmo). While insurance plays an important part in the risk management process, this element should be considered your last line of defence. A proactive approach should be taken to reduce risks by working inside of an established Cyber Security framework and accepting ownership of your assets.
At SolutionsPT we operate a ‘Secure by Design’ approach and advocate the Cybersecurity Framework’s five pillars in our designs and products, these are: Identify, Protect, Detect, Respond and Recover.
Identify – Network audits, providing a full inventory of assets, security posture assessment and detailed network topology. Enabling you to understand what your key assets are and how to best protect them, while identifying new and unregistered devices. With enhanced audits using PCAP data from your network, we can parse this data through the Claroty platform providing a deep dive into the data flows and communication conversations between your assets.
Protect – Hirschmann Eagle/Tofino Firewalls provide bridged or transparent protection to OT networks delivering deep packet inspection to not only TCP/IP traffic but specific protocols such as OPC, Modbus, DNP3 IEC104 to mention a few. Where IT/OT converge, the use of Cisco next generation ASA firewalls provide unified threat management and advanced malware protection which are scalable to the largest of networks and interface with Claroty.
Detect & Respond – Claroty’s continuous threat detection highlights malicious and high risk activities within your OT environment using passive and non-intrusive means. Once a pattern of life within your environment has been established, threats, anomalies or deviations from this baseline can be actioned in real time, to provide detailed yet meaningful OT alerts to OT/IT/SOC professionals. With integration into leading firewalls from Checkpoint, Palo Alto and Cisco, these threats could be immediately isolated if required to contain an incident and protect critical assets.
Recover – Proteus Disaster recovery is an OT designed solution which not only provides data recovery but also operates as a redundant system. Traditional backup solutions are not specifically designed for OT systems and may present issues. Furthermore, these often only perform a CRC check on the backup data which doesn’t provide assurance that systems could be fully recoverable. Backups are often only tested in a recovery scenario by support teams; this is not true for Proteus. Backups are rigorously tested on a defined schedule by recovering the system in a ‘offline state’ while checking key services, dependencies and where applicable, integrity of critical databases and data sets.
SolutionsPT have over 30 years combined Industrial IT experience with in-depth knowledge of OT architectures. By taking a ‘secure by design’ approach, we deliver a long-term security architecture that is inherently secure against threats and can achieve compliance within your industry specific framework. Whether the design is for a new installation or an upgrade to existing operations, we help improve your security or maturity posture which will reduces your overall risk. After all, if you can detect and fully recover in a timely manner this should reduce the overall level of insurance cover that is needed.
Are you interested in Cyber Security? View our OT Cyber Security Webinar Series here.