Passage to Digital Transformation

By Srinivas Kumar
Chief Product Officer at Mocana Corporation

 

blog-020720

 

Device transformation and protection is required to revolutionize digital transformation, just as virtualization and software defined networking were required to revolutionize data centers. Operations Technology (OT) and Information Technology (IT) are fundamentally dissimilar. To begin with, the problem space is radically different – unprotected devices versus gullible users as the carbon. This demands a different solution strategy. Cyber criminals exploit user psychology and over the past decade have truly transformed hacking from a cottage industry to a fine art. A device has no emotions. Devices can be made smarter than humans in cyberspace. Bridging the IT-OT divide (in some cases, a thin line) is the implementation challenge. Even a multi-layer defense strategy is not effective in OT realm. In the IT realm, users are siloed behind the business demilitarized zone (DMZ) and access line of business applications, internal systems, and external services. In sharp contrast, field operators dealing with Industrial IoT (IIoT) must traverse the business, plant, and control DMZ to access internal production systems (e.g. HMI workstations, controllers, robots, and sensors). Further, many autonomous systems in the IoT realm fall outside the line of sight (and scope) of traditional managed IT. Another twist in this tale is that managing authentication directories, PKI infrastructure build-out, key and certificate management services pose implementation challenges for OT operators not well-versed in the myriad of associated security protocols.

Cyber-attacks of the future will be designed to strike high value targets such as critical infrastructure, mass market services and utilities. As the manufacturing, public utility, transportation, healthcare, retail, cloud services, gig economy and defense sectors gradually increase their reliance on the Internet of Things (IoT), lack of serious consideration to building resilience will inevitably lead to tragic consequences in an unprotected ecosystem of inter-connected things. Harvested threat intelligence that drives IT security today is predominantly about how malware successfully evades IT security watchdogs and tricks the end-user into clicking on the poisoned payload to land and expand. OT is about an integrated “womb to tomb” mindset and system for life cycle management – processes, policies and technology. Chasing malware, for behavior fingerprinting, anomaly detection, and regular expressions using sandboxes and honeypots, is a race that cannot be won. Therefore, “zero-damage” protection is better than “zero-day” detection. The real nightmares and challenges in the IT world are the lateral attacks staged within the danger zone. In the world of OT, this is extremely difficult to secure in a fabric without perimeters. The “endpoint” must be transformed into the “protection point”.

The serious challenges and risks OT stakeholders face today may be summarized as follows:

  • Service Outage or Disruption
  • Scalability at Volume of IoT Devices
  • Lack of Embedded Security Countermeasures
  • Non-Compliance with Standards for Mission Critical IoT
  • Proliferation of Connected Devices in the Wild
  • Plurality of Platforms (Real Time Operating Systems, Processors)
  • Threat Intelligence Hard to Harvest, Absence of Logs (Data Historian)
  • Diversity of Device Profiles
  • Device is the Weak Link in the Kill Chain
  • No Measurements Based Controls for Risk Mitigation or Device Recovery
  • No Visibility into Runtime Operational Integrity
  • Gaps in Configuration and Change Management (Hard to Detect Anomalies)
  • Monitoring Headless Devices
  • Malicious Actor in Supply Chain
  • Scaling Device Monitoring and Analytics
  • Managing Risks. Don’t Chase Constantly Evolving Threats.
  • Increasing Immunity and Operational Efficiencies
  • Attack and Staging Surfaces Radically Different in IT versus OT
  • Resource Constraints
  • Process Weaknesses
  • Plugging Gaps in Security Controls for Compliance

 

Against the backdrop of these OT challenges and risks, the characteristics of traditional IT centric security solutions may be summarized as follows:

  • Controls Purpose-Built for Detection
  • Mass Market Solution for Managed IT Infrastructures
  • Rip-and-Replace with Next Generation of Antivirus, Host Based Intrusion Detection, Sandboxes, Log Analysis, Behavior Analytics, and Anomaly Detection
  • Malware Centric Mindset (More Fish, More Bait – Unscalable)
  • User is the Weak Link in the Kill Chain
  • Follows the Kill Chain
  • Reactive Engine (Detect, Patch, Repeat)
  • Sustenance of IT Systems Under Constant Bombardment by Cyber Crime Syndicate
  • Operating System (OS) Affinity – Malware Exploits OS Vulnerabilities
  • Threat Intelligence without Attribution
  • Relies on Well-Known Indicators of Compromise
  • Pivots on Malware Signatures, Regular Expressions for Behaviors, and Blacklists
  • Forensics Based
  • Designed for User Devices (Windows, Linux)
  • No Safeguards to Preempt Insider Threats
  • Leverages Cloud Based Services for Threat Detection
  • Based on a Threat Model
  • Malware Morphs Faster than Threats can be Harvested by Honeypots and Sandboxes
  • Malware is Localized on Device (Landed Threats)
  • Detection Methods are Resource Intensive on Device

 

Clearly, there is no synergy between the challenges and risks that OT stakeholders face today and the characteristics of traditional IT-centric security solutions to strategically retrofit into OT. The characteristics required for effective next generation OT-centric security solutions may be summarized as follows:

  • Controls Purpose-Built for Protection
  • Proactive Engine (Trust, Protect, Measure)
  • Mass Market Solution for IoT Field Deployment
  • Empowers Emerging 5G and Edge Cloud Services
  • Builds on a Trust Chain (Root of Trust Anchor)
  • Protection for Brownfield and Greenfield Devices
  • Tamper-Resistant Content Delivery
  • OS Agnostic, Real Time Operating Systems and Enterprise Operating Systems
  • Trusted Runtime Integrity Measurements
  • Relies on Attested Integrity of the Platform
  • Protection of Supply Chain and Device Lifecycle
  • Key Protection and Rotation for Embedded Devices
  • Protections to Preempt Insider Threats
  • Based on a Risk Model (versus a Threat Model)
  • Immune to Malware Stains
  • Data Diode the Device (Block Unsolicited Communications)
  • Protections for Resource Constrained Devices (Messaging Integrity)
  • No Factory Default Passwords

 

The passage to digital transformation in entrenched silos compromising of legacy brownfield and emerging greenfield devices will require device transformation as a strategy for change. Traditional IT network-based countermeasures and malware detection toolkits are inadequate to protect OT devices. The IT security paradigm is to inspect users’ access to dynamic general-purpose content posted on external websites and seemingly benign downloads from unknown and unreliable sources. The OT protection paradigm needs to examine purpose-built content delivered to devices through the supply chain by known and implicitly trusted sources. OT will require effective lightweight protection countermeasures on the device for cost and operational efficiencies.

 

About Mocana

Mocana helps device operators bridge the adoption challenge between device vendors and service providers, and enables digital transformation with the emerging 5G network, edge cloud and SD-WAN. We protect the content delivery supply chain and device lifecycle for tamper-resistance from womb-to-tomb, with root-of-trust and chain-of-trust anchors. We measure the device for persisted integrity and for trustworthiness of operations and data to power AI/ML analytics. Our team of security professionals work with semiconductor vendors and certificate authorities to integrate with emerging technologies in order to comply with data privacy and protection standards. The goal of Cyber Protection as a Service is to eliminate the initial cost of modernization for device vendors and empower service providers to offer subscription-based services for effective and efficient digital transformation of things.

Mocana’s core technology protects more than 100 million devices today and is trusted by over 200 of the largest industrial manufacturing, aerospace, defense, utility, energy, medical and transportation companies globally www.mocana.com.