OT security models and concepts
In the first blog, we introduced the differences between IT and OT environments, and discusses the introduction of the new ISA/IEC 62443 framework with its 4 layers. This new framework proposes different control statements which are important to ensure the security of your industrial network. One of those control statements is ‘network segmentation’. This is the process of dividing the network into smaller parts to limit the attack surface – which was extended by the IT and OT convergence. In this blog, we will zoom in on frameworks like the ‘Purdue Model’ and the ‘Defense in Depth’ concept, which can help you defining and securing the different network layers.
The Purdue Enterprise Reference Architecture (PERA) was introduced in the 1990s by the Purdue University Consortium for computer integrated manufacturing. This model defines the different layers of an enterprise infrastructure, but more importantly, it clarifies approaches to segmentate and secure those different layers appropriately.
By doing this, you can minimize the affected components during an attack. Why? It’s simple: because the components are spread over different layers, a possible attack can only affect the components in the targeted layer, and not those in other layers. Of course, that’s only the case when those different layers are each secured well. The way to secure can differ for each layer.
The most important layer for OT is the Demilitarized Zone (DMZ). This is the place where the OT and IT converge, and thus the place where the attack surface is the biggest. It makes this layer a very tempting target for potential attackers.
Since the convergence between IT and OT is relatively new, many organizations do not have this layer implemented yet, or the current security level is insufficient. It is commonly protected by using firewalls and proxies only, to separate the IT and OT systems as much as possible.
Defense in Depth
The Defense in Depth concept is closely related to network segmentation, because it also focuses on protecting the system in different layers. The aim is to delay the advance of an attack, and not to fight the attack head-on. The theory is that if one layer of security measures were to fail, then another measure should be able to prevent the attack. So basically, you stack different measures together to prevent access to the system.
There are three different types of layers that can be used to protect the system: the physical, the technical and the administrative aspect layers. In an OT environment, it could work as follow:
- Firstly, the physical layer of protection:
You do not want intruders on your industrial network, and sometimes the easiest way to gain access is by simply physically being at the place where the network is situated. Therefore, you need to make sure there is no physical access to the industrial plant for unauthorized parties.
- Secondly, the technical controls:
These are the typical network security aspects we all know (like firewalls), but for OT networks it is also important to have specific OT security software running in your organization to fend off attacks and still be able to have permanent access to the information of the system. We will discuss this further in the next blog!
- Thirdly, the administrative controls:
This layer of protection focuses on the administrative side of things, like security measures mostly made up out of policies targeting the employees. An example can be labeling the sensitive information as confidential.
Every type of layer can have multiple layers of protection. In fact, it is advised to do so!
An example of an email service, which is situated in the technical control layer: imagine a malicious mail trying to gain access to a specific computer. It first needs to go through a firewall that checks for malicious content from untrusted sources. If the mail succeeds, the mail server also does a check on the content of the mail and the sender. In case the suspicious mail is still not stopped, there’s a layer of protection in the anti-virus software on the client computer to prevent an attack.
As you can see, those different layers of protection are making it hard for attackers to gain access to the targeted computer.
By now, you should understand the importance of OT security and the different frameworks and models in place to aid your security measurements.
As mentioned before, we will zoom in on the technical controls in a next blog, so make sure to keep an eye on our pages!
In the meantime, don’t hesitate to contact us for more information or specific help. At SpotIT we make it our goal to help you prevent any kind of attacks, whether it’s about IT or OT environments!