As cyberthreats continue to increase, it is imminent for organisations to uncover cybersecurity blindspots and establish a robust cybersecurity posture. Mohamed Ibrahim, Business Development Director for OT cybersecurity at Trend Micro MEA, Technical Partner of TXOne Networks, tells Intelligent CIO’s Mrigaya Dham about how organisations can ensure asset integrity with rapid, installation-free asset and device scans, allowing for defense of air-gapped environments and improved supply chain security.
What are the impacts of a security compromise on critical infrastructure like energy, transportation, healthcare, or government facilities?
Cybersecurity is becoming a very hot topic in OT and we are observing an increase in incidents – be it in healthcare, manufacturing or oil and gas. Different verticals are using OT today; as we see, cybersecurity is not a joke. For example, we see lots of ransomware hit customers in OT cybersecurity and what we are trying to provide in TXOne is to secure our customers’s mission-critical OT environment. This is important because OT getting compromised is entirely different than IT, as we are talking about an economic crisis leading to total power shutdowns that can affect entire cities, including the health and safety of people. As the consequences can affect many critical areas of the operation of a company, this is something we take very seriously.
What are the most dangerous hidden blind spots in organisations today that can cause production downtime and affect operational continuity and safety?
The most dangerous hidden blind spots in organisations today can be any hidden device, segment or a simple USB stick. Any device not being recognised that isn’t well known and detected on the network is considered a risk. Suppose we cannot visualise and detect our infrastructure, including what assets we are currently running and operating. In that case, any unauthorised thing being connected inside our network could hit our investment, manufacturing and production. From previous attacks that we have seen in the industry, hackers are using the legacy system we are still running today at our customer base.
It is critical to detect and prevent unauthorised USB sticks because we have seen many OT attacks that are being distorted within a USB port or transferring malicious data, files and viruses into those machines. They are then compromised by using something like a USB port or legacy Operating Systems that aren’t patched or supported by the vendor itself. We must make sure that we detect any suspicious behaviour inside our network and can prevent and protect the infrastructure. At TXOne, this is precisely what we can do with the technologies that we are further providing to our end users.
What are the shortcomings if using traditional endpoint security products in the critical infrastructure or OT environment?
This is a complex issue and we must break it down into several layers to understand it. I always recommend that before you start doing a gap assessment or a risk assessment, you must categorise what the critical assets and devices are. Furthermore, analyse and categorise their functionality, how they are parting and the risk and vulnerabilities that can be compromised and exploited on each of those. Once we know all this information, only then must we start with the patching and the security.
Talking about the traditional antivirus, it must be connected to the internet, be updated and have the latest patches to detect viruses in real-time. However, in OT we find many challenges in this area, some of them stemming from old legacy platforms that are currently running. Surprisingly, many customers have been using XP and Windows 2000 servers till now. This is a fact that we cannot deny or change for the time being. However, since the world is going on a digital transformation journey, traditional antiviruses are becoming outdated and need to be constantly connected and patched.
Additionally, we are also working in a very harsh atmosphere. Some customers have their devices, maybe offshore, in desert zones or possibly in an air-gapped environment with no connectivity or internet. Due to this, they cannot get the appropriate patches and updates to secure those devices. This is where TXOne comes into the picture to do some counter-measurements to provide security in different zones with different challenges.
How do you suggest the 1st step to reveal the cybersecurity blind spots and comply with regulatory standards?
We must pay close attention to compliances, especially when aiming to reveal cybersecurity blind spots and comply with regulatory standards. We’ve seen lots of cybersecurity compliance being applied nowadays, not just in IT but also OT and customers are starting to implement those compliances.
In Trend Micro and TXOne, we have a powerful value-added proposition wherein we can cover both pillars, starting from layer one into layer three for OT. We are also able to cover additional layers going above layer three. Having the IT and OT convergence and securing both layers is something that TXOne and Trend Micro add value to for sure. As a company that sees the complete picture, our value addition comes from the fact that our technologists and security experts excel in discovering vulnerabilities and threats worldwide and can patch them to our customers with our solution.
One of the key factors is that we have to assess our network and discover vulnerabilities to know where the hotspots are. This can be accomplished with many solutions at TXOne, including portable security. For example, we have a USB drive that can be easily carried everywhere as it is a widely used tool.
I want to talk about a couple of things – let’s divide these into the network and endpoint. The network part works differently as it needs a lot of focus as we need to segment the network to understand who is talking to whom and which protocol has full visibility on the communication between assets and devices inside the infrastructure. Whereas the endpoint part focuses on how we can secure servers and the machines running are applications like the SCADA systems, HMIs and other devices – this is where the challenge comes in. This is very challenging, especially if running in an air-gapped environment or with other facilities that don’t have connectivity. TXOne can provide the much-needed solution for such challenges.
Flash drives are commonly used to transfer data in an air-gapped environment, but this often creates a risk of insider threat. What would be your best practice advice on secure file transfer?
This is a common point of discussion in the OT community as the air-gapped environment is something that will vanish with time as digitalisation accelerates. However, until this happens, we are still stuck and need to find a solution. One of the things that TXOne is adding value to is using one of our applications, ‘whitelisting’ that we can run on specific endpoints, enabling us to lock down the machine against any threats that can compromise it or anyone who can inject and infect the machines with viruses by using USB ports or IOs. In air-gapped environments, once those machines are locked down, there is no need to patch them anymore, as they will not execute any files other than the whitelist.
The second part is a portable security solution that despite being small in nature, is very effective. It is a USB stick (no installation required) that can scan machines presented in remote locations with no connectivity and can be used to ensure that the machines are secure and don’t have any viruses or malware running on them, guaranteeing we can collect all the data needed on those air-gapped zones.
I use one of those tools and carry it everywhere in my pocket. You’d be surprised that whenever anyone connects any device to my infrastructure, I can plug this into the device to ensure there are no malware or infections on the machine. Once I get a green light, I unplug and allow them in. Customers use this prevalent use case in air-gapped environments as the individual can’t install any agent on any machines. He can ensure that whoever connects to his infrastructure is clean and doesn’t harm his investments or devices.
TXOne’s portable security inspection tool TMPS 3 has been widely adopted by global industry leaders in transportation, pharmaceuticals, and other industry verticals where OT leaders wanted more reliable file transfers between stand alone systems in work facilities.Click below to share this article