Building Visibility and Security Into ICS Networks - Can OT Trust IT? presented at ISC2SecureSummit 2019

by William Ingram,

Summary : Network security and visibility on ICS networks has traditionally been poor due to the limits of older ICS devices, protocols and networking architecture. PLC's, HMI's and other manufacturing devices did not have IT security built in. Many devices that have vulnerabilities can not be patched, or the site must wait for a patching window, halt production and apply the patches. Concerns about patching breaking the manufacturing process are legitimate This situation leaves the ICS network vulnerable to attack. There is a distrust of IT by those in OT. At 3M, there have been negative consequences to manufacturing caused by IT security initiatives. Network Access Control (NAC), patching and scan everything for vulnerabilities may work on the enterprise networks, but can cause negative impacts to manufacturing. IT lack of knowledge of the ICS devices aggravates the issue As the Industrial IoT increases security demands, IT and OT must work together to safeguard these networks. To do so requires a new perspective of how IT and OT integrate and work together both as people and technologies. This discussion covers: How 3M built the trust relationships with IT/OT teams from the Engineers and IT Techs up through the reporting silos of Manufacturing Engineering, Network Engineering, IT Support and IT Security. The Collaborative Global ICS Network Architecture and Security Standards including 3M putting in place the requirements of comprehensive security and visibility to include but not limited to, passive vulnerability scanning, IDS, IPS, malware detection, anomaly detection, network segmentation, change control, requirements for complete visibility and inspection of all traffic flowing inside the ICS network and more. 3Ms Version of the Converged Plant wide Ethernet architectural design and its implementation. How to gain full visibility on the ICS network to include, device inventories, vulnerabilities, program changes to PLCs, malware, new devices added, devices removed, anomalies and faster issue resolution. There are a number of vendors to choose from for these services. We will discuss Cisco's OT Insights and Industrial Network Director (IND) 3M's Pacesetter Manufacturing Plants with a focus on future technologies and how they are designed for the In