Patch Management for OT

Struggling to wrap your arms around deploying a patch management strategy in OT and don’t know where to start. Attend this session to learn how about tools that are available to assist in your efforts, discover automated tools for inventory to vulnerability correlation and review patch management prioritization methodologies based upon industry standards and Guidelines.

You Too Can Secure OT

Are you tired of hearing how ICS is “insecure by default”, but if you just buy this widget all your problems will go away? This session will enable traditional IT security people to get started securing their OT systems. This session briefly highlight the differences between OT and IT systems and then dive into a structured approach for managing OT security risk.

This session was delivered at RSA 2023 this year. Here is a more detailed abstract. Many IT security leadership roles have expanded their scope to secure OT systems. Despite the popular opinion that ICS is “insecure by design”, this has not been true for over a decade. Security misconfiguration of OT systems remains an issue. In this session, we will discuss how to get started securing your OT environment and what security capabilities exist in OT technology today.
To secure the ICS/OT space we must first understand the installed base. The extended lifecycle of most ICS, proprietary networks, and islands of automation make it challenging for OT automated inventory tools alone to provide an accurate installed base, down to the firmware version and rev of various controllers; thus, requiring a combination of OT automated inventory and a manual installed based evaluation.
With this updated installed base, an automatic correlation to the latest vulnerability and lifecycle status of the asset must be performed. This in combination with a high-level risk assessment (one of the first stages of an IEC 62443 risk assessment), should be used to drive the decision making for risk mitigation controls.
After a ICS/OT risk assessment has been performed, then controls can be selected using a Defense in Depth Strategy that includes but not limited to OT/IT segmentation via an iDMZ, logical segmentation with smaller subnets and VLAN’s, monitoring with an OT specific Network Intrusion Detection Systems (IDS) with direct connections to Intrusion Prevention Systems (IPS’s), Role Based Access Control (RBAC), 802.1x for Network Access Control (NAC), vendor agnostic “in motion“ secure protocols (CIP Security, IPsec, OPC-UA), ICS/OT device hardening, common time base with millisecond accurate time synchronization, elimination of traditional compute resources through zero-clients and endpoint protection.
The next phase in protection is preparation for incident response. OT specific business continuity and disaster recovery plays a key role in incident response; being able to quickly recover with the latest SCADA program, PLC program and VM. Ensuring time ICS synchronization and log immutability is also required for facilitating an accurate forensic response. Secure remote access for internal and external resources is a necessity for standard business operations and disaster recovery support.
In this session we will go through these phases and get into the details of how these controls can be used in conjunction to secure Industrial Control Systems.