OT systems increasingly vulnerable
Jeffrey Chirino and Mahdi Abdulrazak, global SOC Lead and CISO at SHV Energy, ran a three-month Proof of Concept with Defender for IoT. Let us hear their experiences and their recommendations to implement Defender successfully in an OT environment. ICT Group's own Industrial Cyber Security unit is also implementing Defender for IoT and proudly shares its experience.
“The security of OT systems is under more and more pressure. They are becoming increasingly vulnerable as we implement more sensors. In addition, OT systems are becoming more dependent on the IT systems to which they are connected. That was the reason for us to carry out a PoC for an LPG filling station in Poland in 2021. We wanted to have a clearer picture of the assets, the network, and the risks, such as the chance of industrial systems breaking down as a result of a cyber attack. You want to know the ‘attack factors’. OT security is a key part of our maturity roadmap.”
“We put together a specific combination of requirements and wishes for the PoC. It was important that we could monitor all devices in the network, receive a notification when a new device was connected, and could integrate with the existing SOC processes. Of course, the tool should not affect the proper functioning of the systems. We tried all kinds of things in the pilot, and Defender for IoT neatly clarified all of it. A great feature of Defender for IoT is the attack simulator. It indicates a clear path that a potential hacker might follow to get to the company's crown jewels.”
Defender for IoT is a very intelligent system and offers many features to monitor and assess all security aspects. In addition, AI applications make Defender very smart when, for instance, simulating weaknesses in the OT security. Thanks to Defender's easy controls and user-friendliness, you will easily find your way even with limited knowledge, so you can save training time. Another practical advantage is that the monitoring does not interfere with the systems and manufacturing processes themselves.
ICT Group has been part of the industrial automation from the beginning in 1978. We know what is important in an industrial environment and understand the processes and procedures. Based on our Cyber Security Framework, which complies with the IEC 62443 (the industry cyber security standard), we offer a variety of services, specifically aimed at OT environments. Our Security Analysis quickly assesses the maturity of the existing cyber security, as well as the main priorities to draw a roadmap for the next few years. With our monitoring services, we can tailor and implement Microsoft Defender for IoT to any specific situation. We can also make connections to a SIEM solution or take care of this as a managed service. In addition, through pentesting and threat modeling, we survey the main vulnerabilities and threats of OT and IT environments.
- Christiaan Woldendorp, CISO at ICT Group.
“We are very pleased with the results of the PoC. Defender for IoT meets all of our expectations. In fact, the PoC has yielded more insight than we thought it would. A big plus is that Microsoft Defender is continuously being updated. You are working with proven technology. On an international scale, we depend on the NIST cyber security framework, and Defender is completely in line with it. Building something yourself is never going to work, that requires too much expertise.”
Find a partner
“If you really want to get up to speed, you find a partner who has knowledge of and experience with IT and OT and your domain. Start a preliminary phase together to think about what you want, what risks there are, and how to get in control. Is your network ready? Do you need to replace any switches? Do you need a span port? This is the kind of questions you need a clear answer to before you start. Draw up a project plan together and document your approach. The more you can standardise in your processes, organisation, and technology, the better, because a standardised policy with a supporting toolset can be rolled out a lot faster over the different sites.”
Plan your first PoC
“IT and OT are becoming more tied up with each other all the time, but the realisation that OT needs to be protected properly is low. IT gets all the attention while it is the OT that directly affects the primary process, the industrial manufacturing processes. Our conclusion: do not only take measures for the IT infrastructure, but for the OT infrastructure as well. This coming together of IT and OT increases the risks while, at the same time, more and more vulnerabilities are cropping up in the OT systems. The PoC with Defender for IoT shows that the first, necessary step towards a secure OT environment is not that difficult.”
About SHV Energy
"SHV Energy is a leading worldwide distributor of off-grid energy such as LPG and LNG, and is active in the field of biofuel and sustainable energy solutions. SHV Energy enables its customers to switch from fuel oil and solid fuel to cleaner fuels, which leads to a smaller carbon footprint and better air quality. SHV Energy is a full subsidiary of SHV, a multinational family business, and consists of a group of specialised energy companies. Our brands include Calor, Ipragaz, Liquigas, Primagaz, and Supergasbras. As a group, we make it our mission to provide decentralised, low-carbon, and clean energy solutions to 30 million business and private customers who are not connected to the grid. SHV Energy has 16,300 employees spread over four continents."
Defender for IoT enables organisations to detect attacks through IoT devices and take measures. These include visible office equipment such as printers or smart TVs, but also devices in the Operational Technology domain in industrial environments and the vital infrastructure. Many organisations have a lot more of such devices than just the ‘classic’ laptops and mobile phones, but an IT or security organisation does not always have what it takes to keep an eye on them. And it is exactly this kind of systems that form interesting targets for attackers who are looking for an opening to place a disruptive attack or a foothold to enter the network.
Defender for IoT, combined with connections to other Microsoft (security) platforms, helps IT and security teams to link loose elements together fast and efficiently across different environments – something that used to be a time-consuming, manual process. This way, the business has its hands free to innovate faster and more confidently.
- Jelle Niemantsverdriet, Microsoft National Security Office.
Have a look at the solution