When considering bringing together silos of physical and cyber security, it is important to understand the various nuances involved, according to Michael Assante, Director of ICS at the SANS Institute.
When considering bringing together silos of physical and cyber security, it is important to understand the various nuances involved, according to Michael Assante, Director of ICS at the SANS Institute.
Speaking at a recent webinar organized along with Alert Enterprise, Assante elaborated on how an attack often takes place and the best ways to counter it.
“First of all, it is important to think about, when you look at IT and OT [operational technology] converging to provide a solution, we have to think about the complexity of several layers in which we get real world things to happen,” said Assante. “Power flow, products turnout of a factory that will ship [etc.], it really involves multiple layers. There is the physical layer that includes geography and infrastructures themselves, there is a functional layer, which has to do with whether it is the enterprise business systems that’s running the business systems, or the production environment or the product itself. There is the network systems and applications that allow us to run those systems, and then there is the people- whether they are organizational or they are individual.”
He added that they are seeing a number of incidents where the attackers are looking for the seams. Finding seams within networks, application systems, organizations and people appear to be an effective method of access for the intruders.
“They like to focus on these seams because typically, they find the greatest pay off in terms of the ability to access the system or affect the system by being able to quickly identify seams and develop a capability in those seams,” Assante said.
“Really, when we think about control systems and automation environments, we kind of talk about when we put an automation environment in front of a normal technologist, they are going to see the top of the iceberg, what’s above the waterline,” Assante continued. “It’s the technology, they are going to ask questions like what type of control system this is, what type of network you see, and really, that’s only a small part of the picture.”
To have a real effect or be able to accomplish an objective below the waterline, one needs to understand how the process works, the process itself and how the infrastructure looks and acts in the real world. One should also have an idea on how the systems are operated.
“All those are very important if you are going to intrude upon access and have an effect,” Assante added.