?
Security Transformation Network Security
4 minute read

The Storm Threatening Global Manufacturers

We find it in our homes, our cars, at grocery stores and of course work, but it is also rampant in the plants and factories that make the things we use in our lives. The proliferation of technology on the factory floor, coupled with devices having the capability to be ‘online’ and the extension of the Internet to nearly every nook and cranny, has created the perfect storm. We can see it coming — it’s on the horizon, we are starting to feel the wind blow and small drops of rain are trickling in. The only question left is, when and where will the storm hit next?

This building storm is that IT and operational technology (OT) have been converging at a pace that few ever imagined. With this comes security and operational challenges that span industries and pose risks never thought of in manufacturing, utilities, pharmaceutical and healthcare verticals. Couple this technology storm with workforces becoming more mobile, and now IT and security departments are struggling to keep the corporate IT and OT environments (factories, plants, warehouses, etc.) “dry” — meaning secure and segmented from each other. 

Many companies lack the resources with deep expertise in both IT and OT that can articulate a vision and develop a strategy that remains agile enough to meet the needs of the business, while also being secure enough to protect the interests of the business.

Purdue Model
Purdue Model

Industrial control systems

To help explain the different levels of critical infrastructure used in production lines, the Purdue Model was created as a broad hierarchical reference for communications between industrial control systems (ICS). This model is used to help design security controls that, in theory, protect each level from one another. However, with the rapid advancement of that technology storm, devices that sit on the plant floor or connect to the operations and controls systems are often used for other purposes and contain hardware (multiple NICs, built-in WiFi, Bluetooth, etc.) which allows it to communicate to other devices and networks, intentionally or not.

Mapping dependencies

Two key aspects to helping secure these environments that have been elusive are a way to correlate which devices from the IT side of the house can communicate to the OT side, and which devices within the OT network can communicate to each other. Once you are able to map these dependencies, you can overlay other information to gain a much more holistic view of the environments and how they interrelate. Just like the wind brings the storm, the Internet is bringing security risks.

Our response 

WWT's Manufacturing Practice is filled with deep expertise in the industrial control space and these creative minds have been collaborating closely with industry partners like Claroty, Rockwell and Root9B to tackle the challenge outlined above. Our manufacturing experts began to realize the problems solved by WWT’s Application Dependency Mapping (ADM) team with their Data Aggregation and Analysis Engine (DAAnE) tool might be able to help solve this problem as well.

The teams began collaborating in the summer of 2019 and it quickly became clear that by leveraging DAAnE, the ADM team believed they would be able to correlate between OT systems and IT systems. To prove our theory, we leveraged WWT’s OT security experts and asked them to help us partner with Claroty, an industry leader in the OT Discovery space, to develop an API allowing us to ingest OT assets and their relationships into DAAnE.

The Advanced Technology Center (ATC) was leveraged to build an environment where DAAnE, Claroty and other systems typically found in large corporations could be integrated and then queried for data. This allowed the ADM team to begin correlating data and ultimately demonstrate their theory was correct.

DAAnE Dependency Map
The above example of a DAAnE Dependency Map showing OT Controllers communicating via SCADA networks using modbus and dnp3 protocols to IT Systems using traditional IP networks.

Now that we are able to map the dependencies and integrations within OT and IT systems and the processes they support, we have enabled companies to overlay vulnerability data to model and display exactly their biggest threat landscapes — or where the storm is likely to hit.

users with elevated privileges
For example, users with elevated privileges on one or more systems that also has a weak password…
access to both the IT & OT environments
…and access to both the IT & OT environments poses a significant security risk. 

This level of insight does not exist anywhere else in the market. No solution provider other than WWT can combine technology, software, industry and security expertise to tackle such a complex problem.

Summary 

We pride ourselves on knowing when the technological weather is going to change and understanding where storms are likely to hit. This exciting work has paved the way for WWT to not only be a leader in the OT Assurance space, but to also have a differentiator in DAAnE that is opening new market segments and generating excitement from security leaders across many manufacturing verticals.

To learn more about DAAnE and ADM please contact your WWT Sales or Account teams. We can help you stay dry!

Reach out to your account team or contact us directly.