Most of the times, cyber attackers are part of a business, they are in it for the money they make. More than “just IT”, the cyber attackers have started to learn OT and they are getting smarter and smarter, in line with the ever increasing convergence between SCADA, AMI (Advanced Metering Infrastructure), DA (distribution automation) and consumer engagement systems. Recently, in a webinar hosted by Energynomics, four IBM experts presented their insights on how to stay ahead of cyber threats. Built for professionals in the energy and utilities sector, the webinar addressed the challenges in the management of both the operational technology (OT) and the information technology (IT), at a moment when the Internet of Things (IoT) has already changed the landscape of these industries.
Cybercrime is real
The world of cybercrime is a real and present danger, started Michael Kehoe, EMEA Threat Management Program Director, IBM Security. “Last year alone, the amount of money spent to protect our systems was 167 billion dollars, solutions with no business value because they’re actually just stopping the bad guys coming in, they produce nothing except to keep our systems safe”, he said.
Michael Kehoe talked about the most important four motivators for cybercrime. First is money, primary, gaining access to a valuable assets and secondary, exploit one asset to achieve access to another. The second is espionage or theft, which is getting competition advantage by nefarious means. Then comes the cyberwarfare practiced mostly by nation states based on opposing ideologies. Finally, he mentioned “the malicious damage where you see individuals who might have a revenge upon a company and therefore they’re able to get into certain systems, damage those systems or destroy them”.
Addressing the audience, he said “engineering is about systems of systems”, which means in respect to cyber defense one has to clearly understand what is the end goal, “because I will have to have encryption endpoint protection, I will have to test it, I might have to store data, I will need disaster recovery, HR etc”. Working with organizations like IBM and their partners is making sure that you have access to all these elements, both highly integrated and standalone.
Powerful partner
Ahmed ElNahas, Global OT/IOT SOC Practice Leader, talked about IBM’s OT SOC threat management services, which include consulting services, the use of non-intrusive passive set of technologies to monitor out of band OT Networks without introducing disruption to the operation, and around the clock incident monitoring to detect and respond to cyber-attacks. He also described the structured five-phase delivery approach for OT SOC Managed Services, and addressed some of the client’s concerns; among them interruption of the production by installing agents, the risk of disruption when taking logs over the OT Network, and automation vendor objection of not installing any device on their OT Racks.
Rafal Czerniewicz, Managed Security Leader EMEA, IBM Security presented the X-Force Threat Management, as “a smarter platform that can accelerate investigation and response” in order to identify and protect critical assets, detect advanced threats, respond and recover faster from disruptions. “It is very helpful to partner with somebody who already understands what it means and have well-designed processes and procedures and also the framework to do that well”, he said. At the same time, staying ahead of cyber threats requires a lot of investment, not only in technology, but people as well. “You need to make sure that the team is well educated so that they do understand both aspects of IT security and OT specific elements. And it is not only about investing into education, but it’s also about how you are going to keep those individuals with you”, he said.
Support from the good hackers
Adam Laurie, Global Security Associate Partner – X-Force Red IBM Cloud and Cognitive Software, presented the IBM X-Force Red, an elite team of hackers, dedicated to delivering offensive security testing. “We are people with many years of global experience delivering projects for customers of all profiles”, he said, and “our delivery results are driven by the creativity and qualifications of our experts, combined with methodical approach & cutting edge tools”. Adam Laurie talked about the OT security challenges starting from the complex environment made by various integrated technologies operated by different vendors and by the fact that attack surface is mostly unknown. “Most of the clients lack an asset inventory and they do not know either which systems, applications and other assets do they have, neither which assets matter most”, he said. “We have to do an inventory and figure out what we’re looking at, what’s the most important thing to protect. We’ve heard this from real life stories where systems have been attacked and even during a live attack it wasn’t clear which things to protect first. The consequences of one system going down could have a massive knock-on effect or could be insignificant to the overall activity and thus to the requirement to slow down or stop the attack”, he explained. Finally, he presented some case studies from a major power company, an international airport, and a utility company in the Middle East.
DOWNLOAD THE PRESENTATION OF MICHAEL KEHOE
DOWNLOAD THE PRESENTATION OF AHMED ELNAHAS