Where to Start with Security for IOT and OT Monitoring

Internet of Things (IoT) and Operational Technology (OT) security have become hot topics within the security industry, yet the problems behind them aren’t new. The good news is that most of the solutions to these problems aren’t new, either. While there are differences between securing IT and IoT/OT, certainly, the principles remain the same: proper hygiene in setup and management can save you headaches down the line.

To begin uncovering the challenges of cybersecurity, let’s explain the basics. Internet of Things (IoT) is the connectivity of multiple devices that share a network, the technology that facilitates communication between devices and the cloud. Operational Technology (OT) is the hardware, software, personnel and practices used to facilitate monitoring, detecting and protecting infrastructure and data. Internet of Things (IoT) and Operational Technology (OT)requires a blend of proactive activities, reactive monitoring and response.

As you deploy new IoT or OT devices, or review the security of existing devices, ask yourself: Would I feel secure about the setup, connection, and location of this device if it were a critical IT asset? If the answer isn’t a firm “yes,” you’ll probably want to rethink things.

Security for IoT and OT requires a blend of proactive activities and reactive monitoring and response. Here’s how I see the two working together.

Proactive Security

You’ve got a business to run, and cybersecurity should be a business enabler, not a hindrance. Taking control over what you have — understanding what devices exist, how they’re used, how they can be protected, and the policies and practices of your organization – is the first step.

• Ensure visibility into your organization’s entire range of IoT and OT devices. Without a comprehensive inventory of your entire IoT and OT environment, you’re leaving security to chance. You need to understand both the assets on your network and the risks to each.
• Understand risk across your entire inventory. Continually monitor the patch status, port use, application authorizations, subnet connections, and other critical state information across your IoT and OT devices. Ensure your devices are patched and up to date.
• Follow strong password best practices. Ensure all passwords used on connected IoT and OT devices are unique and created following your organization’s password policies.
• Design your network to protect your IoT and OT devices. Microsegmentation is ideal where possible. At the very least, your network architecture must give the flexibility and control needed to secure your IoT devices, while maintaining performance.
• Consider your options. If an IoT or OT device has a hardcoded password, has ceased releasing patches or updates, or suffers from other inherent security limitations, consider your options. Place the device within a particularly hardened network segment or consider replacing it with more secure alternatives.
• Develop your IoT/OT security playbook. As with your IT assets, you’ll need to identify who has ownership for maintaining your IoT assets, and document all commonly repeated tasks and remediation steps to potential incidents.

Reactive Security

The best security hygiene and proactive security can prevent a significant percentage of attacks, but in this modern threat environment, your organization must take security to the next step by continually monitoring your entire IoT environment.

Comprehensive monitoring of device activity and status is critical. Monitor for patch status, port use, unauthorized applications, changes in device configurations, and other device status information to ensure device health, and monitor for anomalous and unauthorized activity, command-and-control behavior, privilege escalation, DOS activity, and signs of lateral movement.

IoT and OT monitoring have historically posed unique challenges to security teams, in part because disrupting OT devices could lead to significant delays or damage in the real world. Safely and effectively monitoring these devices requires passive, agentless network monitoring to maintain the status of that device inventory in real time without impacting the performance of the devices—something that isn’t easily achieved in most IT security platforms.

Robust network monitoring of your IoT and OT devices is critical to maintaining operational security and will also yield valuable network traffic data that can help in further refining and segmenting your network.

With adoption of IoT and OT expanding, and the threats against them growing in number and severity, a combination of proactive and reactive security measures is becoming more and more critical.

In our next blog, we’ll look at what Microsoft is doing in the IoT and OT space, and how Defender for IoT addresses IoT security in a way that can fit seamlessly into existing IT security programs.