By Gregory Hale
It used to be a contentious battle between IT and OT security, where engineers and operators on the plant floor would not let “those other folks” anywhere near them fearing they would tinker with their continuous process where system availability is king.
Those battle mongering days, however, appear to be going the way of a fax machine as IT and OT are converging to the point where to keep a process running – and secure – they have to work together and understand each other’s unique language.
“We have seen too many places where the IT people are becoming more dominant in the discussions with the OT people, but IT really doesn’t know how to do it,” said Ilan Barda, chief executive at Radiflow. “It is a very important issue and one of the biggest challenges to make sure IT speaks the OT language when they go to the customers. They need to understand the vendors, the protocols, the structure of the networks, the operational procedures, and what is the business process.”
To handle the growth of IT security professionals working in the OT space, Radiflow released a partner program for managed security service providers (MSSPs) to offer OT cybersecurity services.
“We have focused on serving product through system integrators, but we have seen more and more customers challenged by finding the right expertise to operate these types of tools over time,” Barda said. “We thought now is the right time to introduce the model of MSSP, which has been around in IT for many years. This is good time for the OT side to start to work in this MSSP model, especially when you start to expand from critical infrastructure to private manufacturing to smart buildings.”
The OT MSSP partner program provides the framework for MSSPs to offer cybersecurity services dedicated to ICS/SCADA networks to their industrial enterprise and critical infrastructure customers. Radiflow is aiming this offering at MSSPs that already provide IT cybersecurity services and are looking to enter the OT space as well as industrial engineering companies that are interested in expanding their service offerings to include cybersecurity services.
“There is also a problem who will be the service provider, whether it is an IT MSSP or an industrial company. They both have a concern on how to become an OT MSSP because it is a new area,” Barda said. “They both have to understand the environment of the customer, they have to understand how to do the first mapping of the normal operations, the risks, and how to operate the alerts. We give them the procedures on how to do the initial baselining, how to do the risk assessment for the customer, how to do the mapping of the businesses processes and we give them procedures how to analyze the alerts and how to talk to the OT people. We also give them the procedures on how to give a weekly update to the customers.
“We also give them some back office support, so it is not just the tools and the process, we give them continuous support. This is what we will provide them with the initial training. We show them this is what a chemical plant looks like, this is what a substation looks like.”
The OT MSSP program is based on the company’s iSID Industrial Threat Detection System running in the Cloud environment. iSID can be used by an MSSP as the starting point for an ongoing network monitoring service that involves building a network topology map of all devices, connections, ports and data traffic flows on an OT network and handling alerts to any changes to the baseline. As part of an ongoing networking monitoring service, an MSSP can also use iSID to detect any breach attempts and apply security upgrades to any newly detected devices.
Shift to OT
IT MSSP’s are looking to get stronger in the OT space not only for growth reasons, but to stand out among their competitors.
“We met with MSSPs and they are interested into going into this area, not because it is a new area for them, but it is a differentiator for them,” Barda said. “They are competing now for the classic enterprise customers, and if these customers have some OT aspect, whether it is a building operator or a chemical plant, when they are competing for pure IT services, it is plain vanilla everybody is the same, but when they are also able to cover the OT space for them, they are bringing something unique. So, we are seeing there are more and more of these IT providers interested.”
While there are plenty of manufacturers still providing security for their own organization, but with a dearth of security workers in the industry, the industry is warming up to the managed security service provider model.
“More and more manufacturers are looking for services offerings,” Barda said. “We have met with customers that have told us if you don’t come with a service offering then don’t come at all. We won’t have the right manpower to do it. That is a pretty strong message.”