In recent years, the combination of OT systems and IT technologies has become increasingly solid. However, this connection has resulted in a “contamination” in terms of vulnerabilities and threats, from the IT to the OT sector. An attack on OT security can have devastating effects on the environment and people, with an economic and functional impact not only on the equipment attacked but also on the entire process.
On the other hand, OT systems have become the most profitable target for cybercriminals: note the growing availability of malware as a service, ready to attack and hack even the most sophisticated industrial systems. For this reason, today every organization needs to constantly monitor OT security, to identify critical issues, prevent possible attacks or at least mitigate their effects.
ALSO READ: Computer Security: Better Understand The Dangers Of Cyber Attacks
OT Security Assessment For Sapio: Our Project
The Company
From mechanical and metallurgical to glass and cement, as well as for the healthcare sector.
Sapio is one of the few companies in Italy that can count on 100 years of experience in the production of industrial and medicinal gasses with such vast and deep-rooted expertise that it can respond to any type of market requirement with great flexibility. , with glasses and mixtures of all purities ideal for different types of customers. “
Challenge
The aim was to verify the alignment of the infrastructure components with the best practices defined by the International Society of Automation (ISA) framework, which includes the ISA99 standards for securing OT networks. SAPIO, therefore, needed to carry out a structured Assessment of the corporate OT network and thus obtain a detailed assessment of the general state of security, concerning the vulnerabilities of all the components involved.
Solution
Our Security Assessment project has been developed in several steps. High-Level Assessment An interview was carried out to retrieve all the detailed information on the OT infrastructure and the security policies adopted. The analysis was completed by collecting information relating to some assets, through a structured questionnaire, involving the Service Provider of the company MPLS network at the main plant in Mantua.
Asset & Service Inventory
The data collected was structured by providing a detailed overview of the assets installed (Asset Inventory), analyzing individual devices, IP addresses, specific functions, installed software and remote access information. The Service Inventory has collected all the information regarding the services located in the various Sapio factories.
Info Gathering And Application Verification In Individual Factories
The information relating to the security level of the plants, about the best practices of Network Security design, was collected and analyzed in a detailed report. Remote sessions were implemented on the various PCs present in the various plants, for timely verification of the applications and their different use in the various production plants.
Cybersecurity Lifecycle: Vulnerability Assessment And On-Site Assessment
With a view to the continuous improvement of IT & OT security, the following activities have been planned:
- Instrumental Vulnerability Assessment, to validate and/or integrate the asset inventory activity, to verify appliance configurations through an authenticated scan. You will get a further in-depth analysis of any vulnerabilities and configuration mismatches.
- On-site Assessment, to verify the single context and the dynamics that regulate the physical security of the equipment.
The project currently involves 7 plants and will soon be extended to other 20/25 production sites.
Benefits
Starting from a state of the production network, which certainly denotes the utmost attention to OT security, the analysis carried out nevertheless revealed the points of possible security optimization. The assessment highlighted in detail the security status of the infrastructure, highlighting the risk areas, to increase timely protection. The wide and meticulous visibility of all the events that contribute to forming the network traffic, has made it possible to immediately improve the security of the analyzed infrastructure.
The analysis of the various proposed remediation activities, to which priorities have been assigned based on any identified risks, considers on the one hand the criticality and on the other an implementation roadmap consistent with the necessary design logic.