Professional Documents
Culture Documents
In the new world of increased cyber risk, approaches that bridge the Industrial Cyberattacks – A Top Global Risk
IT/OT divide are no longer optional – they’re mission critical. Executive Cyberattacks on critical infrastructure and strategic
leadership expects CIOs and CISOs to anticipate and stay ahead of industrial assets are now one of the top five global risks.
the enterprisewide threat landscape, including oversight of cyber risks
World Economic Forum, Global Risk Report, 2018
related to industrial operations.
In the past, industrial systems were not considered to have high SOCs are generally tasked with preventing, detecting and
cyber risk because they were isolated (air gapped), without responding to cyber security threats and incidents. Often, they
connectivity to enterprise systems or the internet. They were also also assess and fulfill regulatory requirements. Typically, their
protected by obscure proprietary technology and considered of mandates do not cover industrial systems – though it is possible
low interest to hackers or attackers. to leverage the investment in SOCs to include OT.
Now, industrial cyber risk is much higher due to: As threats to OT systems intensify, there are several reasons
to include OT in an enterprise-level SOC. With a combined
• More connectivity and exposure – The increased use of
approach, companies can:
common technology platforms and data sharing between
IT and OT systems exposes industrial systems to more cyber Stop threats faster – Most cyberattacks on OT systems
threats. This includes the migration to the Industrial Internet, originate on the IT network and involve multiple steps in
where physical assets and IT infrastructure are closely an elaborate cyber kill chain process. High profile examples
include an attack on a German steel mill, disruption to
integrated.
Ukraine’s power grid in 2015 and 2016, and the shutdown
• The transition to virtual systems – Shifting industrial system of a gas facility in Saudi Arabia in 2017. Thus, to protect OT
architectures away from local monitoring and data processing systems, threats need to be stopped in their early stages,
to cloud-based applications and analytics increases cyber often while they are present in IT systems.
risk exposure.
Speed up response times – Monitoring OT systems
• More sophisticated attacks – A new era of industrial threat separately from IT systems runs the risk of breakdowns in
actors, such as hackers, criminal organizations and nation communication and dropped incident handling between
states, focus on disrupting industrial systems for financial or multiple teams.
political gain. Keep costs down – It’s more cost effective to include OT
threat monitoring within one comprehensive SOC than to
• Easier access to resources – A marketplace of tools, example
have multiple SOCs.
malware frameworks and vulnerability exploits makes it faster
and easier to execute industrial cyberattacks. Leverage teams’ strengths – Protecting OT systems
requires a blend of IT and OT skills. For many organizations,
As a result of these trends, the majority of IT and industrial control
it is easier to close the skills gap by training IT people
systems (ICS) security practitioners across a variety of industries on OT sensitivities than training OT people on IT cyber
believe the threat level to OT systems is high or critical.2 security skills.
IT/OT Convergence
Gartner, Why IIoT Security Leaders Should Worry About Cyberattacks Like WannaCry, January 2018
Building an IT/OT SOC
+1,000 +300,000
Deployments Devices Monitored
STRATEGIC PARTNERS
INNOVATIVE TECHNOLOGY
Superior OT Asset Discovery and Real-Time The Best ICS Threat Detection
Network Monitoring “…we chose Nozomi Networks because their platform provides
“Nozomi clearly provided the most detail in the asset inventory industry-leading capabilities which allow us to detect anomalies
and was the only competitor to identify the key SCADA system.” and proactively hunt for threats within industrial environments.”
S4 Challenge Grady Summers, CTO, FireEye
References
1. Wired.com: "The Untold Story of NotPetya, the Most Devastating Cyberattack in History,” Andy Greenberg, September 22, 2018
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
2. Sans.org: "Securing Industrial Control Systems – 2017," Bengt Gregory-Crown, Doug Wylie, June 2017
https://www.sans.org/reading-room/whitepapers/ICS/paper/37860
Nozomi Networks is the leader of industrial cyber security, delivering the best solution for real-time visibility to manage cyber risk and improve
resilience for industrial operations. With one solution, customers gain advanced cyber security, improved operational reliability and easy IT/OT
integration. Innovating the use of artificial intelligence, the company helps the largest industrial facilities around the world See and Secure™ their
critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in sectors such as critical infrastructure,
energy, manufacturing, mining, transportation and utilities, making it possible to tackle escalating cyber risks to operational networks (OT).
EB-IT-OT-SOC-8.5x11-001