The Intersection of IoT and OT with Security

By Aaron Eppert Sr. Director of Engineering at PacketSled

The Internet of Things (IoT) receives all of the headlines now for how this ever-expanding array of disjoint new devices open a security vulnerability around every possible corner. However, there exists a more silent, but globally more important array of technology that control and operate the world of 2018. These technologies are defined as Operational Technologies (OT). The security vulnerabilities, misconfigurations and operational exposures they can possibly present are made wholly worse by the proliferation and cross-exposure with IoT devices.

The Operational Technology (OT) market is projected to grow to $40.42 billion by 2022[1] with the IoT market growing to $457 billion by 2020[2]. The OT market encompasses the following industries as a minimum:

  • Manufacturing (Distributed Control Systems)
  • Oil and Gas Processing
  • Water and Waste Management
  • Utilities (Power Distribution – SCADA)
  • Facilities Management (PLC)

Operational Technology leverages a few common protocols built to traverse modern networking equipment. The protocols defining OT include:

  • Ethernet – IEEE 802.3
  • Modbus
  • Profinet
  • DNP3
  • CAN
  • ICCP
  • IEEE 802.11 (Wireless Ethernet)

The intersection of IoT and OT clearly exists with the crossing of IEEE 802.3 and IEEE 802.11 due to a desire to unify the management of all equipment into a common layer. However, it is the meshing of two fundamentally disjoint technologies via a common communications mechanism that causes the possibility of security vulnerabilities, especially with the desire to continually install new IoT-based technologies on networks that are otherwise critical.

The intersection of IoT and OT exists in their potential vulnerabilities which are amplified by the nature of sharing the same networks. Those potential vulnerabilities include:

  • Missing security updates
  • Publicly accessible
  • Default allowance of all outbound network connections from all points in a network
  • Insecure remote connectivity
  • Poor password management
  • Assumption that a firewall will fix all network ills
  • Poor segmentation of network assets
  • Poor or non-existent encryption, authorization and/or authentication
  • Poor network visibility
  • Poor network monitoring

IoT and OT are clearly two powerful, evolving and fundamental technology categories that are not going away from any point of the modern world moving forward. But, given the list of possible vulnerabilities and overall exposures they bring, there is a need to define how we accelerate the approach of fixing the inherent problems they can expose. In order to begin to determine the right solutions for your organization, the following questions must be asked and understood:

  • Do you allow Bring Your Own Devices (BYOD) on your network? Do you segment BYOD from critical infrastructure and assets?
  • What technology exposure do you have today? SCADA accessible outside a firewall? Corporate multi-functional printers accessible from wireless?
  • What technologies can you live without on your network?
  • Can you afford protracted downtime from potential rogue devices on your network?
  • Do you have a current disaster recovery plan?
  • Do you have remediation plan for data loss?

PacketSled’s core capabilities provide for detailed network visibility and monitoring from the lowest layers of a network through the application layer. PacketSled can identify and help remediate mis-configuration, information leakage, vulnerabilities and compliance issues in a network.

About PacketSled

PacketSled is the network analytics platform of choice for security teams globally. Used by enterprises and MSSPs for real-time data analysis, threat hunting and incident response, the platform leverages continuous internal network monitoring and retrospection to provide network forensics and security analytics. Security teams can integrate PacketSled into their orchestration engine, SIEM, or use PacketSled independently to dramatically reduce the resources required to respond to persistent threats, malware, insider attacks, and nation state espionage efforts.

The company has been named an innovator in leading publications and by security analysts, including SC Magazine, earning a finalist award in 2018 for network visibility. Based in San Diego, the company is backed by investors including Keshif Ventures and Blu Venture Investors. For continuous product updates and industry news, please visit us at www.packetsled.com or follow us @packetsled.

[1] https://www.businesswire.com/n…

[2] https://www.forbes.com/sites/l…