Blog

The White House recently issued a memo entitled Fact Sheet: Biden-⁠Harris Administration Delivers on Strengthening America’s Cybersecurity. The communique offers a checklist of policies, executive orders, and other steps the Biden-Harris Administration has taken to demonstrate its “relentless focus to improving the United States’ cyber defenses, building a comprehensive approach to ‘lock our digital doors’ and take aggressive action to strengthen and safeguard our nation’s cybersecurity.” It’s worth looking at the items outlined as it offers insight into the federal government’s position on the state of the nation’s cybersecurity posture.

The Fact Sheet on Strengthening America’s Cybersecurity addresses different areas of concern focused on protecting national economic interests, addressing security by design, countering ransomware threat, raising threat awareness, training more cybersecurity professionals, and preparing for a post-quantum world. The Fact Sheet’s focus policies include:

Improving the cybersecurity of our critical infrastructure.
Ensuring new infrastructure is smart and secure.
Strengthening the Federal Government’s cybersecurity requirements, and raising the bar through the purchasing power of government.
Countering ransomware attacks to protect Americans online.
Working with allies and partners to deliver a more secure cyberspace.
Imposing costs on and strengthening our security against malicious actors.
Implementing internationally accepted cyber norms.
Developing a new label to help Americans know their devices are secure.
Building the Nation’s cyber workforce and strengthening cyber education.
Protecting the future – from online commerce to national secrets — by developing quantum-resistant encryption.
Developing our technological edge through the National Quantum Initiative and issuance of National Security Memorandum-10 (NSM-10) on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.

While the eighth policy on the list addresses a need to help make consumers more aware of the cyber-risks associated with their purchase and use of Internet of Things (IoT) devices, we note the lack of a reference to IoT security within enterprises. Here’s the full text from the Fact Sheet:

“Developing a new label to help Americans know their devices are secure. This month, we will bring together companies, associations and government partners to discuss the development of a label for Internet of Things (IoT) devices so that Americans can easily recognize which devices meet the highest cybersecurity standards to protect against hacking and other cyber vulnerabilities. By developing and rolling out a common label for products that meet U.S. Government standards and are tested by vetted and approved entities, we will help American consumers easily identify secure tech to bring into their homes. We are starting with some of the most common, and often most at-risk, technologies — routers and home cameras — to deliver the most impact, most quickly.”

**Consumer and Commercial/Industrial IoT are Vulnerable**

First, let me be clear that Ordr supports the efforts to help make people more aware of the risk associated with the connected devices they purchase for personal and in-home use. Often these devices collect sensitive information, or they may be a gateway for threat actors to gain access to a personal network that is relatively unprotected. Very few homes run industrial-grade security products, and are vulnerable to the tools and techniques available to most criminal hackers and hacker groups. But the same threats that put personal IoT devices at risk are present in many of the devices that populate enterprise networks.

Medical devices, industrial controls, sensors, point-of-sale systems, communications equipment, and many more Internet of Medical Things (IoMT), operational technologies (OT), IoT, and other connected devices are notoriously vulnerable to attack. Many of these devices are not built with security as a priority of their design. They operate with obsolete operating systems, rely on default (if any) passwords, and are released to market with security weaknesses. Some industry studies have found that three-quarters of all IoMT devices deployed today have at least one security vulnerability, and that half may have multiple vulnerabilities.

What’s more, the same devices that the White House wants to warn consumers about may also end up connecting to enterprise, industrial, and healthcare networks. Within minutes of deploying Ordr in these environments, our platform automatically discovers and classifies all of the devices operating on the network, and the results have been eye-opening for our customers. Vending machines, smart assistants, and gaming systems are not uncommon; but we’ve also found stranger things like parking gates, Kegerators, Pelotons, and Tesla automobiles.

The same devices that the White House wants to warn consumers about may also end up connecting to enterprise, industrial, and healthcare networks.

Many times, these devices have a legitimate reason to be operating where they are, but if IT and security operations don’t know about them, they present an unrealized risk. That is where Ordr comes in handy. By discovering and classifying every device, then drawing on the deep Ordr Data Lake to gather context and monitor its activity with a granular understanding of its purpose and normal operational patterns, Ordr can uncover vulnerabilities and detect behavioral deviations that are indicators of compromise. When that happens, Order automates policy enforcement to respond immediately to prevent or stop the spread of an attack, while maximizing operational resilience.

IoT Security for Economic Security

Some devices and systems must keep operating even while at risk, and Ordr’s enforcement of segmentation and isolation policies can ensure continued functioning even as the security team takes action to mitigate the present risk. That’s an option that is better than a “code dark” event during which non-technical staff are instructed to disconnect machines from the network altogether.

We applaud the White House’s efforts to use its bully pulpit to advance the cause of cybersecurity. We also urge the administration to continue to use its influence to help make our entire economy safer by recognizing the need to build security-by-design into every connected IoT, IoMT, and OT device. Building on the momentum of the IoT Security Improvement Act of 2020 as well as FDA guidance for IoMT security, bills like the PATCH Act and other requirements are needed to ensure connected devices are built and delivered to be secure. If labeling consumer devices is important, it must also be a priority for commercial devices as well.

Ordr Covers Your Assets with Real-Time Asset Inventory Management

Ordr is a unique and powerful platform because it addresses a plethora of visibility and security use cases for connected devices. In this series of blogs we’ll cover use cases that are top of mind for security, networking, and device owners, starting with asset inventory and management.

In conversation with CISOs and CIOs, we consistently hear the same challenges when it comes to Internet of Things (IoT), Internet of Medical Things (IoMT), operational technology (OT), and other connected devices:

Maintaining an up to date inventory of connected devices
Finding connected devices that are not included in inventory
Including device details that are critical for device management and security

The lack of a complete connected device inventory leaves teams guessing when it comes to managing devices and creates big gaps resulting in unknown risk when it comes to security. Whether you’re in IT ops struggling to keep up with the constant barrage of new devices, a security pro challenged to understand and mitigate risks, or a biomed engineer in healthcare tasked with managing device deployments, updates, and usage, connected device growth presents unique challenges across your organization.

Juniper Research estimates we’ll see more than 83 billion devices deployed by 2024, a 130 percent increase from the 36 billion in use today. With this and similar growth estimates, we’re faced with the reality that IT and security challenges will continue to expand as the volume and variety of connected devices grows.

Unique Challenges of Connected Devices

Compiling and maintaining an inventory of connected devices that is up to date with all the required details is challenging due to several factors, including the number and diversity of devices, improper procurement processes, remote users, and locations behind VPNs. In addition, many connected devices are not only unmanaged but unmanageable since they do not or cannot support agents, and scanning these devices is not always an option for fear of service impact. These factors mean traditional methods aren’t an option for device discovery.

The sheer volume, variability, and mobility of connected devices means inventory and status of devices is constantly changing. Relying on manual efforts or periodic snapshots of the network to maintain a device inventory comes with an almost certain risk of inaccuracy. You need to be able to discover and track your complete asset inventory, including unmanaged devices, and you need to be able to do it in real-time.

You need to be able to discover and track your complete asset inventory, including unmanaged devices, and you need to be able to do it in real-time.

Procurement processes that aren’t aligned with IT and security add to these challenges since they can introduce devices to an environment without being properly onboarded. This results in the potential for more unknown devices on the network, some of which may not meet organizational standards for management and security. In this category are devices that are added by individuals or teams that purchase them outside of organizational protocols. In the case of healthcare it can include vendors that work directly with physicians and drop off devices for evaluation.

Remote users, and locations behind VPNs provide additional challenges. You have less insight and control over devices being connected from users working from home. IP addresses from devices connecting over VPN can change rapidly making it difficult to ensure all connected devices are properly captured in inventory.

How Ordr Helps

Ordr addresses connected device challenges with deep packet inspection (DPI), artificial intelligence (AI), and machine learning (ML) to enable a real-time asset inventory that’s accurate and always up to date. By analyzing network data, we automatically discover every device connected to the network without the need for agents and without impact to device operations. We also accurately classify every device with details such as make, model, operating system, serial number, application/port usage, and location.

Device details are sent to the Ordr Data Lake and enriched with more than 80+ integrations to form a granular and complete profile of every device in the environment. Enrichment includes data from vulnerability and threat feeds, manufacturer and FDA recalls, IT tools to help track IP address changes and user logins, and more.

With Ordr, teams not only know what’s on the network but can also identify risks such as devices with an outdated operating system, unauthorized applications, vulnerabilities, or recalls.

With Ordr, teams not only know what’s on the network but can also identify risks such as devices with an outdated operating system, unauthorized applications, vulnerabilities, or recalls. Ordr also helps identify devices with weak passwords or certificates, and those exhibiting risky behavior that might indicate an active threat. This detail, combined with other insights from Ordr, is used to calculate a risk score for each device and help teams prioritize remediation tasks such as patching and mitigation efforts like quarantining or microsegmentation.

Ordr also integrates with existing CMMS or CMDB tools to enrich details for devices that already exist in inventory, and fill in the blanks with details for devices that were missing. With Ordr, you’ll create a single source of truth for all your connected devices that is always up-to-date and accurate. With that foundation, you can start to wrap your arms around the other unique challenges associated with managing and securing connected devices. In a future post, we’ll cover more on Ordr capabilities beyond asset management.

If you’d like to get a handle on your connected device asset inventory get in touch with us to learn more.

Did you catch the recent news that stress and burnout are the primary concerns for most chief information security officers (CISOs) these days? That was the result of a recent study conducted by the executive search firm Heidrick & Struggles as reported by CNBC last month. The survey found stress (59%) and burnout (48%) were identified as the top two personal risks by 327 CISOs from around the globe. Those results were compiled well before former Uber CISO Joe Sullivan’s controversial conviction on charges he hindered a federal investigation into a data breach at the ride-sharing company. Given the range and passion of opinions other CISOs have expressed in response to that case, it’s likely that stress is on the rise.

Scapegoats and Sacrificial Lambs

It’s not that surprising to learn that CISOs are under stress. They are responsible for keeping networks and data safe from a relentless onslaught of attacks from threat actors, and from data breaches that are a result of simple human error. If you spend any amount of time talking with members of the CISO community, as I do, you’ll hear the common complaint that they must manage high expectations and low budgets. You’re also likely to hear a lot of gallows humor involving scapegoats and sacrificial lambs.

I’m sympathetic to a CISO’s plight. In Ordr’s corner of the cybersecurity world, we deal with connected devices of the sort that make up the Internet of things (IoT), Internet of medical things (IoMT), and operational technologies (OT) that are the backbone of industrial and critical infrastructure enterprises. In that world, the pace of change and growth is astounding; it’s impossible to keep up. Consider the following statistics:

By 2025 there may be as many as 83 billion connected devices active in commercial networks by 2024 (Juniper Research).
At that time there will be more than 150,000 devices connecting to networks every minute (IDC).
The average hospital IT infrastructure includes more than 100,000 connected devices, including more than 15,000 IoMT devices dedicated to critical care, and between 10-15 IoMT devices per bed.

Those are big numbers, and they only represent the devices a CISO knows about. There may also be hundreds more unmanaged devices connecting to their networks, enlarging the enterprise’s attack surface, and increasing the chances of a data breach. That’s because you can’t protect what you can’t see. And when vending machines, smart assistants, aquariums, Kegerators, Teslas, Pelotons, and any number of other stranger things decide to make themselves at home on the network, stress rises along with risk.

Just What the Doctor Ordr’ed

Ordr is aware of these trends, and we have just what the doctor ordered to ease the burden that they cause on both the CISO’s enterprise and psyche. Our platform excels at looking across the network to locate and identify each device. Within minutes, Ordr discovers, locates, and automatically classifies all the device assets that are operating on your network, including devices you knew you had, devices you forgot you had, devices you thought you lost, and the ones that you weren’t expecting. In addition to complete devices discovery, Ordr’s feature set is designed to make a CISO’s job easier, including:

Automated asset inventory synchronized with your CMMS or CMDB.
Continuous risk assessment uncovering vulnerabilities and risky communications.
Vulnerability management to help with remediation and mitigation tasks.
Improved incident response with dynamically created policies to stop attacks.
Accelerated Zero Trust with dynamically created policies for NAC and segmentation.
Simplified compliance with detailed reports and documentation to help with auditors and assessments.

And because the Ordr Data Lake is already populated with detailed information on millions of individual device types, every device we find is automatically and accurately profiled, and its communications patterns baselined and monitored. That’s important because connected devices operate in narrow, deterministic ways. Any deviation from normal can be considered as an indicator of compromise, and when Ordr detects a threat, we arm your teams with contextual insights and policies so you can take the right action, quickly. That protects your network by preventing attacks, containing threats, and enabling operational resilience by isolating mission-critical devices that need to remain in service.

You can’t protect what you can’t see. And when vending machines, smart assistants, aquariums, Kegerators, Teslas, Pelotons, and any number of other stranger things decide to make themselves at home on the network, stress rises along with risk.

The CISO’s team also benefits from these features. The ability to automate asset inventory, locate devices easily, and generate security policies on any networking or security infrastructure reduces human errors and frees IT and security personnel to focus on more strategic tasks. This can help CISOs ensure higher job satisfaction, reduce stress, and increase retention for his or her team.

A CISO’s Peace of Mind

Whether you are protecting a hospital, industrial facility, financial services firm, or any other enterprise that relies on a vast constellation of connected devices, Ordr is good medicine. When Ordr is at work a CISO has a little more peace of mind, reducing the stress that comes with being an organization’s Cyber Incident Scapegoat Offering. If you want more information about the Ordr connected device security platform, or if you’d like a demo, reach out and let us know.

Avoiding the security hazards that come with OT/IT Convergence

For decades, factories, utility operations, and healthcare centers have relied on operational technology (OT) systems for daily functionality – monitoring production processes, distributing electricity, running MRI machines, etc. These systems have largely stood apart from whatever IT structure the factory, utility, or healthcare center might have in place. (And for some, such as older utilities, IT itself has been limited or non-existent.)

Two forces are upsetting the status quo for such OT systems: 1) the drive toward digital transformation made by integrating OT and IT and 2) the ever-more-aggressive attacks on security that may bring operations to a halt, with potentially catastrophic results for the organizations and those they serve.

It’s a frightening prospect, one that requires a careful, deliberate effort to understand the nature of the dangers for an individual organization and develop an appropriate response. Fortunately, solutions exist to enable organizations to up their digital capability while safeguarding their operations. But first, let’s look at how the progress from no protection to an integrated, resilient system takes place.

Phase One: Awareness of Potential Vulnerabilities

Alert leaders of organizations relying on OT begin to realize the growing threat they may face as they read reports relevant to their sector:

Healthcare organizations: Breaches in the U.S. rose by 55% in 2020 over 2019.
Utilities: Blind spots in the power generation industry brought on by digital transformation makes them more vulnerable to cyberattacks.
Manufacturing: The sector became the second most targeted industry in 2020, with a 300% increase from 2019 due in part to the shift to Industry 4.0.

The report on utilities by Yokogawa, a Japanese-based international electrical and software company, crystallizes the problem. While the shift to open systems makes a utility more adaptive to demand, enhances analytical capabilities, and facilitates interoperability, it also “has unlocked a door that was once firmly kept shut,” as hackers are well aware.

While the shift to open systems makes a utility more adaptive to demand, enhances analytical capabilities, and facilitates interoperability, it also “has unlocked a door that was once firmly kept shut,” as hackers are well aware.

Phase Two: Taking Stock of Weaknesses

Next, organizations examine their own potential points of entry for those who would do them harm. Often, they’re alarmed to recognize how many devices are unmanaged, ports are open, and functional silos are in place that keep various security measures from being integrated. The magnitude of the vulnerabilities begins to dawn on them as they see they’re exposed on several fronts: cyber, physical, supply chains, etc., with no centralized way to assess risks, let alone manage and prioritize responses to them.

Phase Three: Attacks, Firefighting and the Shift to Centralization

All the theorizing about weaknesses and vulnerabilities shifts to practicalities and urgency when an organization has a security breach. As the military axiom goes, “No plan survives contact with the enemy.” Organizations move quickly to defend themselves in an ad hoc fashion as best they can. But a rush to shut off one entry point in a network may result in halting operations on a wide scale – a consequence that might have been avoided if the network were segmented so attacks in one section could be addressed while the others were left uninterrupted.

In addition to the problems caused by an unbalanced remediation measure, organizations suddenly panic with the realization that this may be the first of many successful breaches and they have no idea what attacks might be next, nor how they can readily respond effectively and efficiently.

This leads to the conclusion that others (including vendors selling solutions to the problem) have reached: Security needs to be unified, with threats and insights gathered in one centralized location. Silos may have had their time and place in their organization as a way to ensure each function ran well. But modern manufacturers, utilities, and healthcare organizations know that information needs to be free-flowing across all departments. What’s more, external partners must be part of the data-sharing effort, with the risks they represent fully understood and managed.

Phase Four: Implementing a Centralized Security Platform

At this point, an organization may be desperate to find any tool that can help, only to be frustrated to learn from peers who’ve acquired platforms designed for the purpose that implementation is slow and cumbersome. So, while additional planning may be the furthest thing from the minds of organizational leaders who’ve recently been attacked, they eventually see the need to carefully review their options and pick the right solution.

The advantages of converging operational technology with information technology are clear: greater efficiencies, improved capabilities, and cost reduction. But the risks are real, too.

What’s needed is a product that has anticipated the implementation challenges and devised a deployment that goes quickly and painlessly. This is what Ordr was designed to do for manufacturers, utilities, and healthcare organizations – the groups most in need of such protection – as well as other organizations needed to blend OT and IT.

Within hours of deployment Ordr discovers all pertinent information about every connected device, and new devices are discovered in real-time as they connect. All devices are understood for their vulnerabilities, recalls, weak passwords or certificates. Because Ordr scans in a passive, agentless and zero-touch manner, it doesn’t affect the operation of even the most sensitive IoT device. And no matter who the operational owner of the IoT, IoMT or OT device is, the Ordr platform can manage it: automating responses, implementing role-based access controls, and providing customized views for individual stakeholders.

The advantages of converging operational technology with information technology are clear: greater efficiencies, improved capabilities, and cost reduction. But the risks are real, too: unlocking that door that was once firmly shut. Organizations that fully embrace the promise of digital transformation while safeguarding themselves against its security vulnerabilities are in the best position to achieve their organizational objectives and serve their customers safely and effectively.

To see how Ordr can help your organization, one of our industry experts would be happy to give you a personalized demonstration. Use this request form to do so.

Brad LaPorte is a former Gartner analyst and is now a partner in the consulting firm, High Tide Advisors.

Ordr Knowledge Base

Become A Partner