The Unique Security Challenges of Cyber-Physical Systems Require New Security Tools

Ordr’s See, Know, Secure Approach to Connected Device Security is Ideal for CPS Protection

As IT estates and their attack surfaces grow in complexity, cyber-physical systems (CPS) are getting more attention from cyber security professionals. Because organizations across all verticals  are adopting CPS to run operations more efficiently, connected devices are becoming more and more abundant. Some reports predict the number of Internet of Things (IoT), Internet of Medical Things (IoMT), Industrial Internet of Things (IIoT) and other emerging specialized (XIoT) devices that populate sprawling corporate networks will exceed 24 billion by 2030. Those devices represent a critical interface between traditional IT and the hyper-connected sensors, controls, and other operational technologies (OT) comprising CPS these days.

Our own Chris Westphal blogged about cyber-physical systems recently, offering some background on what they are and identifying some of the security challenges associated with protecting them. A newly updated report by Gartner, 3 Initial Steps to Address Unsecure Cyber-Physical Systems, goes into more detail to help organizations struggling to understand their CPS infrastructure and establish a strategy to keep their CPS secure.

Threat Actors are Aggressive

The report makes it clear that threat actors are aggressively exploiting vulnerabilities inherent with CPS technologies and the threat to those organizations unprepared to defend them. In fact, Microsoft recently uncovered a “a sophisticated attack campaign” targeting IoT devices, while other new security research suggests malware targeting IoT devices has increased 700% since 2020.

As IT and OT converge, cybersecurity leaders need to identify their attack surface across both environments. Gartner’s report cites examples of attacks against organizations in healthcare, critical infrastructure, manufacturing, and public utilities illustrate the risks beyond cyber with potential impact  to individuals, public safety and economic stability, and serve as a warning to organizations relying on traditional IT security approaches. The report’s author, Gartner analyst Kattell Thielemann, puts it this way:

“Business-led Internet of Things or converged OT-IT projects have largely underestimated or ignored security and safety risks. Security and risk management leaders must go beyond data security by embracing cyber-physical system security efforts, or they will soon be overwhelmed by new threats.”

A Strategic CPS Security Foundation

That dire warning comes with the promise that, by taking the time to understand CPS infrastructure from a risk management perspective, CSOs, CISOs, and other security leaders can implement effective strategies for protecting those systems. Formulating a CPS security strategy starts by:

• Prioritizing discovery of all elements of the CPS environment;
• Anchoring security goals and policies based on insights derived from device data and industry-specific requirements like regulations and threat intelligence; and,
• Focusing on building maturity into the strategy based on an evolving Zero Trust approach.

Here at Ordr we call it a “See, Know, Secure” model for protecting connected devices, and the capabilities enabled by our platform dovetail well with the needs of organizations with CPS infrastructure. That’s because Ordr quickly discovers all CPS elements operating in the network, including those that were previously unknown or that connect and disconnect outside the control of IT management. This discovery happens in real-time, so there are never any blind spots.

Once discovered, we classify, map communications, analyze behavior, and assign a risk score to each device based on the data in the Ordr Data Lake—the industry’s most complete library of connected device intelligence. Our data lake is populated with millions of individual device profiles, including rich detail on each. We know their deterministic operational parameters, disclosed vulnerabilities, normal communications patterns, and other essential context that allows you to set policy.

A Potent Combination for CPS Protection

That combination of insight and capability supports automated responses whenever indicators of compromise are detected; and that means your network security gaps are identified and closed. Whether a CPS device is the vector, target, or in the path of an attack, Ordr can detect it and either stop it or help contain the spread.

The speed, complexity, and unique technical challenges endemic to cyber-physical systems operations means that legacy security tools and strategies are severely limited when applied to CPS infrastructure. Gartner recommends that CPS security “focus on safety, reliability, resilience, adaptability, and privacy.”

The Ordr platform is ideally suited to address these challenges. To read more about best practices to secure cyber physical systems, download a copy of the Gartner report, Market Guide for CPS Protection Platforms to help you better grasp the complexities and establish a CPS security strategy that meets the needs specific to your organization.

Bryan Gillson

Bryan joined Ordr in November 2019 after spending six years as VP Strategic Alliances at Ionic Security. At Ionic, Bryan initiated and managed business relationships with system integrators such as Accenture, Deloitte, and PwC, and closed OEM partnerships with vendors in the CASB, virtualization, and data protection sectors. Previously, Bryan led product management and business operations for Symantec’s encryption products and information protection groups after integrating the acquisitions of both PGP Corporation and GuardianEdge. Prior to Symantec, Bryan led the business development team at PGP Corp. and was a VP in Merrill Lynch’s Technology Investment Banking group.