As demand for cybersecurity continues to grow, many companies are eager to put it at the forefront of operational business objectives.

But as we are all aware, operational cybersecurity brings with it unique challenges that companies must take into consideration. Here are three challenges that belong on most lists:

Unique operational technology (OT) systems: OT systems are not homogeneous and often don’t run on current technology. Typically, that means they are not amenable to mass actions for patching and remediation. You must plan for multiple compensating controls, and these actions take time to create, deploy and maintain.

Operational asset discovery and inventory: This necessary step requires you to develop a road map and research the right team, tools and procedures to maintain your program.

Staffing shortages: Nearly every industry is facing a shortage of appropriately trained, skilled personnel. Usually, it’s not a tight budget that is creating the problem, but rather an inability to find qualified people. According to Cybersecurity Ventures, a leading industry research publication, the single biggest barrier to OT cybersecurity is lack of people resources and talent. This is now estimated to have grown to 3.5 million-person shortage in 2021.

Partnerships with third-party consultancies are becoming the way forward to overcome these OT challenges. A partnership like the one between 1898 & Co. and Verve is a viable option to bring the best of cybersecurity technology and process together.

1898 & Co. provides a deep understanding of the physical mechanics of critical infrastructure environments. Highly experienced OT cybersecurity practitioners bring unique perspectives in deploying services to fill the OT cybersecurity resource and solutions gap. We deliver holistic business outcomes for clients seeking to build their OT cybersecurity program, leveraging the Verve Security Center.

The Verve Security Center is a proven OT-safe platform that drives unparalleled insight and visibility into risk within an OT environment. Combining Verve’s live-risk view, OT asset management and host-based intrusion detection capabilities with 1898 & Co. analysis and remediation execution, the joint offering adds context and actionability to insight. It provides customers with a 360-degree view into their operational environment. The result is a recommendation on how to prioritize critical assets and leverage OT security expertise for guidance and execution.

Manufacturing Case Study

The Verve Security Center was recently deployed at a manufacturing facility and within six weeks the team was able to determine the effectiveness of the solution. The automated inventory, risk mapping and OT context provided a live assessment window into the customer’s specific environment. The Verve team was able to uncover the following (among other findings):

  • 387 devices not patched to protect against WannaCry and NotPetya ransomware.
  • 83 programmable logic controllers with exploitable firmware.
  • Five systems that were dual-homed, bypassing the firewall; four of which were running TeamViewer software, which has a known password protection flaw.
  • One critical segment of the operation had 95% obsolete/end-of-life host platforms.
  • 48 dormant administrative accounts belonging to people who formerly worked there.
  • Poorly designed network segmentation.
  • Insecure and overly prevalent remote desktop/remote access configurations.

The technology that uncovered these risks proved to be a compelling solution, as it enabled the team to mitigate many of the findings, like user, software, patch and configuration errors. As the team progressed from project to project and reduced risk, the resulting dashboards documented and verified progress. This view into current, contextual risk is a key differentiator of an OT endpoint management approach to cybersecurity.

The partnership between 1898 & Co. and Verve Industrial is designed for critical infrastructure industries and companies looking to efficiently improve their cybersecurity programs through empirical, contextual risk reduction. Leveraging the Verve platform with 1898 OT/industrial cybersecurity services provides a dynamic and significant reduction in risk.

 

Managed security services can improve your security posture while letting you remain focused on your responsibilities.

Discover Your Options

by
Matt Morris is a managing director at 1898 & Co., part of Burns & McDonnell, where he leads the consultancy’s security, risk and critical infrastructure cybersecurity practices. Morris has 25 years of cybersecurity and digitalization experience and has served in leadership roles at startups, multinationals and global organizations. Throughout his career, he’s directed global strategy and investments and managed customer-facing operations. Additionally, he architected and led the world’s first managed industrial cybersecurity service at a global technology conglomerate.