Expert Insights on ICS Cybersecurity: Legacy Systems, Micro-Segmentation, and Cybersecurity Best Practices

Expert Insights on ICS Cybersecurity: Legacy Systems, Micro-Segmentation, and Cybersecurity Best Practices

The rapid expansion of the Industrial Internet of Things (IIoT) brings both opportunities and challenges for industries across the globe. As organizations integrate connected devices into their operations, cybersecurity risks become more pronounced, particularly when managing legacy systems. The speakers discussed these issues during the IIoT World ICS Cybersecurity Day, offering strategies for adequate IIoT security. From understanding stakeholder responsibilities to implementing advanced solutions like micro-segmentation, this Q&A provides valuable guidance for industry professionals.

Who Bears the Responsibility for ICS Cybersecurity?

Question: In your opinion(s), who bears the foremost responsibility for safeguarding the security measures of IIoT? Vendors, manufacturers, developers, government regulation, end users, etc.?

Answer:
“It should be at least a shared approach between:

• Government Regulation: Regulatory bodies set standards and regulations to ensure a baseline level of security across the industry.
• End Users: They must implement and maintain security measures, including regular updates, monitoring, and training employees on security best practices. Only the end user can provide the risk analysis needed to deploy the security level according to the risk.

Each of these stakeholders plays a crucial role in safeguarding IIoT systems. Collaboration and adherence to best practices are key to maintaining a secure industrial environment.”
(Thomas Menze, Senior Consultant, ARC Advisory Group)

Micro-Segmentation in OT Networks as a Strategy

Question: What do you think about micro-segmentation in OT networks as a strategy for protecting legacy systems?

Answer:
“By isolating legacy systems from critical networks, factory managers can contain potential security threats. This approach helps reduce risks without needing to replace the entire system immediately. Additionally, if the segmentation solution supports advanced features like Virtual Patching for systems that cannot be replaced immediately, it can offer interim protection. This method blocks malicious activity in real-time, effectively mitigating security risks without modifying the existing systems.”
(Debbie Lay, Principal Sales Engineer at TXOne)

Understanding Virtual Patching in IIoT Systems

Question: Could you expand on what ‘virtual patching’ is?

Answer:
“The concept of a virtual patch will depend on vendor-specific solutions, but generally, it leverages technology, such as an in-line networking device with filtering rules that provide effective protection against known exploits at the network level. This prevention occurs without modifying the actual OT asset, offering a layer of defense against known vulnerabilities until a permanent patch can be applied or, in some cases when a patch is unavailable.”
(Debbie Lay, Principal Sales Engineer at TXOne)

Common Vulnerabilities and Mitigation Strategies for Legacy Systems

Question: What are the most common vulnerabilities in legacy systems, and how can they be mitigated without replacing the system? What specific types of cyberattacks are legacy systems most vulnerable to? How do you assess the risk level of legacy systems compared to more modern systems?

Answer:
“Legacy industrial systems often face several common vulnerabilities due to outdated technology and a lack of modern security measures. Here are some of the most prevalent vulnerabilities and strategies for mitigating them without replacing the entire system:

Common Vulnerabilities in Legacy Systems:

• Outdated Security Measures: Legacy systems often lack modern features like firewalls, encryption protocols, and multi-factor authentication.
• Misconfigurations: Poorly configured security settings can leave systems exposed to attacks.
• Unpatched Software: Legacy systems may not receive regular updates, leaving them vulnerable to known exploits.

Mitigation Strategies:

• Network Segmentation: Isolate legacy systems from the rest of the network to limit the spread of any potential breaches.
• Access Control: Implement strict access controls and use multi-factor authentication to enhance security.
• Use of Firewalls and Encryption: Install firewalls and use encryption protocols to protect data in transit.

Types of Cyberattacks on Legacy Systems: Legacy systems are particularly vulnerable to:

• Malware and Ransomware: These can exploit outdated software to gain access and encrypt data.
• Denial of Service (DoS) Attacks: Attackers can overwhelm legacy systems, causing them to crash or become unresponsive.
• Insider Threats: Employees with access to legacy systems can intentionally or unintentionally cause harm.

Risk Assessment of Legacy vs. Modern Systems: Legacy systems generally pose a higher risk compared to modern systems due to their outdated technology and lack of modern security measures. Modern systems are designed with security in mind and are regularly updated to address new threats.”
(Thomas Menze, Senior Consultant, ARC Advisory Group)

Enhancing ICS Cybersecurity with Advanced Micro-Segmentation Techniques

Question: What do you think about micro-segmentation in OT networks as a strategy for protecting legacy systems?

Answer:
“It is foundational in OT to segment OT assets by ‘zone’ and ‘conduits.’ This approach is called out in most security frameworks, such as NIST and IEC 62443. A zone can be a single OT asset or a group of OT assets working together, hence the term ‘micro-segmentation.’ However, when creating zones and conduits, it is critical to adopt an OT approach that does not create a single point of failure or force traffic to traverse unnatural communication paths. The ‘conduits’ must be smart enough to learn traffic flows and leverage AI to provide appropriate policies for legitimate traffic flows. These conduits themselves must provide advanced ‘fail-safe’ measures during upgrades or power failures to prevent interruption in communication paths of OT assets.”
(Debbie Lay, Principal Sales Engineer at TXOne)

Human Error vs. AI Error in ICS Cybersecurity

Question: Human error versus AI error – which is more likely?

Answer:
“In the context of industrial cybersecurity, human error is more likely than AI error. Research shows that human error accounts for over 80% of cybersecurity incidents. This includes mistakes like misconfigurations, falling for phishing attacks, and failing to apply security patches.

While AI can also introduce errors, such as biases in decision-making or vulnerabilities in AI algorithms, these are generally less frequent compared to human errors. However, as AI systems become more prevalent, the potential for AI-related errors may increase.”
(Thomas Menze, Senior Consultant, ARC Advisory Group)

Conclusion
This Q&A session highlights the complex landscape of IIoT cybersecurity, emphasizing the importance of collaboration among stakeholders and the need for innovative solutions like micro-segmentation and virtual patching to protect legacy systems. By understanding these insights and applying best practices, industry professionals can take proactive steps to secure their IIoT environments.

Related articles: 

• OT’s Achilles Heel: Legacy Systems
• Emerging Risks in OT Environments and Proactive Cybersecurity Measures for Manufacturers
• Building Trust and Security in the Evolving IIoT Landscape