Posted on May 6, 2019
If you connect the dots between a recent article in Forbes and another on LinkedIn by “unencumbered” infrastructure analyst Gabriel Lowy, the answer to the OT/IT cybersecurity conundrum is teamwork.
While cooperation between OT and IT isn’t common, Gabriel points out that the DevOps movement was once nascent as well. And OT/IT teamwork might be forced by greater pressures from a catastrophic loss. What could be worse than losing financial records? Losing control of a smart hospital, factory, ship or building.
As Tempered CEO Jeff Hussey points out in Forbes, smart and secure as mutual goals can pose harsh dilemmas for organizations pursuing optimal returns:
Businesses are keen on optimizing operational efficiencies for enhanced service delivery, reducing costs and downtime through preventative maintenance, all while lowering energy consumption and harmful environmental impact. This is accomplished by collecting, analyzing and leveraging data from internet of things (IoT) devices, which, according to Gartner, Inc., can "learn behavior and usage, react with preventive action, or augment or transform business processes."
And here is the catch:
Despite the sizable number of positive business impacts IoT devices can have on businesses, many organizations have balked at the idea of deploying IoT devices and control systems, citing an overwhelming level of complexity and a lack of personnel with IoT training as their reasoning. The gap in IoT skills is a direct result of the information technology (IT) and operational technology (OT) convergence. Unfortunately, bridging that gap isn’t an easy equation. Simply adding IT staff to an OT team does not produce the correct answer. It’s back to complex mathematics again.
Gabriel Lowy recognizes the problem in his recent post on catastrophic risks when OT/IT infrastructures converge and the teams don’t. He also draws an insightful parallel between the emergence of DevOps and the much-needed operational convergence of OI/IT. A common, blended organization tackling both makes the most sense:
Converged OT/IT teams can ensure stronger defenses in the face of challenges posed by external cyberattacks, outmoded network and edge security, and internal data misuse by either ambivalent or malicious insiders. As ICS platforms better interface with IT systems securely, organizations can realize the benefits of improved assets management and operational visibility across converging OT/IT infrastructure.
Posted on Apr 22, 2019
Spring 2019: The Most Intelligent University Campus
A small team at a large university did what many thought would be impossible. They quickly and easily isolated a statewide control infrastructure spanning more than 600 buildings. Indeed, while many organizations struggle with rising security stack complexity and the added difficulty of securing converged infrastructures, they finished their project in record time and without adding staff.
From remote cornfield agri-labs to campus complexes of smart buildings serving a population of more than 100k students, the operations team increased connectivity and availability, enhanced security and reduced operating costs in what may be one of the fastest isolation projects ever completed.
Their success was recognized with the 2018 IBCON Digie Award for the Most Intelligent University Campus.
The 10-page eBook, complete with easy to understand charts and graphs, discusses key challenges the team faced, what they did to address those challenges and how they were able to quickly enhance security without creating an even more complex security stack.
For a limited time you can read and share their story without registration.
Posted on Apr 16, 2019
The TCP/IP stack made it easy for billions of devices to connect over the internet in just a few decades, starting in the 1990s. Now we’re expecting more than 75 billion devices to be connected by 2025. Maybe TCP/IP was too good at its initial mission to ensure easy, rapid connectivity. But that’s just chapter one of the emerging cyber security problem.
Chapter two is even bigger, from both an opportunity and damage standpoint. The key to understanding the risk isn’t to quantify it in terms of more infected computers but rather unauthorized control over physical environments. Bruce Schneier takes us there in his new book Click Here to Kill Everybody: “The Internet, once a virtual abstraction, can now sense and touch the physical world.”
The current defense in depth strategy which has evolved to address stack promiscuity has become so complex even trivial additions to a network can drive significant increases in the operating and capital expenses required for effective defense. We call this reverse correlation (between rising complexity and declining protection) stack fatigue. This was before digitization and the “smart era.”
Digitization is Paving the New Hacker Superhighway
As organizations digitize their office buildings, factories, hospitals and even ships at sea to boost efficiency and productivity, they are exposing critical data and physical system functionality to the internet and cyber attacks. Think of the difference between taking down a hospital billing system and shutting down blood freezers, environmental or even ship controls.
A recent podcast on maritime cybersecurity--in response to an article on Threatpost about how hackers could sink a ship at sea--puts it in perspective. About 10 minutes into in Alex Soukhanov’s (Director and Master Mariner at Moran Cyber) podcast, he coolly explains just how vulnerable the common control systems and sensors in all kinds of smart facilities, floating and terrestrial are today. Smart water and power systems, smart assembly lines, smart navigation all use common sets of smart devices for managing critical systems. These systems control the physical environment. Whomever controls them controls virtually everything.
Digitization is accelerating the convergence of OT/IT infrastructures and in turn creating a new generation of high growth and ultra-permeable attack surfaces. The proliferating attack vectors in this new converged network are increasing complexity, degrading protection and exposing mission critical systems to unauthorized access as even primitive malware can go global in a matter of days.
Indeed, the stakes are higher than ever. HIP anyone?
Posted on Mar 20, 2019
The pace of smart building construction and upgrades is accelerating and facility operations staff are getting more involved in addressing cyber security risks inherent with attaching networks of sensors and controls to the network via the Internet. It’s no secret that Building Automation Systems are readily found on Shodan making them easy targets for hackers.
How can smart building cyber security go wrong? In at least three ways. Here are the 3 most common signs of failure:
1. Lengthy Project Timelines
Protecting a few hundred sensors and controllers in a building shouldn’t seem very complicated for a typical operations team. They already manage complex and even life-critical systems, from power and water systems to heating and elevators. Yet when they check with their network security partners and terms like “attack surface sprawl, firewall rules, VPN and certificate management” enter the conversation, the sobering reality sinks in.
Securing smart building controls can be downright daunting. For example, some solutions require weeks to months just to reliably connect, isolate, and segment a single building of under 10 controllers. If your team is unable to connect and protect a building regardless of size in a single day or two, the solution you’re attempting to deploy is probably the wrong one.
2. Rising Costs and Complexity
Maybe you’ve been asked to isolate or segment a single smart building network from your shared corporate network. Your existing network security vendor just gave you a massive estimate as high as $250k for a small group of buildings. Chances are that they are the same solutions they already use to protect IT systems and servers. The fact is that traditional IT solutions were never built for OT systems like smart building controls. If you’re trying to address the problem with the wrong technology, your acquisition, deployment, and ongoing management costs will escalate very quickly.
A high estimate is a warning sign that you’re likely trying to fit an out of date IT network and security stack into a new mission. Unfortunately, rising costs will only be part of the problem, as they cannot deliver the right outcomes.
3. Added Headcount Requirements
Given the lengthy deployment time frames and high costs associated with traditional networking and security solutions for connecting and isolating smart building networks, it’s likely you’ll require extra head count to deploy and manage these solutions. Most of our smart building customers projected that they needed to increase net new headcount by at least 25%. This equates to costly overhead because you need people who have advanced IT skills to manage more firewalls and VPNs. Not only is this a big blow to the budget, but it’s really hard to find adequate skills today with the shrinking pool of talent as highlighted in a recent Gartner, Inc. Survey.
This is when the big red warning lights go off, because the number of added headcount needed is directly correlated to the complexity of the solution and the difficulty teams will have in maintaining a highly available and secure state for all of their distributed building controls.
If your team cannot instantly enable or revoke access on-demand, chances are the network and security teams will leave those connections open, protected only by that vendor’s shared password and user names. And if you are required to deploy and maintain control servers at the building level, it’s because those traditional solutions don’t support BACnet multi-cast. This will require additional headcount to support because BACnet mulit-cast will inadvertently create broadcast storms making networks less stable which require the type of staff to triage and troubleshoot the source of these storms.
What to do:
If your team is being told that your smart building cyber security project will take weeks to protect even a single building, or costs will be high, or that you’ll need to hire more experts to properly cloak and isolate your smart buildings sensors and controls, it is very likely you’re being offered the wrong solution. It’s all about the stack.
The most widely deployed network security, firewall and segmentation solutions deployed in IT were architected on protocols created before organizations even contemplated network security let alone understood the exponential scale of building IoT. Smart Buildings IoT endpoints dwarf traditional IT in terms of the number of devices being connected and the number of locations that need to be supported.
Day one, these solutions might work. Day 30, they become extremely complex to deploy, scale, and manage, resulting in network stack fatigue, or the widening gap between security complexity and protection. It is stack fatigue that drives costs, resource and timeline requirements higher and higher as smart buildings are added.
We believe smart building networking should be simple to deploy, radically secure, and not break the bank. Check out this brief on Connecting and Protecting Building Automation Control Networks.
Posted on Mar 13, 2019
In short, stack fatigue is the reverse correlation between the rising complexity and cost of TCP/IP-based security solutions and declining protection: as complexity increases, security protection decreases.
Why it’s important: When the TCP/IP stack was invented network security wasn’t a significant consideration. In the 1990’s basic network security solutions evolved to address the security shortcomings of TCP/IP as networks grew larger and connected more devices to the rapidly growing, early internet. The network security market experienced exponential growth because of TCP/IP shortcomings. Over time, layers of solutions evolved, each out of necessity as new risks appeared and cyber attacks escalated.
Decades later billions of IIoT devices are connecting to enterprise networks, rapidly expanding the attack surface of networks and creating new varieties of attack vectors--ways in which networks can be compromised. Those security solutions based on TCP/IP have corresponded with layers of new policies and scripts (lines of code) and new generations of solutions, most managed manually. But that has given rise to complexity--especially in the form of rising security costs and personnel shortages—with an eroding security posture.
The result: an inverse correlation between increasing complexity and cost and effective protection.
Posted on Feb 5, 2019
Typically, we are deploying our product into existing network environments. Whether this is due to a new rule that requires secure access or the failure of an audit, it is always an existing network with all of the issues incumbent in modifying an existing thing. Deploying into these networks requires a more complicated design and potentially several phases of deployment to be successful.
While TCP/IP may be long in the tooth, it is still the foundation of the Internet and all current corporate networks. Even a newly-built network will use Ethernet and TCP/IP as the foundation protocols of operation. However, with the addition of Host Identity Protocol (HIP) on top of the new network, it can be possible to alleviate many of the issues that plague TCP/IP.
HIP uses a cryptographic identity instead of just the IP address to identify the parties in the communication. The advantage is that HIP uses the IP address as the locator, and a strong cryptographic identity as the identity. This allows the creation of secure policies without complex deep-packet inspection rules that will need to change over time.
A new network deployed with HIP over the top of TCP/IP would look more like the following:
By using HIP to provide a layer of identity management and encryption over the top of TCP/IP, it is possible for networks to continue to use traditional networking tools and methods and still gain the advantage of encryption and manageability as well as identity-based [link] control.
With a HIPserver on the domain controller, all of the Active Directory services (authentication, name lookup, printing, etc.) are available inside the HIP tunnels. Access can be granted through Active Directory groups, just like it is now, but in the case of HIP, any resource you do not have permission to is not reachable. There is no tunnel from your device(s) to resources unless you are a member of a group with access to that device.
Onboarding a new device on the network is a matter of connecting and adding it to the Overlay. Once there, the group permissions take over, and the routing table is set up to allow access to all the resources assigned.
From file server to printers and more exotic network resources, what you see is strictly what you have permission to see. Any unregistered device on the network can see only the DHCP traffic, name resolution for the HIP Service peer, and encrypted traffic. A scan of any of these devices shows the only thing listening is HIP.
The benefits are not only in the realm of security but also in manageability. To update the routing and access of a group, add them to the correct overlay group, and routing is automatically propagated to all members.
TCP/IP was not designed for the modern network and is showing its age. Putting a layer of HIP over the top of the IP network allows for the use of Identity instead of just IP address for accessing resources as well as providing encryption for all data in motion. The new networking has to be secure while remaining as easy as possible to configure, and with HIP as the security layer on top of TCP/IP, it can be made so.
Want to see how we’ve applied HIP to secure and connect hundreds of Smart Buildings for a top 50 university? You can read our case study here.
Posted on Jan 24, 2019
We recently welcomed Marta, our new Sales Operations Analyst, to the Tempered Networks team. She’s here to get all of our ducks in a row! Keep on reading to learn more about her.
Where is your hometown?
I spent most of my life in Warsaw, Poland, except for short trips to England and Reno, NV. There was a government program for work and travel, so I would work in Reno for five months and then travel for one month.
Before working at Tempered, what was the most unusual or interesting job you’ve ever had?
When I was in Reno, I was working as a change person. The biggest jackpot I ever had to pay out was $29,000. It took about an hour just to count and recount everything…
How do you balance your career and personal life?
I’m waking up super early every morning. My normal alarm time is 4:30am to get into the office at 6:00am, and then I leave around 3:00pm to avoid traffic. Weekends are house and family time, mostly with my son. I also find some activities for myself. I have a group of 10-15 crazy moms that all our families connect. We go on trips together, go to the bar for trivia, and our kids play together.
Best vacation you’ve had?
Reno. Even though I was working, I was making money and having fun—it was the vacation of my life. Coming from Poland, the students there don’t work like students here. We were renting a car to go visit different places every weekend. It was also a huge lesson for how to be an adult. Even my parents said when I came back that I was older and more independent.
If Hollywood made a movie about your life, who would you like to see cast as you?
Melissa McCarthy – she is so funny.
What do you do for fun?
Gardening. I love flowers. Growing up, my mom loved gardening too. Whenever I’d see my mom in the garden, I’d think, “Why is my mom always in the dirt?” But now I find that as soon as I get home, I’m changing my clothes and getting the in the dirt. My yard has a green wall. I love watching the flowers bloom—I have a lot of roses.
People would be surprised if they knew:
There’s a lot of things, but you might think I’m too crazy.