Mapping the Dividebetween OT and IT

Imagination at work.

Industrial Controls and Security BarriersJanuary 29, 2014

Mapping the Dividebetween OT and IT

What’s driving theconvergence?

2

Individual vs. EcosystemWhat Happened When 1B People

Became Connected?What Happens When 50B Machines &

People Became Connected?

Entertainment is Digitized

Social Marketing Emerged

Retail & Ad Transformed

Entertainment is Digitized

Consumer Internet

Communications Mobilized

IT Architecture Virtualized

Industrial Internet

Remote monitoring

Predictive Analytics

Virtualized OT

Machine Learning & Automation

Employee Productivity

Technology to Drive OutcomesBrilliant machines Advanced analytics People at work1 2 3

CUSTOMER OUTCOMES

Asset optimizationincrease fuel efficiency

strive for zero unscheduled downtimeOperations optimization

improve processes

GE INVESTMENTS

Domain ExpertiseTechnology

OrganizationEcosystem

Barriers to security inindustrial controls

5

Security Challenges within ICS

http://ics-cert.us-cert.gov/content/recommended-practices

OT is Dated Relative to IT

“Average controllers that are installedtoday are not much more complexthan controllers that were installed 30years ago, and even top-of-the-linemodern controllers look antiquatedand simple compared to any smartphone. In terms of capacity, anaverage controller is comparable toan 1980s-style personal computerwith little processing power andmemory, the latter often beingmeasured in kilobytes.”

“Average controllers that are installedtoday are not much more complexthan controllers that were installed 30years ago, and even top-of-the-linemodern controllers look antiquatedand simple compared to any smartphone. In terms of capacity, anaverage controller is comparable toan 1980s-style personal computerwith little processing power andmemory, the latter often beingmeasured in kilobytes.”

7

Langner, R., Pederson, P. , Bound to Fail: WhyCyber Security Risk Cannot Simply Be“Managed” Away, February 2013.

Long Life Systems

ICS have a span of 15 to30 years.• Operators are slow to maintain

ICS on supported OS platforms.

• High quality lifecycle supportlimiting interruptions willdifferentiate ICS vendors.

ICS have a span of 15 to30 years.• Operators are slow to maintain

ICS on supported OS platforms.

• High quality lifecycle supportlimiting interruptions willdifferentiate ICS vendors.

8

Composed of Disparate Systems

Asset owners’ controls anddevices from multiple controlsproviders–Disparate systems

complicate changemanagement efforts

– Owners haveunprecedented influence todrive standards in M2M

Asset owners’ controls anddevices from multiple controlsproviders–Disparate systems

complicate changemanagement efforts

– Owners haveunprecedented influence todrive standards in M2M

9

Asymmetric risk of updates

Maintaining the process is thenumber one objective.Common practices include:• Infrequent updating to

underlying systems• Resistance to applying

critical, tested updates onsystems with redundancywhile on line.

• Critical infrastructureregulations will drive morefrequent updates.

Maintaining the process is thenumber one objective.Common practices include:• Infrequent updating to

underlying systems• Resistance to applying

critical, tested updates onsystems with redundancywhile on line.

• Critical infrastructureregulations will drive morefrequent updates.

10

Closing the divide –Improving Security in ICS

Foundational Security

Significant strides attainablein ICS security through:

• Personnel training• Incident response• Defined “BYOD” policies

Significant strides attainablein ICS security through:

• Personnel training• Incident response• Defined “BYOD” policies

12

Configuration Management

Industry struggles with basevulnerability assessment andchange management.• Automated reporting on

component and system levelconfiguration.

• Operators and Suppliers workingto define lifecycle managementpolicies, ability to support testingand provision of developmentenvironments.

Industry struggles with basevulnerability assessment andchange management.• Automated reporting on

component and system levelconfiguration.

• Operators and Suppliers workingto define lifecycle managementpolicies, ability to support testingand provision of developmentenvironments.

13

Conclusion

14

“There's an old saying about those who forgethistory. I don't remember it, but it's good.”

― Stephen Colbert

Conclusion

Seek tounderstand the

process

Acknowledgethe asymmetry

of risk in

Study thecultural shift asexperienced in

otherindustries

Transforming and Securing Data

From Bitsand Bytes…

…To a key part ofAT&T’s Value Chain

Growing Security Concerns2013, Forrester asked IT decision makers…What challenges, if any, does your firm face whendeveloping and managing smartphone/tabletapplications and devices?

56%Securing theapps and data

61%Plan to Implementor Expand MobileSolutions

Mobile Security Is a Priority overNext 12 Mos.?

Forrsights Mobility Survey, Q2 2013, Forrester Research, Inc.Forrsights Mobile Survey Q2 2013- Base 2,258 global IT decision-makers

40%

54%

56%

Managing devices thatare both for personal

and corporate use

Providingdevice security

Securing theapps and data

61%Plan to Implementor Expand MobileSolutions

70%Update securitytechnology andprocesses tosupport mobile

Security is a Top Priority for BusinessesAT&T DDoS Mitigations

2011 2012 2013

Increase in DDOS attacksin the last 2 yearsTen-Fold

614%Mobile malware increaseMarch ’12 to March ’13Juniper Networks Mobile Threats Report 2013

MobileSecurity

Securing a mobile workforce- BYOD

CloudSecurity

Protecting sensitive dataand Cloud transactions

614%Mobile malware increaseMarch ’12 to March ’13Juniper Networks Mobile Threats Report 2013

Mobile Attacks Top the List of 2013Security Threats

Cost of managing cyber security breach:ranges from $1.4 million to $46 million/year(56 businesses studied)

How AT&T can help securing your Apps and Data..

Network EnabledUtilizing the network for robustvisibility and control

Highly SecureMobile Business

End to end security for mobile devices,network, and apps

Highly SecureMobile Business

End to end security for mobile devices,network, and apps

Cloud based solutionsScalable, flexible security servicesbuilt in the Cloud

Threat ManagementComprehensive threat detection,response, and mitigation

MultipleOperatingSystems

VaryingDevices

EmployeeRequests andDemandsApplication

Explosion

Mobility Forces Impacting Organizations

22% workers useFile Share/Synch

905M tabletsby 2017

29% workforceAnytime, Anywhere

Sources: Forrester, Mobile Workforce Adoption Trends, February 4, 2013Forrester, Five Seismic Forces Reshuffle the Workforce Vendor Ecosystem, May 10, 2013

MultipleOperatingSystems

VaryingDevices

Device Security Application Security

Security Event &Threat Analysis

Mobile Device Managementmanages the entire DEVICE- Ideal for company-owneddevices

Mobile App Managementmanages the APPLICATION

Device Security Application Security

• Application Lock• Wipe Application• Separate personal and

business data

• Full Device Lock• Wipe full Device• Device VPN

Enables Security & PolicyManagementComplete Visibility into MobileInventory

Secure Content Distribution &Management

Visibility into Applications on device

• Application Lock• Wipe Application• Separate personal and

business data

• Full Device Lock• Wipe full Device• Device VPN

Complementaryor Standalone

Solutions

Security Event & Threat Analysis

Unparalleled Data Collection Robust Analytics Expert Response & Mitigation

NetworkServerApplicationCustomerIndustryClassified Signatures

10

• 265 Billion flow records processedeach day

• 6.5 Trillion packets/day• 4.4 PetaBytes/day

NetworkServerApplicationCustomerIndustryClassified Signatures

• Daytona Data Mining System• Patented analytic capabilities• Malicious Entity DB (MED) with

1.2M threat signatures• 100s of Millions of events

translated to 100s of alerts daily

• 7x24 redundant SOCs• Over 500 Analysts & Ops SME’s• Tightly integrated with GNOC and

Government SOAC• Reports via BusinessDirect and

Customer Portal