Secondly, OT networks are particularly vulnerable because they operate with many proprietary, and often legacy, devices that can be difficult to identify and secure. Third, this problem is often exacerbated by a lack of communication and collaboration between the people responsible for OT and those for IT.
One of the best things an organisation can do to overcome these challenges is recognise the unique requirements of OT security and prioritise this at a board-level. That’s what happened at pharmaceutical multinational Pfizer.
In 2017, Merck MSD, one of Pfizer’s competitors, was severely impacted by the NotPetya ransomware attack. This was a wake-up call for the wider manufacturing sector, which resulted in the Pfizer board issuing a strong directive to strengthen the security of its production systems across all manufacturing sites.
Although Pfizer had already established an industrial cybersecurity program a few years prior, the board directive led the company to zero in specifically on securing the OT environment and the IT and engineering organizations to begin working closely together on the program.
Pfizer started by determining how it could best meet its cybersecurity objectives and identifying the partners and cybersecurity consultants it needed to work with to help achieve this.
The company built its security strategy for its manufacturing facilities on the NIST Cybersecurity Framework, and the NIST 800.02, Guide to Industrial Control Systems (ICS) Security.
One of Pfizer’s first challenges was to bridge the gap between OT and IT. “We had no idea which IT tools would work in the OT world and which tools wouldn’t,” Pfizer Head of Global Automation Engineering, Jim LaBonty said.
Pfizer embarked upon a series of pilots, testing out various technologies, and after extensive studies and the analysis, it homed in on a few key technologies to cover the production floor environment.
Pfizer selected Claroty’s industrial cybersecurity platform to gain visibility into its OT environment. “We knew that we needed to have a tool that gave us full visibility into our production environment. You can’t protect what you don’t know is actually out there,” he said.
Accurate inventory essential
Only once you identify all the assets on the network, can you protect them. Having a complete OT inventory, which gives visibility over which assets are communicating, is imperative to being able to understand and protect manufacturing environments.
While Pfizer needed to bridge the gap between IT and OT, it also needed to secure that bridge, with OT-IT segmentation. “In the past couple years, we’ve seen attackers be highly successful in their use of phishing as a conduit for delivering malware to the OT environments in networks that lack proper segmentation,” Mr LaBonty said.
Pfizer recognised that segmentation was a good defence mechanism to safely connect the production floor with IT systems. Pfizer has strictly limited which assets are able to communicate between the production floor and IT, limiting this to only the critical business functions.
Firewalls for OT/IT segmentation
Pfizer had been using industrial firewalls at some production facilities since 2014 with good results, so it moved to achieve segmentation with a large-scale rollout and followed this with the deployment of The Claroty Platform.
“Production will always be king in manufacturing. And we wanted to ensure what we put in place was monitoring the network traffic in the production environments, but we didn't want to impact it in any way, shape, or form.
He said he had been impressed with the speed and the ease of implementing The Claroty Platform. “It was very straightforward, and we were done within a week. The level of administration required is very low, and it’s providing rich data to people who need it on a timely basis. Claroty has taken a lot of the heavy lifting out of understanding what’s in your production environment, which is important when you’re not in a position to hire an army of people.”
Tackling the human factor
Pfizer has also successfully tackled the human aspect of OT-IT convergence, getting its IT and OT teams to collaborate effectively to boost its security levels. Pfizer paid special attention to educating its staff, to ensure they were confident in working across both OT environments and traditional pure IT environments, which has been key to the project’s success.
In any large manufacturing organisation, achieving collaboration and communication between teams might be one of the biggest challenges to ensuring a secure converged, or at least communicating, OT and IT environments.
“It’s a journey, and it’s not very quick. It’s not all over in a year. It takes time. Cultural differences need to be melded and blended. We're getting there. We're not perfect yet. But we've made huge, huge strides, especially in the last six months ensuring that our OT cyber technologies are getting implemented at our manufacturing sites.”