Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. In an interaction with Mr. Dick Bussiere, Technical Director for APAC, Tenable, about the cyber security and company’s innovative solution in this space.
Why is India’s critical infrastructure attractive to cybercriminals?
Critical infrastructure fuels India’s economy by providing services essential to daily life such as energy, food, water, transport, communications, health and financial services. An attack on critical infrastructure would be exceptionally disruptive on the nation’s economy and the daily lives of her people. As a result, critical infrastructure has become a high-value target for cyberattacks by cybercriminals.
Critical infrastructure is more vulnerable than you think. The convergence of IT and operational technology (OT) has connected once-isolated OT systems directly and indirectly to the Internet, providing a rich variety of attack pathways. This makes an organisation more susceptible to threats than at any time in history.
In today’s digitally-connected world, do air-gapped networks still even exist?
An uptick in ransomware attacks?
Air-gaps are no longer an operationally feasible solution in today’s digital world where OT infrastructure has been brought online for efficiency and efficacy. These interconnections are there for a reason. The OT infrastructures contain real-time information that have real business value and can be used to optimise the respective controlled processes. In today’s competitive landscape, extracting this data is essential so that security teams are aware of all assets and the respective tasks they perform. To drive the point home even further, introducing just a single laptop that was connected at some point to the Internet effectively breaches the air-gap, since any malicious code that is present on that machine could be introduced into the OT environment.
Why air-gaps are impractical for organisations in India?
Despite air-gapping and various other isolation schemes such as data diodes, attacks on OT networks are increasing in frequency and severity. As a result, organisations from a range of industrial and critical infrastructure sectors are seeking more effective approaches for achieving unified IT/OT cybersecurity.
At best, the air-gap model provides a false sense of security that no longer reflects reality in today’s business environment. This is because organisations require information transfer between the internal [air-gapped] and external networks [everything else] to be efficient.
How do you react to the trend of Work From Home (WFH)? What’s your advice for this segment?
Much of the current security activity is focused on keeping the bad guys out so it’s easy to lose sight of internal threats that might pose a danger to the organisation. Insider threats are users with legitimate access to an organisation’s network and resources, who use their privilege to accidentally or intentionally harm the organisation. These users can be employees, partners or contractors, past and present. Insider threats are often a great, unresolved risk in most organisations compared to external threats because they come from what would normally be considered a “trusted entity.”
Organisations trying to detect insider threats face the challenge of not only differentiating attacks from “normal” traffic but also ensuring they are not inundated with false positives from users performing legitimate tasks:
What is the concept of Accidental Convergence? Why is it important for organisations to understand this?
Air-gapping has historically been perceived to be the gold standard of security given that OT systems are physically isolated from other risky networks. In reality, air-gapped networks still have a large number of attack vectors.
There are many instances of isolated facilities being breached by something as simple and seemingly harmless as an infected laptop computer brought in by an authorised vendor to perform maintenance or a USB drive containing malware being connected to a Windows-based Engineering Workstation controlling the OT systems. On average, an OT environment is composed of at least 20% “traditional” IT devices.
Organisations need to understand that Accidental Convergence of IT and OT environments can occur at any time. What is most worrying is that it happens in many organisations without their knowledge because of the mistaken belief that air-gaps safeguard daily operations.
The Emergence of Industry 4.0
Industry 4.0 is a trend towards increased cooperation between a given company and its suppliers, customers, engineering teams and so-on. It requires increased penetration into the OT environment such that external entities can obtain real-time information about the production process, and input real-time information into that process. It allows for the rapid adaptation of production processes to real-time demands, facilitating improved efficiency and better customer response.
When a company implements an Industry 4.0 initiative, the population of IT or IoT devices within the OT world can increase to as much as 40%. In that sense, the introduction of these devices with their necessary external connections introduces additional risks to the production environment since these devices are being embedded deep within the facility.
What innovative solutions we are expecting from Tenable in future?
We recently announced a first-of-its kind integration with Tenable.ot 3.7 and Nessus Professional to help organisations secure both IT and OT devices in converged environments. This means for the first time, our customers can use a single solution — Tenable.ot — for unmatched visibility and control to secure IT assets alongside OT systems and reduce their cyber risk in converged, modern environments.