-
Industrial
- Healthcare
-
Commercial
- Public Sector
- Threat Research
- Partners
-
Resources
Featured Content
- Company
Blog / 3 min read
Federal Critical infrastructure is filled with high value targets, making them lucrative to adversaries seeking to disrupt critical services either within building management systems or within the operational missions themselves. Targeting these assets with malware or ransomware, creating any downtime or dysfunction, is a known objective and can have devastating effects.
To protect U.S. federal critical infrastructure, these devices and networks are often air-gapped, preventing lateral movement or direct access into the environment to gain a foothold and execute an attack. Air-gapped systems, isolated from other networks, are foundational in critical networks for sensitive federal and military operations.
However, often these systems are less protected than thought, leading to a false sense of security and introducing significant risk. Oft-overlooked physical access, insider threats, and the bridging of air gaps through maintenance devices, in addition to removable media, are ways such systems never were or are no longer air-gapped.
The first step in fortifying air-gapped networks is simple: improved visibility. Uncover the most critical OT assets and their unique sensitivities to properly protect them.
Securing these environments must start with improving visibility – often challenging in operational technology (OT) assets and networks. To get real visibility - leaving no asset under the radar - you need:
Broad and deep proprietary protocol understanding - OT, building management systems (BMS), and other types of cyber physical assets use proprietary protocols that are simply incompatible with — and thus invisible to — generalized security tools. Your environment may have hundreds of proprietary protocols. To protect air-gapped devices, discovery methods must understand protocols spanning all OT, BMS, IoT, and other XIoT assets.
Multi-dimensional visibility - Protocol understanding is the first step but visibility into how and when your assets communicate, their connectivity paths, the processes they underpin, and where they fit within the topology of your environment are critical in laying the groundwork to detect anomalies.
Diversity and Complexity resolution - OT assets can have a decades-long lifespan, so your environment likely has a diverse mix of new and legacy devices, operating and communicating differently. OT environments also often comprise complex network architectures that include both serial and air-gapped sections and are widely distributed across multiple physical sites.
Not every asset discovery method can provide the optimal level of visibility for these unique OT environments while maintaining the integrity of the OT network. To ensure every asset is discovered, and therefore assessed for its true air-gapped status, while maintaining network stability, the collection methods must have:
Active monitoring while maintaining operational stability: The innovative approach of active safe querying allows for active monitoring directly from the network without jeopardizing operational stability. This capability is invaluable for real-time threat detection and response in sensitive OT environments.
Unmatched Depth in the Purdue Model: To understand and secure complex ecosystems of federal critical infrastructure, collection should operate beneath Layer 2 in the Purdue Model, granting exceptional visibility into the nuances of OT/ICS environments.
No risk of disruption: Downtime is a serious risk to OT devices in federal critical infrastructure. Not all methods can guarantee no disruption, which is why it’s imperative to consider collection methods that avoid it. This includes collection methods that offer visibility gained within minutes with no additional hardware and no configuration.
To appropriately enable and maintain the security of air-gapped environments, establishing rock solid visibility is key. Claroty can assist Federal civilian agencies and the Defense Department to establish the necessary level of visibility, and take the necessary steps beyond - that are empowered by this deep and accurate visibility - in their OT security journey. From exposure management, ongoing network protection and threat detection, secure remote access and operations, the Claroty security platform offers unparalleled protection.
To learn more about the five collection methods available within the Claroty OT security platform and how each performs on the network, get in touch with our team today.
