One of the OT security services CHT Security offer is OT Cyber Security Evaluation. It provides visibility to ICS environment (including asset, network topology, and Purdue modeling, etc.), network security risk assessment and security enhancement of production line system and component, and a comprehensive testing and analysis of asset, network, and overall infrastructure in the ICS environment.
The environment will be protected prior to, during, and post the cyber attacks by implementing this service:
- Create asset inventory and network topology to enhance the visibility of ICS environment.
- Establish ICS environment cybersecurity baseline to identify abnormal network activities and to detect the intrusion of unknown asset, achieving effective protection and monitoring. Our service will also provide recommendations on network security enhancement.
- Perform potential threat and risk assessment on known weaknesses and prioritize recommended actions according to threat severity.
By implementing this service before attacks, the environment owner could better understand Internet-connected assets and models in the environment and obtain network behavioral baseline to detect abnormal network activities (e.g., addition of ghost assets, adoption of insecure protocols). Moreover, the owner could understand the security level of existing network and develop improvement actions through risk assessment.
OT Cyber Security Evaluation includes the following action items:
- Asset identification: asset inventory, network architecture inspection.
- Internet behavior analysis and malicious activity inspection: packet sniffing and deep packet inspection (DPI), and establishment of network behavioral baseline for OT environment.
- Risk assessment and recommended measures: weakness analysis, threat modeling, threat assessment, and recommendations.
CHT Security has performed OT cyber security evaluation for several high-tech manufactures and critical infrastructure companies in Taiwan. With the industrial threat detection system, our ICS environment network security experts could, in a timely manner, precisely discover the severity that expands the scope of the network security threat in the ICS environment.
After in-depth analysis, one of the major findings of a local high-tech manufacturer being intruded by ransomware is that its OT and IT environment were not segmented. Malware could laterally move from the compromised IT equipment to OT network and pose further threats to the essential assets of the production line. Moreover, after analysis of the Internet behavior in a CI environment, multiple essential assets in the industrial control system (ICS) were found to be exposed to the Internet, some even adopted insecure protocol.
With CHT Security’s OT Cyber Security Evaluation service, the asset, Internet connection, and overall infrastructure in the ICS environment will be overviewed, protocol security inspected, network behavior analysis and risk assessment performed, recommendations provided to the environment owner, to enhance the environment’s security.