NCSAM 2019 Perspectives on ICS & OT Cybersecurity: Helping organizations ‘own’ ICS cybersecurity

October is National Cybersecurity Awareness Month (NCSAM). The annual collaborative effort between government and industry aims to raise awareness about the importance of cybersecurity and ensure all have the resource to be safe and secure.

Led by the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), this year’s theme—OWN IT. SECURE IT. PROTECT IT.— stresses personal accountability and taking proactive measures. At Mission Secure, cybersecurity is what we do. In support of NCSAM 2019, we’re taking an operational technology (OT) and industrial control system (ICS) approach to this year’s theme.

Own ICS. Secure OT. Protect Operations.

Interview with Don Ward, SVP of Global Services, on helping organizations ‘Own ICS’

Building awareness is the first step to greater cybersecurity and safety. As Kent suggested in the first tip for NCSAM 2019, “What you don’t know can hurt you. So, take action and identify your risks.” ( ICYMI | Building cybersecurity awareness in the industry.)

Once #CyberAware, it’s time to take measures to protect your operations. And that starts with ownership. So, this week, we dive into ‘owning ICS’ with Don Ward, Senior Vice President of Global Services at Mission Secure. Gain insights from the frontlines as Don shares challenges, surprises and how his team is helping organizations ‘own’ control system and OT cybersecurity.

Let’s start with a little context. Highly technical professionals comprise more than 75% of the Mission Secure team. Can you start by describing your team and the type of work you do?

The global services team focuses on all aspects of client delivery, including cyber risk assessments, technical consultation, advisory services, platform deployment and support. The team itself is brilliant; we have cybersecurity experts, control system engineers, network and system engineers and ethical hackers, to name a few.

At the core of the global services team is customer success. It’s all about identifying and solving our client’s problems. For example, we do cybersecurity testing at client sites. These tests can be light or in-depth, encompassing people, processes and technology. With comprehensive cybersecurity testing, we also bring in Red Team resources who can hack into the OT network, exposing vulnerabilities with command and control access. Testing also looks at physical access like unlocked closets, open-access wiring or open physical switch ports. In other scenarios, we leverage the Mission Secure Platform for visibility, passively probing and fingerprinting the network to build a connectivity map. Then, the team makes recommendations to protect the network further.

Deployment is another example. The Mission Secure Platform can get very granular such as setting protections, firewall whitelisting and intrusion prevention. Ensuring the right people get the correct information at the right time is essential for real-time decision-making. Our deployment teams also fine-tune product configurations based on the customer’s environments.

That’s a broad range of functions. But at the end of the day, it’s all about the customer’s success in protecting operations from cyber threats.

Once your team starts working on a project, what surprises clients most?

The level of vulnerability in their operations.

I’ll give you a few examples. In assessing operations, there are often older operating systems or hardware with old firmware. But even policies may be too lax. For example, there’s an unlocked door leading to a room with proprietary systems. Those systems could be used to hack into the network, potentially compromising data between the HMIs and control systems. That door should be locked because that area is sensitive from a security perspective.

Or, a lot of customers believe that they are air-gapped. Then, we do an assessment and find out they’re not. Human behavior often surprises organizations. People bring in their own devices (streaming, wifi), thereby creating new attack surfaces. Many times the unintended consequences of BYOD for convenience create rogue connections/access points that may hop a firewall/DMZ between the OT and enterprise IT networks. Or operators might be working a shift and need a printer. They think, “Okay, I’ll bring my printer in or move one from a different area.” The printer connects to the network, but if it’s running older or outdated firmware, it’s a cyber risk. That printer can be easily hacked. Or maybe the printer is connected on the wrong side of the firewall or via wireless. Now there’s a bridge connection between the OT and enterprise networks. Those kinds of real-life examples surprise customers.

Is there a top challenge your people run into out in the field?

The environments we work in have unique and specific requirements. Most require safety certifications and clearances. Depending on the client, we could need physical access to the operational side too. Gaining physical access can be challenging since there are limited windows for one to gain that physical access.

Take a maritime vessel, for example. We board the ship when it’s in dry dock or at a cargo stop. These are tight windows where we have to coordinate and get onto the actual asset. It’s the same thing if we’re working on an offshore platform hundreds of miles of the coast. We’re flying in by helicopter to get onsite during a specific time slot with particular plant or rig personnel.

Our biggest challenge is coordinating with a customer’s often fluid and changing schedule. In OT cybersecurity, availability is the top priority. And that’s the case with global services too, so we work individually with each client to figure out a schedule and process that best supports their operations.

Customer experience is a big part of what your team does. Can you share some of your thoughts on leading a team that delivers superior customer experiences?

It ultimately goes back to purpose. For me, I’m honored to be here with Mission Secure. First, we have a solution set—product and services—that allow us to protect some of the nation’s and the world’s most critical assets. If those assets were compromised, it could lead to negative economic consequences or actual loss of life. It could cause service downtime and insufficient resources, whether it’s energy, water, food, manufacturing, etc. So, it’s an honor to be part of a team that has a solution set that allows us to keep the world up-and-running.

Second, we have the people. The team at Mission Secure is very dedicated. Personally, it drives me to want to improve and stay at the top of my game continuously. Other team members have shared the same. We really elevate each other. It’s a privilege working around some of the most brilliant people in cybersecurity and industrial control system design. And that tends to drive behavior. It’s also fantastic to be able to work in these pretty cool environments. For maritime projects, some of the modern ships themselves are worth $250-300 million, and they’re transporting energy product that is vital to the world.

Mission Secure is a purpose-driven company. That foundation resonates through everything we do. Delivering superior customer experiences and technology is part of our DNA.

What would you say sets the Mission Secure services team apart from others?

Dedication. Going above and beyond to solve customer challenges.

The team is multi-faceted; we cover technical services, platform deployment, pre-sales engineering, and more. The team has an extensive range of skills that span technical engineering, industrial control systems, networking and cybersecurity technology. The broad range of education and experience within the team is more than your industry average, so to speak. We are consultants; we are customer advocates. We take a servant’s heart approach to addressing and solving customer problems, consulting with our customers and putting together designs that meet their requirements and budgets. That dedicated focus and work ethic is what sets us apart.

“OWN IT” is one of the themes, which we’ve adapted to “OWN ICS.” How are organizations doing with owning their industrial control systems?

The ownership is there. But there’s also a disconnect. There’s a protective mentality by plant and operations staff responsible for the control systems. Rightfully so, their primary focus is on uptime and safe equipment operation - and so there’s a mindset that if it isn’t broken, don’t fix it. On the enterprise IT side, their teams are tasked with updating computer and communication technology within the plant as well as the IT side. A wall’s been put up quite often between OT and IT services organizations. That’s a challenge as a cybersecurity partner but also internally for these organizations.

There’s a lot out there about digital transformation, IIoT and smart devices. How are these innovations impacting organizations and cybersecurity?

These are impacting organizations in a big way. Big data, telemetry and sensor data, being able to track assets for predictive maintenance, network health trends, digital twinning—that’s all fantastic. However, it also opens up different attack vectors that didn’t exist before. It opens up new communications holes that used to be sealed with traditional security tools. So, the attack surface is expanding as we expand technological innovation. Not only can you attack critical assets on a network, but you can come in through a variety of different side doors. There’s a much larger population of potential attack points.

On that note, what’s one tip for securing industrial control systems from cyber threats.

Find a partner that knows OT cybersecurity. Finding a partner that can help block unauthorized traffic, lock-down and segment your OT network is key; it can get very granular and requires an understanding of control system protocols and the operation’s environment.

Own ICS. Secure OT. Protect Operations.

About Don Ward

Don is the Senior Vice President of Global Services at Mission Secure where he leads all aspects of Mission Secure’s client delivery including Mission Secure Platform deployment and support, cyber advisory services, cyber risk assessments and ongoing client experience management. In addition to leading Mission Secure’s global services department, Don contributes a wealth of technology leadership experience with more than 20 years in cybersecurity, IT and data networking. He’s built, grown and led service departments in early-stage, high-growth and Fortune 50 technology companies, expertly blending technical, account management, client development and executive leadership skills.

Prior to Mission Secure, Don held various senior management and business development roles at high-growth technology companies as well as industry leaders like Hewlett Packard and Cisco Systems. Earlier in his career, Don built and led the global services team at TippingPoint from pre-revenue through their high-growth years and served on the senior leadership team during the TippingPoint acquisition by 3Com (now owned by HP). At TippingPoint, Don was the Director of Systems Engineering, VP of Sales and Marketing and Senior Director/VP of Technical Field Operations.

Don led daily operations as the Vice President of Technical Field Operations at 3Com, managing a team of 70 direct reports. He was on the leadership team during the acquisition of 3Com by Hewlett Packard and then led the team as the Senior Director of Technical Field Operations at Hewlett Packard. In that role, Don was responsible for support services, professional services, technical training, certification, the Threat Management Center and the Corporate Technology Lab.

Don is based out of Mission Secure’s Houston office and holds a BS in Electronics Engineering and Telecommunications Technology from Texas A&M University.