Yes, of course this is a simplification, but just because it’s obvious, does not mean it’s wrong.
You can indeed begin your journey to IIoT security nirvana by adopting this simple two-step strategy. While the details matter, this simple two-step strategy can help you quickly discern what is helping you on your journey or what is a distraction or worse, a complete waste of your time.
Step 1 – Get a complete and accurate system inventory that includes hardware and software. Furthermore, capture the meta data as well. Meta data can also be described as the context. For example, where exactly is that system/device located? What is its function? This additional information is important for trouble shooting and maintenance as well as security, that you can never discover by using deep packet inspection. How can you possibly secure something that you don’t even know exists? Automated discovery tools can help accelerate the process, but at some point you’ll have to roll-up your sleeves and do a full walkdown if you really want to know what you have. After all that work, it would certainly make sense to implement some kind of change control so your investment of time and effort is not wasted.
Step 2 – Produce complete and accurate network and data flow diagrams. Admittedly, this will take significant time and effort. In some cases, it may even require reverse engineering the network because it has grown organically over time to the point where you are no longer sure what is connected to what. Furthermore, if you can already admit that you are not sure what is connected to what, then you certainly don’t understand system dependencies. The network diagrams help you see connections between systems while the data flow diagrams help you see the interdependencies. Just like the system inventory, the network and data flow diagrams are critical to efficient trouble shooting and maintenance as well as better security. Similar to capturing a system inventory, automated tools can help, but you will have to fill-in the blanks yourself.
If you can just focus on these two steps, then so much of your other work can build on a solid foundation. Not only that, but this repository of system information also supports the process of knowledge transfer as you bring on new engineering staff. How refreshing would it be to have a measure of confidence in the system documentation when faced with an unexpected plant trip?
The Langner Group can provide you with the configuration management database (CMDB) that can support your journey to IIoT security nirvana and it’s called myRIPE. The myRIPE software has many additional capabilities that can make your journey much easier and faster. Contact us today at firstname.lastname@example.org for an online demo and see what myRIPE can do for you.