The Illusion of Safety in OT: Ed Jowett on the Realities of Modern Device Security Challenges

Editor’s Note: As a rapidly growing technology company, Asimily is fortunate to welcome brilliant minds in the connected device security space. Recently, I had the pleasure of sitting down with Asimily’s newest Solution Engineer, Ed Jowett. Ed joins us with an extensive background in OT and IoT cybersecurity, making him a perfect fit alongside Asimily’s mission. As the President of the ISC2 Philadelphia Chapter, he leverages his expertise to address the unique challenges in securing industrial control systems and critical infrastructure. His enthusiasm for cybersecurity and technology set the stage for our discussion.

Haley Fraser: Thank you for joining me today, Ed. Thinking broadly, what changes have you observed in the OT and IoT cybersecurity space throughout your career?

Ed Jowett: Thanks for having me, Haley. The OT environment has undergone significant transformations over the years. One of the most notable changes I’ve witnessed is the evolution from air-gapped systems to connected devices in manufacturing environments. Historically, many manufacturing floors were completely isolated from external networks, operating in what we call an “air-gapped” state. However, this paradigm has shifted dramatically due to several factors.

Firstly, the modernization of equipment has introduced new connectivity requirements. Secondly, vendors supporting these systems often need remote access for maintenance and updates, which wasn’t necessary a decade ago. This shift is particularly striking when you consider that many of these systems have been operational for 30 years or more.

The concept of an air-gapped network still lingers in the minds of many OT professionals, but the reality is quite different. We’re seeing a convergence of IT and OT, where IT personnel might need access to OT systems through remote workstations. This blurs the lines of traditional security boundaries.

HF: How does this shift impact an organization’s cybersecurity posture in practical terms?

EJ: The impact is substantial. Many organizations still believe they’re secure because they think their networks are air-gapped, but it’s often an illusion. During our proof-of-concept demonstrations with Asimily, we can easily show clients how their devices communicate both internally and externally, which usually comes as a surprise.

For instance, vendor modems have become prevalent in the OT space. Manufacturers often include cellular connectivity in their devices for remote monitoring and metrics collection. This means these controllers are directly connected to the internet, often without the full awareness of the organization.

This realization is typically eye-opening for our clients. While some organizations still cling to the idea of air-gapped security, the reality is that almost every modern industrial environment has some level of internet or intranet access. These connections, especially through vendor tools, need robust protection as they serve as potential entry and exit points to and from the more hostile internet.

HF: It sounds like this connectivity introduces a lot of risk. What other challenges contribute to the complexity of OT security?

EJ: Absolutely. The challenges in OT security are multifaceted. Let me break down some of the key issues:

1. Vulnerability Management: Many OT devices run legacy versions of software, often full of missing patches and in need of upgrades. Without proper tools to assess what versions are running, organizations are left with unknown risks.
2. Insider Threats: This is a major concern in OT environments. Employees often have uncontrolled and unmonitored privileged access. Whether through compromised accounts or disgruntled behavior, this poses a significant risk.
3. High Stakes: In OT, we’re not just talking about data breaches. Misuse of OT devices can lead to physical consequences, including loss of life, injuries, or environmental disasters. The stakes are much higher compared to traditional IT security.
4. Third-Party Risks: Vendor and third-party risks are as prevalent in OT as they are in IT. The use of unsecured protocols, legacy systems, and outdated certificates and keys gives attackers an upper hand.
5. Maintenance Challenges: Scheduling maintenance windows for updates is particularly difficult in OT environments that operate around the clock. Downtime can be costly, and restarting processes after updates can be time-consuming and complex.
6. Clear Text Communications: Many OT systems still use insecure, clear-text protocols, making them vulnerable to man-in-the-middle attacks where attackers can easily intercept sensitive information like user IDs and passwords.

HF: Thinking about your initial impressions of the Asimily platform, what stands out to you most in terms of addressing these unique OT challenges?

EJ: I’m genuinely impressed with Asimily’s platform. It feels like a modern solution that brings IT-level capabilities to the OT world. Let me highlight a few features that really stand out:

1. Advanced Mitigation Controls: Our platform can identify attack surfaces, such as unnecessary open ports, and generate access control lists (ACLs) directly within the product. This integration with firewalls and NAC solutions for protection measures is fantastic.
2. Vulnerability Exploit Analysis: We can quickly determine if a vulnerability is exploitable based on the specific customer environment. This helps cut through the noise and focus on truly critical issues.
3. Contextual Risk Assessment: Beyond just identifying vulnerabilities, we assess their impact based on how devices are used in the environment. This allows us to prioritize risks more effectively, potentially narrowing down hundreds of vulnerable devices to a critical few that need immediate attention.
4. Out-of-the-Box Integrations: Asimily offers numerous integrations with existing IT security ecosystems, including SIEMs, NACs, firewalls, DHCP management systems, and vulnerability scanners like Tenable and Qualys.
5. User-Friendly Policy Creation: Our platform allows for custom policy creation through an intuitive interface, making it accessible even to those without programming knowledge.
6. High-Performance Architecture: The way our sensors and edge devices work is extraordinary. We can process traffic at 20 gigabits per second, which is impressive for this type of solution.
7. Advanced Packet Capture: We can trigger packet captures based on custom policies, allowing for deeper investigation and providing forensic evidence when needed.

HF: Many solutions currently claim to offer robust AI and machine learning-powered functionality. What makes Asimily’s approach to AI and machine learning unique, especially for OT?

EJ: Our AI and machine learning capabilities are a cornerstone of our platform’s effectiveness. While these technologies are regularly leveraged for the medical and IoT sectors, they’re proving equally valuable in the OT space.

The primary function of our AI and ML is to enhance inventory visibility. We can provide incredibly detailed and accurate information about devices in the network, including:

• Open ports and services
• Running applications
• Specific versions of operating systems and software
• Communication patterns and protocols used

This granular level of detail allows us to implement more effective and precise mitigation controls. We can tailor our security measures by understanding exactly what attack surfaces are available on each machine.

Moreover, our AI helps in contextualizing risks. It can analyze how devices are used within the specific environment and assess the potential impact of vulnerabilities. This context-aware approach allows us to prioritize risks more effectively, focusing on vulnerabilities that are both likely to be exploited and would have a high impact if compromised. Another area where our AI shines is in anomaly detection. By learning the normal behavior patterns of devices and networks, we can quickly identify and alert on unusual activities that might indicate a security threat.

HF: Thank you so much for these insights, Ed. As we wrap up here and consider Asimily’s origins in the IoMT space, how does the platform translate to IoT and OT use cases?

Ed Jowett: Thank you, Haley. I’d just like to emphasize how excited I am about the potential here at Asimily. With my background in cybersecurity spanning over 20 years, I see immense opportunities for Asimily to address pressing security needs in the OT space. Because Asimily is designed to operate in the most highly regulated and stringent environment of medical devices, we’re uniquely positioned to solve the most pressing issues within OT environments.

The speed at which our team updates and improves the product is truly impressive, faster than anything I’ve seen in my career. This agility, combined with our innovative approach to security, puts us in a unique position to tackle the evolving challenges in OT security.

As we move forward, I believe our journey in the OT sector will mirror our success in the medical and IoT spaces. We’re heading down an exciting path, and I’m confident we have the right team, ecosystem, and technology to establish ourselves as a leader in OT security solutions.