The advent of complex communication networks has revolutionized operational architecture in industrial environments over the last 20-30 years. The availability of real-time operational data has proven to effectively compress decision cycles, increase productivity, and has freed organizations of many resource constraints in their operational environments. However, the fact remains that the reliance on real-time operational data and asset connectivity and communication within industrial environments has also opened the way for attackers to potentially compromise asset functions through the very communication networks that are now depended upon for control of physical processes and safety. Additionally, the steady worldwide increase of industrial cyber-attacks has motivated security professionals to develop a plethora of assessment frameworks to help identify weak points in network defense and lower risk. This includes assessment frameworks specifically designed to identify threats and mitigate vulnerabilities within industrial control systems (ICS). However, no single IT or OT analytic framework allows industrial asset owners to scope and prioritize the most critical network assets (crown jewels) as they relate to the most functionally dependent processes within an operational environment. This paper will attempt to introduce an easily applied and repeatable analytic process that will help identify and prioritize network asset criticality by aligning to already known risk metrics within industrial environments. We describe this scoping process by laying out a foundational analytic framework that starts by identifying completed Process Hazard Analysis, or PHA, within your industrial environment . Next we use the results of these analyses and assessments to steer and identify control network dependency of critical processes to systematically determine crown jewels within deployed operational networks. Once identified, crown jewels become the basis for scoping and planning cyber threat hunts, incident response plans, penetration / vulnerability assessments, and can better inform cybersecurity strategies by aligning security needs with assets that are most critical to operations.
1. Understand ICS attacker mindset and objectives
2. Apply a model to merge traditional IT and OT risk assessment methodologies
3. Identify crown jewels through functional dependency analysis
4. Increase defendable position based on model output
SILVERinterested in becoming a sponsor?