Operational Technology (OT) Security- Vulnerability Remediation

Prepare for the Worst with the Best

While an OT Security scanning tool can provide Aries with data to create a baseline configuration for many OT assets, the reality is that older assets and custom-built assets often do not play well with these tools. To work around this reality, Aries has the ability to connect to product data management (PDM) tools to create baseline configuration models or can use CSL (Aries custom scripting language) to manually create these models. Once established, these models can be used as a baseline to detect unplanned or undocumented changes to assets, and to leverage the Layer 2 functionality of identifying vulnerability threats contained in unstructured data. Once detected, these vulnerabilities can be mitigated through the standard BAM process with confirmation being provided and the base configuration being updated appropriately. This added functionality allows OT environments to perform security vulnerability assessments even when an OT Security scanner cannot provide baseline configuration or vulnerability data. The result is an ability to identify relevant vulnerabilities, where the capability does not currently exist and being able to reduce potential security threats resulting in a more secure OT environment that experiences greater reliability and uptime. This benefit becomes particularly relevant when assets are older and / or are more custom built and security scanners cannot be employed.

Aries offers a multitiered approach to vulnerability remediation for OT assets in any setting. Aries is able to connect data gathered by OT scanning tools (e.g. Claroty), create a baseline configuration of OT assets using this data (hardware and software), and associate this data as attributes of assets contained in Maximo, ServiceNow, or other business automation platforms. Aries also offers two unique methods to collect additional vulnerability information and to remediate issues often either overlooked or delayed due to the time investment required to discover the associated vulnerabilities.

Why is this important?

Cybersecurity is becoming an increasingly vital solution platform for the Operating Technology (OT) environment. What was once thought to be a difficult and somewhat impenetrable environment built on SCADA networks and in many cases air gapped, has proven to be ever more accessible to well-funded bad actors using increasingly sophisticated attack vectors. OT environments often serve mission critical roles in the economy, from supporting utility infrastructure, to manufacturing, to national defense weapons platforms. Thus, threats to OT often involve denying access to public water and energy supplies, interfering with plant operations, disabling military weaponry and defense systems, and interfering with hospital services.

Aries offers three different layers of vulnerability remediation protection within its solution platform.

Tier 1

Aries offers three different layers of vulnerability remediation protection within its solution platform.

Tier 2

Aries is able to connect with OT Security Scanner platforms, such as Claroty, and use the hardware and software data the scanner collects to create a baseline configuration for the scanned asset that is then tied to that asset in a Business Automation Platform (BAM) such as Maximo, ServiceNow, or another platform. When a vulnerability is detected by the OT Security scanner, a script is created by Aries that generates a workorder in the BAM for all impacted assets. Once the remediation is completed, the scanner will automatically update the baseline configuration, and the BAM will also reflect the change. This functionality allows security scans to be incorporated directly into the business automation platform allowing OTenvironments to incorporate security into their standard OT maintenance / remediation workflows. The benefit of this is security vulnerabilities are tracked and remediated more quickly, known vulnerabilities that are not remediated for business purposes are logged as exceptions, and vulnerabilities and remediations can be tracked corporate-wide for governance and compliance purposes. The end result is OT environments are more secure and OT environments experience greater reliability and uptime.

Tier 3

Through a connection with an IBM Watson LLM (IBM’s enterprise class AI engine), Aries becomes a powerful solution for identifying vulnerabilities contained in large unstructured data sets that include security, technical, and service bulletins for OT assets. By design, Aries’ scripting language, CSL, is easy for an AI to generate automated scripts. After ingesting the various bulletins, and identifying the vulnerabilities called out in these voluminous documents, Watson is able to work with Aries (and the baseline configuration) to generate scripts that identify the assets that are exposed to security threats and automatically generate workorders that specify the fixes that need to be employed to remediate the vulnerabilities. Once the remediations have been completed, the scanner will automatically update the baseline configurations, and the BAM will also reflect the appropriate changes. This benefit of this added functionality is what is currently a manual, timely and often inaccurate process is streamlined and refined. This means reduced labor costs, higher accuracy when identifying relevant vulnerabilities, and a much higher percentage of potential security threats being eliminated resulting in a more secure OT environment that experiences greater reliability and uptime.