In a recent case study about the concept of "Think Global, Act Local," we discussed the huge increase in efficiencies and visibility through an agent based approach to OT cyber security and system management. A lot of times, customers tell us this solution isn't an option for them because the OEM does not approve of agents. But we're here to challenge that notion.
OEM Cyber Security Coverage
When discussing coverage capabilities, we mean an OEM providing a complete security solution including whitelisting, AV support, patching, system hardening, syslog/monitoring capabilities, change management, backups, and disaster recovery. Many OEMs offer portions of a security program, not the entire offering.
**Side Note - I am sure you are saying - "well all OEMs offer patching support" and you would be right. But do all OEMs for all of your systems support ALL patches? Remember the anecdote that a pre-OEM patch project showed 1,250 risks on a single asset. After the OEM performed their very expensive patch process there were still....wait for it.....800+ risks. The OEMs cannot review, test, and certify all patches!**
The second coverage challenge is in supporting systems. The OEMs do well in supporting systems, but when they hand over their portion of the process, it is almost always tied to other OT equipment that help to manage the entire complex process that makes up your operation. That means that vendor A will typically stop at just their equipment and no one else's. Some OEMs try to push more holistic security programs, but in reality, we are a long way off from having any major OEM be okay with their competitor OEM securing each others' assets.
OEMs in Manufacturing: Preventing Progress
As each OEM has their own supported versions of specific security tools, the typical, multi-system facility has a multitude of duplicate security tools. One AV solution for each! There are some OEMs who change their tool sets over time.
This means a single operator is expected to support two units from the same OEM with different vintages of security, and therefore, it is yet another platform operators must become adept at to manage and maintain. This can quickly get out of hand and is a significant burden on the operating team to maintain.
Impact of OEMs in Industrial Control Systems
The final challenge with the current OEM/Owner relationship is that when the project is over or the shift ends, it is the owner/operator that owns the system, the risk and the financial impact of loss of life if something goes wrong. The owner invested in the equipment, so shouldn't the owner have the right to say 'we want a single, cross platform, comprehensive solution' so that they have a fighting chance of success?
To be fair, there are more and more OEMs dawning to this notion and becoming much more flexible. We are working more closely with many of them to partner for better solutions for our mutual clients. But there is still a significant bias towards this relationship within the operating facilities.
Automated, centralized, homogenous security controls are the only way this industry will succeed with the growing risk and shrinking skills sets we are faced with today.