the future of it and ot converged orchestration ......automation vs orchestration today’s it...

New Context Services, Inc. | www.newcontext.com | @newcontext

The Future of IT and OT Converged OrchestrationGridSecCon 2018Andrew Storms


20+ years security & product experience.Advocacy on security appears in CNBC, Forbes, and NYT. Previously CloudPassage, nCircle, and Tripwire.

The last 4 years I’ve been blessed with the opportunity to work with a handful of utilities and national labs to research the viability of performing automated threat detection and response.

San Francisco

Andrew Storms

VP, Product at New Context

@St0rmz

New Context protects data and the movement of data in highly regulated industries

The Future of IT and OT Converged Orchestration | GridSecCon 2018 | Andrew Storms


AUTOMATION VS ORCHESTRATIONToday’s IT automation is not tomorrow’s orchestration

Today’s IT automation tools are a set of glorified incident response gadgets

Malware!

Investigate

VirusTotal

Open Ticket

Not Orchestration Orchestration

Design Installation Potential Failure Failure

Time

Cond

ition

PrecisionMaintenance

PreventativeMaintenance

• Reactive• Pre built playbooks• Triage

• Proactive• Entire system lifecycle• Automated governance

Orchestration



3 KEY AREAS TO CONSIDER

If you are considering running IT automation in your OT environment

Deployment Considerations What OT can learn from IT What IT can learn from OT



DEPLOYMENT CONSIDERATIONS

1. Level of access corresponds to level of action. Consider an analogy of permissions• Alert = Read• Assist = Write• Automate = Execute

2. Create a vendor DMZ• Segment within a segment

3. Perdue Model• Level 4

4. Bell–LaPadula model (BLP)• Read down, write up

3 Stages Of OrchestrationAc

cess

Leve

l Automate

Assist

Alert

Time / Maturity

Read

Write

Execute


Suggested Guidance


WHAT OT CAN LEARN FROM IT

Ephemeral Designs

Measure Anything, Measure Everything

Plan for Isolation as a Response

“If Engineering at Etsy has a religion, it’s the Church of Graphs.” Etsy Code as Craft, 2011

"I surveyed the network, and found that two thousand computers were infected within fifteen hours.” Clifford Stoll on the famous 1988 Morris Worm

In order to support orchestration, OT may need to consider…

“If your application can't tolerate a system failure would you rather find out by being paged at 3am or after you are in the office having already had your morning coffee?”Netflix Chaos Monkey



WHAT IT CAN LEARN FROM OT

OT Prioritizes Safety and Reliability

Make Use of Estimators & Analysis

Prefer Single Purpose Machines

“went into the server room and walked up to the server with its console perched on top. I logged in and, without checking, I entered the shutdown command.” BOFH, The Register

“Known as CoinHive, the JavaScript program is designed to reside on web sites and run in the browsers of visitors to crunch the calculations that mine a cryptocurrency” Fortune 2017

When it comes to orchestration, IT can learn a few things too..

“Due to an operator error, all us-east-1 API systems and customer instances were simultaneously rebooted at 2014-05-27T20:13Z (13:13PDT)” Joyent outage postmortem May 2014



IN SUMMARYIf you are considering running IT automation (or orchestration) in your OT environment

Deployment Considerations

What OT can learn from IT

What IT can learn from OT

• Provide access only as needed

• Ephemeral Designs• Measure Anything, Measure Everything• Plan for Isolation as a Response

• Safety and Reliability• Make Use of Estimators & Analysis• Prefer Single Purpose Machines

Andrew Storms, [email protected], Product@St0rmz


the future of it and ot converged orchestration ......automation vs orchestration today’s it...

Documents