New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch 

new-open-source-ot-security-tool-helps-address-impact-of-upcoming-microsoft-patch 

Industrial cybersecurity firm Otorio has released an open source tool designed to help organizations detect and address issues related to an upcoming update from Microsoft.

Otorio’s DCOM Hardening Toolkit, which is available for free on GitHub, is a PowerShell script that lists weak DCOM authentication applications installed on the tested workstation and provides functionality to address associated security issues.

The tool is useful for organizations that use the OPC Data Access (DA) protocol for communications between PLCs and software within OT networks. OPC DA relies on Microsoft’s Distributed Component Object Model (DCOM) technology, which can introduce serious vulnerabilities.

The newer OPC Unified Architecture (UA) protocol does not rely on DCOM so it’s not affected by the same security issues, but many industrial organizations still rely on OPC DA.

The problems that the Otorio tool aims to address are related to some changes that Microsoft has been making. 

In 2021, Microsoft informed customers about CVE-2021-26414, a Windows server security feature bypass flaw. Addressing CVE-2021-26414 requires hardening DCOM, which could cause problems for some organizations using it and that is why Microsoft is gradually implementing changes. The goal is to give users enough time to check and resolve any compatibility issues. 

The first updates were released by Microsoft in June 2021, with the DCOM hardening disabled by default. The second updates, released in June 2022, enabled the hardening by default, but allowed users to disable the changes manually. 

The last updates, scheduled for March 2023, will keep the hardening enabled and users will not be able to disable it. 

Otorio’s DCOM Hardening Toolkit can be used to learn whether an OT network includes unsecured DCOM that will become inoperable after the new update is rolled out in March, and it also provides remediation instructions. 

“If a company applies the March patch and loses critical visibility and communication between nodes in its network, it could experience significant financial losses. Our goal is to prevent that kind of catastrophe,” said Yair Attar, CTO and co-founder of Otorio.

Otorio has also implemented the open source tool’s capabilities in its RAM² cybersecurity and digital risk management platform for OT. 

Related: New Dragos OT-CERT Provides Free Industrial Cybersecurity Resources

Related: Open Source Tool Helps Organizations Secure GE CIMPLICITY HMI/SCADA Systems

Related: Open Source Tool Helps Secure Siemens PCS 7 Control Systems

The post New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch  appeared first on SecurityWeek.

Why CISOs Make Great Board Members

why-cisos-make-great-board-members

As I discussed previously, the past three years created a perfect storm situation with lasting consequences for how we think about cybersecurity: 

  • Digital transformation accelerated significantly. Projects took off due to the pandemic and remote everything—work, manufacturing, healthcare, you name it—became imperative for business survival.
  • Ransomware went for the jugular. Critical infrastructure organizations had to navigate an escalating threat landscape, especially a surge in ransomware attacks as threat actors understood that the value of operational technology (OT) networks and the availability of crypto payment infrastructure improved their chances for pay-outs. 
  • Cybersecurity became critical to business. Under siege, businesses prioritized building resilience for which cybersecurity is essential and, when done well, can drive competitive advantage. 

The impact of this perfect storm on boardroom conversations has been that cybersecurity technologies and teams have shifted from being viewed as a cost center to a business enabler. The shift is so crucial to business outcomes that Gartner expects that by 2025, 70% of CEOs will mandate a culture of resilience and recommends risk leaders recognize resilience as a strategic imperative to survive a confluence of threats. The mission is no longer just to protect, but to build trust that the business can operate even under strenuous conditions and to accelerate innovation within business units. That is very different from how security teams operated for the last two decades.

Businesses that invest in cybersecurity as a competitive advantage are transforming their business models. Every company is or will become a technology company, and those doing it faster are winning. Accenture refers to companies that have doubled down on technology and innovation as “leap froggers”, growing five times faster than laggards in the past three years.

Geopolitics contributes to this storm and need for board change

Geopolitical conflict has raised the stakes even further and is here to stay, whether in its aggressive form of the Ukraine conflict or more subtle, as in the competition between the U.S. and China. That means companies that are a meaningful part of the economy of their countries, or that hold strategic importance because of the sector they operate in, will find themselves increasingly as targets in those conflicts. 

In addition to needing to significantly increase their collective understanding of technology innovation risk and objectives, CEOs and board members need to understand how the current geopolitical situation could be affecting the organization’s risk posture, adversaries’ motivations, and how best to dedicate resources. 

Many CEOs and board members are finding it exceedingly complex in this current climate to accurately identify, much less reduce risk, which is why shifting the makeup of boards is needed. A vast majority of board members are former CEOs and CFOs, with most new directors still coming from those backgrounds (26% and 23%, respectively). The good news is that 17% of new directors now come from the technology sector which is beginning to fill the hands-on experience gap of navigating technology-led businesses.

CISOs as board members 

One natural solution to infuse more technology and security expertise on boards is to recruit CISOs and CIOs for those positions. While just a few years ago that was mostly unthinkable, today an increasing number of boards are seeking out those experts, even if it means attracting board members with no prior board experience. That in itself is helping break another unfortunate aspect of boards: a lack of diversity and infusion of fresh perspectives and experience to handle emerging oversight challenges such as digital transformation and cyber and operational resilience. While we aren’t where we need to be, progress is happening and now 14% of CISOs say they sit on a corporate board or both a board and an advisory committee.

Even as first-timers, successful CISOs make for successful board members. In the last few years, the best CISOs have pushed their organizations outside of their comfort zones, resulting in high-ROI projects that contribute significantly toward the digital transformation of the organization. The spirit of this relentless pursuit to transform is highly impactful at the board level, and the practical knowledge those CISOs bring is very valuable. 

Another encouraging trend, Gartner predicts that by 2025, 40% of companies will have a dedicated cybersecurity committee. Who is better suited than a CISO to lead that conversation? Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. CISOs can provide advice on moving forward with digital change initiatives and help companies prepare for the future. They can explain the organization’s risk posture, including exposure related to geopolitical conflict as well as to new business initiatives and emerging threats, and what can be done to mitigate risk.

Lastly, the role of the CISO has evolved from being a risk metrics presenter to a translator of risk to the business. Therefore, the expertise CISOs have developed in recent years in how to explain risk to the board makes them valuable contributors to these conversations. They can elevate the discussion to ensure deep understanding of the tradeoffs between growth and risk, enable more informed decision-making, and serve as guardrails for total business alignment.

The future belongs to the companies who are fastest and boldest in their adoption of technology as a competitive advantage. To best protect this future, we need technology and cybersecurity leaders on boards who understand and can translate the risk side of equations into successful business outcomes. 

The post Why CISOs Make Great Board Members appeared first on SecurityWeek.