Security, Identity, and Industry 4.0

Thank you very much. So I had done the introduction to the Women in Identity Organization and now I would say more back to work what I am doing and Christina, my colleague, are doing on security identity and Industry 4.0 maybe for those who hadn't been in the previous session. A short introduction. My name is Angela k I'm for a very long time in security and identity and my current role is the CTO for this topic, identity and success management in the IBM Center of Excellence in emea.

Christina, introduce yourself. Yes, thank you. So I'm Christina and I'm working with IBM for more than five years now. In particular in the identity and access management field. There I work as consultant for identity and access management and yeah, recently moved on in in another role in the X-Force team in the incident response field. But I'm happy in that I'm still here and doing this presentation together with an car on identity security and industry 4.0.

Okay, then let's start, and I was sitting in the session in the hour before and there had been a lot of presentations on OT and what to do and non-human accounts and these things which I thought were all interesting. So they also showed a lot of what are the challenges, but, and lets me start with also the numbers. As I said before, I'm a mathematician by education, so I'm with numbers and here's some of them. So data breaches, the, according to the data breach report, global cost of a data breach.

In last year, the average, the average data breach had costed $4.45 million, but I think this doesn't really matter. Dollar euro something, and this is an increase, an increase again. So everything is getting more expensive. Also the data breaches and how to solve them. And what we also see, and this is something on the on the for X four threat management report for this year, this is a very current, one of the actual one, an increase in year over year in volume of attacks using valid credentials.

And I have heard that yesterday and also this morning using valid credentials is now, yeah, standard I would say for the attackers. And the increase to the year before was 71%. And why I'm talking about that, this is the last number of roughly a quarter of the incidents in the top 10 industries are in manufacturing. This means other way around manufacturing makes a quarter of all the incidents in the top 10 industry. And this is an incredible number. And this shows again the need why these you need to secure, especially also in the OT environments. In the OT environments.

And this is then, which leads me to the term industry 4.0, the digital transportation transformation of industry. Of course this has a reason and the reason is the development. How has the industry developed? How is manufacturing, how is OT working today? Of course you have all these physical devices, you need that to manufacture something, to distribute something.

But, and here's the, but in the last years it had been really relying more and more on data, using data, using informed data to yeah steer and to manage the processes in manufacturing in ot, in critical infrastructure. I think it was who had preferred to NIST two. This is something where we see everywhere and of course more automation and the protocols and the core is now data and connectivity to really steer all the processes. And you can use this gained data to understand through digital twins how your reality or your real physical equipment would work.

And this can also be used for attacks. So this sounds great for producing industry for the OT industry. Nevertheless, what we see here is this also has a lot of challenge and security issues with that because you are now consuming a lot of data, you are under attack and this attack gets into the physical world. And in the physical world, the ability to secure things is not as there as it is now. In it you have things which are 30 years old and this cannot be really secured with what we are doing today in it.

So how to cope with that and especially in the critical infrastructure in this two is requiring that until the end of October of this year to do that. So nevertheless, a lot of challenges and Christina will now pick, I would say one of the challenges and see what you can do there.

Yes, thank you. Yes. And as Angelika said, all of these evolutions and revolutions bring security issues with them and with bringing more and more IT in the oftentimes really legacy OT environment, also the IT threats emerges in the OT environment in that also in industry 4.0, this includes for example the lack of identity and access management consideration as well as weak password management.

So as we know in more and more connected environments, so connecting to the internet and automations, restricting accesses and also strong password, strong passwords and strong authentication methods are key to secure the landscape. The, this also includes the lack of supply chain and also remote third party security and also insecure remote accesses. There is still a lot of machines, for example, that are bought by from, from vendors which are need to be updated, upgraded or something like this, which is partially done already remotely.

So these excesses are crucial to be secured and also to be restricted that not everything can be done in that environment. And then to tackle all these challenges, there are regulations and standards out there which are also evolving through this threat landscape. And to try to enforce or not only try, but they enforce at least a minimum of security measures that will be implemented or must be implemented by these industries. And we have out there more than 15 regulations worldwide for different industries and also more than eight standards which provide some requirements.

The regulations are some more or less specific in, in their requirements, like for example, the proportion effort and the degree of the risk that should be implemented and adopting a wide range of security measures in the environment. But they also require the establishment of physical and digital access rights. But the standards are there at least a bit more specific with, for example, requiring a documented request and approval process that they require segregation of duty rules that they require that an A leave process is implemented.

So when an employee leaves the company that all the accounts and user and all the user accounts and access rights are then revoked from that person. And as I said also in the beginning, the remote accesses that they are secured by good solutions including privileged user accounts. And with that we can conclude that identity and access management are key considerations for these environments.

And as we already said at the very beginning is that the focus, the focus shifts away from exploiting vulnerabilities to rather use valid credentials or acquiring and use valid credentials in the environment and to perform lateral movement in the environments to gain the objective that the malicious actor has. And so again, with these, with this knowledge, really identity and access management is more and more key and needs to be considered in a comprehensive identity and access management approach.

And one part of this approach and these key considerations can be identity, threat, detection and response. So IT DR is a comprises of user behavior analytics, threat intelligence processes as well as automations. And has there the objective to proactively and reactively identify identity centric or identity related attacks.

This, these solutions aim to really limit the impact of endo attacks and also to accelerate the recovery after an attack cured on the, for you right hand side, you can see a simplified example workflow of an ITDR solution. So we have at the beginning the potential threat where a lock on attempt is performed with a user account using valid credentials and the ITDR solution observes this lock on attempt and then identifies that this lock on attempt is or or originates from an IP address that is marked as suspicious in the threat intelligence database.

Then the ITDR solution immediately initiates a multifactor authentication since the user or the person or the machine behind that could not provide the second factor, the user cannot access. These workflows can be configured differently depending on the capabilities of the ITDR solution and also depending on the capabilities of the user account itself. For example, the user accounts can also be immediately blocked, A password reset can be initiated and there are solutions out there which have also different focuses of the ITDR capabilities.

For example, some are focusing on the authentication workflow, others are focusing on some specific identity solutions, but have their very specific capabilities for identity, for threat hunting or threat intelligence as well as in the recovery. ITDR solutions can also be integrated in other security functionalities like for example, or an XDR solution to have a comprehensive approach and a single solution with all specific events and then automation that can be implemented for that. To summarize what you have heard today, we have here summarized the key takeaways.

So the first, what you heard today is that more and more it gets into the OT environment and here's the challenge that the IT security measures that you can easily implement in your IT environment cannot be as easily applied in the OT environment. And also with the shifting it in the OT environment, the it, IT security threats are also emerging in the OT environment. And for this, the awareness must be hidden for people in industry 4.0 and a comprehensive identity and access management approach should be considered to mitigate these threats.

And one part of that can be an ITDR solution that can support mitigating these threats and risks and also can support accelerate the recovery or the finding of an identity centric attack. And with that, I'd like to thank you very much for your attention and if you have any questions, I think we actually have some time to answer some questions if there are any. Thank you very much. So please out there in the audience, if you have a question, feel free to raise your hand and I'll come to you.

But while we're waiting for you to respond, I have a question for you in this research, what was a, a surprising encounter, something that you weren't necessarily expecting to see in this? For me it was in particular the increase of the use of valid credentials.

So the, the numbers, the, the huge amount of, of number using valid credentials was, so it was, I saw that in, in, in the past that this is used more oftenly, but that is such a huge increase. I didn't expect that at the first point.

Yeah, yeah, yeah. And for you, For me it was explainable that about a quarter of the industries is manufacturing which are impacted. And this was for me surprising, but thinking about it, it was explainable because as Christina has said, as I have said, the issue is here is one thing is the awareness or the lacking awareness, even, even with this two looming around the corona, the lacking awareness and the difficulty to really secure these things due to age and physical ability or non ability and these things.

So it's explainable that it is a quarter, but nevertheless this was surprising me that it is a quarter. Absolutely. Last questions from the audience. Yes. Let me come to you see, oh, I've lost, no, really that was you. Okay. I'm sorry. Testing. Hi.

Yeah, so could we go back to that slide with the ITDR? I was, so this slide have, have you guys considered a more of a zero trust approach? So instead of even going to ITDR just immediately, I don't know this person or, or if I, even if I know this person, they need to reauthenticate every single time. So I'm not sure if I get the question correctly. You mean rather using a zero trust solution or a zero trust infrastructure than using, rather using ITDR solutions?

So there, there are several different approaches that you can definitely do in in the OT or the industry 4.0 environments and the zero trust approach.

So the ITDR solution helps in the zero trust approach to ease the user, I would say the usability so that you, even if you have the zero trust and you have to authenticate each time, again, this ITDR solution can then improve the usability by, for example, okay, the, your user behavior shows you usually do this and that, that the multifactor authentication can fall apart for that for the second authentication approach for example, or that then the, the user behavior shows okay with the normal approach that you are behaving this deviates and with that, okay, let's do another step of authentication.

Also, we are doing some authentication, but your behavior is some something strange. So in an ITDR solution, there are some solutions that include threat intelligence in the background where for example then phished credentials are found in the, in the threat intelligence database that can be then pushed into the I-I-T-D-R solution.

With that you can also identify malicious user accounts or malicious activity and say, okay, your user credentials have been phished, we need to do other approaches to authenticate and that you are really you or that the behavior deviates then Great, Maybe I add to this one. So, so this is just an example and you can say this is not a good one because you could have done MMFA before, but nevertheless it shows how you have the threat, the detection and the response. And in some areas the response cannot be in that way.

You see that there are the usage of valid credentials, but you suspicious there is some suspicious things and it now it depends on how you can react also in the OT environments, even having credentials is sometimes a challenge. So, and this is, as I said, this is just an example and of course having these things in advance would be in addition, but you need to have also the threat detection and the response regarding the identities. Great. Thank you for the questions. Thank you so much for sharing your expertise with us. Another round of applause. Thank you. Thank you. Thank you.