November 30, 2022 • 17 mins
What do cybersecurity and the Wild West have in common? Is it the lack of laws? Malicious actors? The frontier mentality? According to Dr. Chuck Louisell, a chief data scientist with previous experience at Cisco Systems and Booz Allen Hamilton, the Wild West and cybersecurity have more in common than previously thought. On this episode of You Got Hacked, Dr. Louisell and Ariel discuss the Purdue Model, the DMZ and the Wild West of Cybersecurity.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Ariel Stenger (00:00):
Hello and welcome to this episode of You Got
Hacked. A podcast produced bySierra Nevada Corporation's
cybersecurity team. On You GotHacked, we focus on
cybersecurity issues, currentevents and technology solutions
specific to protectingOperational Technology at the
endpoint to make you, yourfamily and your community
smarter, safer and more securefrom the ever-evolving cyber
(00:22):
threat landscape. I'm your host,Ariel Stenger. So one thing that
we talk about each episode onYou Got Hacked is operational
technology. And the reality isthat on a day to day basis,
operational technology, as like,as we like to say, OT, really
provides the backbone of ourlives. Everything from cold beer
(00:43):
in the refrigerator, heating ourhomes, gas stations that fuel
our cars and even trains thattake us from A to B. Though we
don't have to think about thereliability of these OT
amenities on a day to day basis,they really do require
specialized cybersecurityprotections. So today, I'm super
excited to welcome ChuckLouisell. We're going to dig
(01:04):
into something called the DMZ,or demilitarized zone. And in IT
cybersecurity world, this is theintentional division between IT
systems and OT systems. Chuck,thank you for joining me today.
Appreciate you taking the timeto walk us through the DMZ.
Let's just start off with abrief introduction. How'd you
(01:24):
get started? And what are youpassionate about?
Chuck Louisell (01:27):
No, glad, glad to join you today, Ariel. This
is a really, really importanttopic. And it's very timely. So
I look forward to ourconversation. So by way of
background, I had a 22 yearmilitary career that spanned a
lot of aspects, starting out inthe in the purely kinetic zone
and kind of retiring out of theblended kinetic and, and cyber
(01:52):
zone, if you will. And so withthat, I went into a
post-military career that'staken me in a lot of places. And
one of the features for today'sconversation is I spent several
years at Cisco, I've spent aboutfive years at Cisco Systems. And
in that role I was specificallydriving towards how do we take
(02:17):
as emerging IoT environments,emerging, you know, Internet of
Things and all the devices thatmight be attached, and how do we
put them into a secure postureas we go forward both in, in
national security applicationsand in commercial
infrastructure?
Ariel Stenger (02:35):
Wonderful. Yeah. It's an impressive background
and appreciate, again, yourservice and, and your duty to
our country and our nationalsecurity in a variety of
different ways, whether that wasthrough official service or
through public service, really.So let's get started here with
the foundation and just kind ofunderstand what is an IT DMZ?
(02:56):
What is that demilitarized zone?And, and is it a new concept?
And how well is it understood?
Chuck Louisell (03:03):
So let's, let's think about this for a second.
So let's look at the roots ofit. There's a IT-OT interface
model that's called the PurdueModel that many of the listeners
may be familiar with. Thatreally has been kind of a
mainstay of thinking in thisworld. How do you converge IT
and OT?
Ariel Stenger (03:24):
So the Purdue Model is an architecture that
helps us think about how anetwork works between different
kinds of devices, thinkcomputers, servers, Internet,
and the PLC is on theoperational side that control
the endpoints. And a PLC, ifyou're, if you're not familiar,
is the Programmable LogicController, which is essentially
a software driven remote thatcontrols OT endpoints, like
(03:47):
sensors and machines, that runthe power grid. So with the
Purdue Model, at a level zero,we're thinking of the OT
endpoints and machines. Levelone is the PLC with these
intelligent devices. Level twois the WiFi/human machine
interfaces, and really all ofthe control systems. And Level
three makes up thismanufacturing systems. And take
(04:09):
a quick pause there, and youenter the DMZ that Chuck is
about to explain here a littlebit more. The DMZ separates all
of those OT systems and levelszero, one, two, and three, from
the IT systems that really takeup level four and five, where
there's computers and theservers sit.
Chuck Louisell (04:27):
And in the Purdue Model, they have several
layers, right? This they haveall the way down at that machine
layer, layer and all the way upat the top. They have the, they
have your IT layers where peopleare handling their normal
business day to day. And inbetween those between layer
three and four in the PurdueModel, they wedge this thing
(04:47):
called the DMZ. And so you knowwhat is it and what's it for?
And it's really to bridge thedivide between IT world and OT
world because there's somesignificant differences, right.
And so, Ariel, the first onethat always comes to my mind is,
you know, the network structureand allowable navigation paths
(05:08):
in the IT world are defined byusers role, their scope and
their permissions. And that,because now people can, you
know, it's kind of like when youhave your commute, you can take
any path or combination of pathsto get from from home to work.
But that creates a, quite acomplex transaction pattern in
the IT space, and where in OT,communications are generally
(05:32):
over very defined specific andallowable pathways because it's
a highly directed environment.In other words, everything
doesn't always talk directly toeverything, it may talk within
its device level rings, youknow, three or four things in a
in a ring that have to cooperatein order to execute something.
But in general, it gets very oneway after it leaves the the
(05:55):
device level ring. So I thinkthat's one of the fundamental
things that we need tounderstand is when you make that
divide, transition from IT toOT, we're going from a multipath
world to a directed path world.
Ariel Stenger (06:10):
So, so that it sounds like, you know, you have
to really be able to think andto to address a totally
different context betweensomething that is multipath and
and then going to a single path.And like how do you how do you
streamline those two and makethem interconnect?
Chuck Louisell (06:25):
Right. So one of the things that happens in the
OT world, is it generallydoesn't get provisioned all at
one time, right? You don't say,hey, we woke up this morning,
we're going to do you know,industry 4.0. And whoosh, the
factory floor is transitioned.Usually what may happen is you
might have functions that gettransitioned, and they get
(06:47):
transitioned by company A. Andthen you get another activity of
another function that that isbest suited for Company B, and
then a third one, Company C, etcetera. And all of a sudden,
over a period of time you windup with this very diverse, yet
separated user environment,we're now the users not just
(07:11):
people, the users arepotentially machine controllers
and the sensors that help drivethem.
Ariel Stenger (07:17):
What Chuck is explaining here and about to dig
into is the strategic design toprotect the OT from the IT, and
vice versa, the IT from the OT,with all potential users on the
network. So some ways that youcan do this is by really
employing strategies likerestricted access, that limits
the ability to make potentiallydangerous changes to the
(07:37):
expensive OT endpoints, usingthings like multi-factor
authentication, so that only theright person can make changes.
And of course, what we've talkedabout before is workflow
enforcement, making sure thatthe right commands come in in
the right sequence, even if thehuman in the loop makes a
potential mistake.
Chuck Louisell (07:56):
And so what you wind up with, is you have a very
flat network that kind of hasthis wild wild west appeal. And
they're all little camps thatcan be attacked individually or
together. And they don't reallyhave a common defense. So the,
what the DMZ does, it gives youa place to provide the kinds of
structures that we wouldnormally, a hierarchical and
(08:19):
distributed structures that wemight put into an IT framework.
And we can now apply those, wecan know what everything that's
in there, what his name is, whatit does, what it should be
saying and who it should betalking to. And now we can
structure that. And then we canalso put up a gate, right, and
say, no one, not everyone on theIT side is allowed into the OT
side, right. And then uniquely,on the OT side, you may be
(08:43):
allowed in, but you may onlyhave permissions to do certain
things, you may have permissionsto download, or view data or
make adjustments within normaloperating limits. But you don't
have the ability to update thefirmware, for instance, or you
don't have the ability to askfor an outer limit. So what we
need to do on the machine sideis help provide an additional
(09:05):
layer of protection. So the DMZis usually characterized by a
firewall, you know, a modernstructure firewall, and it's
ideal to have one of those thathas what we call OT extensions.
In other words, it is tuned inand hooked to an intelligence
source that helps it understandwhat's happening in the OT world
(09:27):
in the different protocols youmight hear, hear, so that I can
now block some of those trafficelements at the firewall, before
I get to that secondary defensewhere we say, hey, your command
is illegal. You are not allowedto say that. So me the machine
is going to stay on my currentoperation until informed
(09:47):
otherwise. So that's sort of asimple explanation, if you will.
Ariel Stenger (09:53):
Yeah, yeah. I mean, the DMZ it sounds
incredibly complex to becompletely honest, because there
are a variety of layeredpermissions and just, you know,
kind of, it feels almost like anarbitrary line. But it but it's
not really arbitrary is it?It's, it's the machine side
versus the IT side, is that...
Chuck Louisell (10:11):
And you create a physical boundary with that
specialized firewall, thatfirewall that is dedicated,
right, to making the separation.So it know, it has, you know,
the, the ACLs, the, you know,the allowable, the allowable
list that can now come throughinto the system. And now so like
(10:35):
I said, Not everyone gets in.But once you get in, you can't
do everything, you may not evenbe able to address all the
machines, you may just be ableto address the one you're
specifically targeted to. So itreally follows the principles of
zero trust, right, zero trust onthe IT side is about what's your
role, we'll give you a scope,we'll assign you permissions,
and that's your navigationspace.
Ariel Stenger (10:54):
Zero trust is a relatively new term in
cybersecurity. And it was, cameout because of a publication
from NIST 800 207. And the ideais that just because you have
the device, and it's yours, youshould be able to trust it, you
technically can't trust it, andyou shouldn't. So what you'd
have to do is you'd requireauthentication and validation
before believing any of thecommands or any of the network
(11:16):
traffic. Zero trust reallyeliminates that implicit trust
in both IT and OT systems thatwe've had, historically. So when
we talk about the the DMZ, Imean, what is, what is it? What
are the main drivers to make theDMZ so prevalent?
Chuck Louisell (11:34):
Right, so one of the things, like I said, you
start off with a firewall, andthat's your first line of
defense. And then you buildstructure into the network, you
pull things and you startputting them on switches in the
same kind of manner that youwould gain devices or users in
an IT perspective. So you comeup with a network structure that
follows the operationalframework, right? And that's a
(11:55):
little bit different, right? Theoperational framework drives
that configuration, and then theallowable exchanges then drive,
what policies and permissionsyou put on someone's access.
Ariel Stenger (12:11):
Okay, so, so limited access some similar, I
mean, you mentioned zero trust,which we have another episode
on. But yeah, that that makessense that we are also applying
that same sort of layeredsecurity and don't trust any
part of any any part of thesystem on the IT or on the OT
side, regardless, and just doleast privilege basically.
Chuck Louisell (12:32):
Exactly. So it's least privilege, you have to
gain rights, you have to bring aticket to ride, so to speak. You
know, one of the other thingsthat's really important about
understanding the OT side andwhy it's different, well,
there's two, one is, on the ITside, you know, everybody's
heard of the CIA approach to theprotection, right.
Confidentiality, Integrity, andAvailability. On the OT side
(12:56):
that flips a little bit, becausethey're looking at, I need
integrity in that message, sothat I'm telling things to do
the right things and don't drivethem into a out limit state or
drive them into a non-operablestate, which is the AU is in
center, which is theavailability, and then
confidentiality becomes sort of,I won't say it's third tier,
(13:17):
because the step down is notvery far. However, the interest
in the IT side, or the OT side,excuse me, is about prioritizing
safety. And having a sharedperformance or availability,
it's just that those machines,whether it's electrical
generation management plan, orwhether it's a HVAC management
environment, deliver thefunctions under a wide range of
(13:40):
boundary conditions that protectpeople and equipment and
facilities.
Ariel Stenger (13:46):
Okay, interesting. So you mentioned
facilities and HVAC systems andjust you know, like the
different machine endpoints thatcould be there. How do how do
things like the sensors and IoTdevices, these smaller and more
Internet of Things objectsimpacts the DMZ?
Chuck Louisell (14:02):
Yep. So before I answer that Ariel, let me talk
to one thing, and because thiswill become important, you know,
on the IT side, you see thissort of turnover every three to
five years, you're, you'remaking some sort of technical
refresh, right. And so thelifecycle there's very, very
short lived, and in fact, in aswe've gotten increasingly
(14:22):
virtualized appliances, now youcan be changing them, you know,
quite, quite readily. It's not ahardware swap. It's hardware
hosting software. And those OSpatches and changes can happen
very quickly. On the OT side,these are things, so once you
put sensors and technologies outthere, they might sit there for
(14:42):
25 plus years. So in otherwords, those things don't come
with a rapid protection updateprofile associated with him.
They get deployed, and nowthey're out there. So when I
talk about sensors, I talk aboutdevices, I think of things in
terms of, they could be therefor a long time, they don't have
(15:05):
the ability to protectthemselves, so they have to be
protected within a network. Andthey actually just become users.
So, you know, user on the OTside is a machine, a sensor or
person, or, or combination ofall three.
Ariel Stenger (15:17):
Interesting. So this DMZ becomes a zone between
the IT and OT. And really, itdoesn't necessarily matter if
it's like the end user is thishuman, it could be a variety of
things. Like you said, the, thesensor, the machine or, or a
person.
Chuck Louisell (15:36):
Right, so it's all about three is three things
very simply, it's about who getsin the door, whether it's a
sensor or a person, once you'reon the other side of the door,
what are your allowable pathsbased on your scope, role and
permissions? And then, lastly,what is the allowable content
I'm delivering in theinstructions to that machine? Or
(15:58):
what is the allowable data thatI can pull? And I'll and I'll
touch change this up. So, youknow, the Purdue Model, I won't
say has gotten clunky over time,but it was born in a environment
where things were verystructured. But now that we have
maybe third party accessrequired, so the machine builder
(16:18):
has to access data from themachine. And that machine
builder wants that to come tothe cloud so it can be put in to
a preventive maintenanceprogram, for instance, right,
condition based maintenance. Andso, now all of a sudden, we have
to be very specific about notonly what, who gets in, where
(16:38):
they can go, we have to talk toexactly what can be delivered to
who, so that's that contentprotection. And then is that
message valid? Is it within themachine limits? Is it going to
preserve the safety of thepeople in the equipment in the
facility, and or the socialstructure of their supports?
Ariel Stenger (16:59):
Super interesting, Chuck, and it's so
helpful to hear about theoverlap between zero trust
approach to the DMZ and theprinciples that we really need
to protect both the IT side atthose Purdue layers four and
five, and the machine andintelligence sensor side, from
levels zero to three. From acyber perspective it's as
important as ever to ensure thatour systems on both sides of the
(17:21):
DMZ enforce content protection,validation and safe operations
for all users like youmentioned. Thank you so much for
your time today, Chuck.
Chuck Louisell (17:31):
You're welcome, Ariel. Thanks for having me.
Ariel Stenger (17:32):
Absolutely. Thank you for listening to this
episode of You Got Hacked,brought to you by Sierra Nevada
Corporation's cyber team. Formore information, you can visit
us online at sncorp.com. That'ssncorp.com. A special thank you
to our guests and of course, allof you, our listeners I'm Ariel
(17:53):
Stenger, see you next time.
Hello and welcome to this episode of You Got
Hacked. A podcast produced bySierra Nevada Corporation's
cybersecurity team. On You GotHacked, we focus on
cybersecurity issues, currentevents and technology solutions
specific to protectingOperational Technology at the
endpoint to make you, yourfamily and your community
smarter, safer and more securefrom the ever-evolving cyber
(00:22):
threat landscape. I'm your host,Ariel Stenger. So one thing that
we talk about each episode onYou Got Hacked is operational
technology. And the reality isthat on a day to day basis,
operational technology, as like,as we like to say, OT, really
provides the backbone of ourlives. Everything from cold beer
(00:43):
in the refrigerator, heating ourhomes, gas stations that fuel
our cars and even trains thattake us from A to B. Though we
don't have to think about thereliability of these OT
amenities on a day to day basis,they really do require
specialized cybersecurityprotections. So today, I'm super
excited to welcome ChuckLouisell. We're going to dig
(01:04):
into something called the DMZ,or demilitarized zone. And in IT
cybersecurity world, this is theintentional division between IT
systems and OT systems. Chuck,thank you for joining me today.
Appreciate you taking the timeto walk us through the DMZ.
Let's just start off with abrief introduction. How'd you
(01:24):
get started? And what are youpassionate about?
Chuck Louisell (01:27):
No, glad, glad to join you today, Ariel. This
is a really, really importanttopic. And it's very timely. So
I look forward to ourconversation. So by way of
background, I had a 22 yearmilitary career that spanned a
lot of aspects, starting out inthe in the purely kinetic zone
and kind of retiring out of theblended kinetic and, and cyber
(01:52):
zone, if you will. And so withthat, I went into a
post-military career that'staken me in a lot of places. And
one of the features for today'sconversation is I spent several
years at Cisco, I've spent aboutfive years at Cisco Systems. And
in that role I was specificallydriving towards how do we take
(02:17):
as emerging IoT environments,emerging, you know, Internet of
Things and all the devices thatmight be attached, and how do we
put them into a secure postureas we go forward both in, in
national security applicationsand in commercial
infrastructure?
Ariel Stenger (02:35):
Wonderful. Yeah. It's an impressive background
and appreciate, again, yourservice and, and your duty to
our country and our nationalsecurity in a variety of
different ways, whether that wasthrough official service or
through public service, really.So let's get started here with
the foundation and just kind ofunderstand what is an IT DMZ?
(02:56):
What is that demilitarized zone?And, and is it a new concept?
And how well is it understood?
Chuck Louisell (03:03):
So let's, let's think about this for a second.
So let's look at the roots ofit. There's a IT-OT interface
model that's called the PurdueModel that many of the listeners
may be familiar with. Thatreally has been kind of a
mainstay of thinking in thisworld. How do you converge IT
and OT?
Ariel Stenger (03:24):
So the Purdue Model is an architecture that
helps us think about how anetwork works between different
kinds of devices, thinkcomputers, servers, Internet,
and the PLC is on theoperational side that control
the endpoints. And a PLC, ifyou're, if you're not familiar,
is the Programmable LogicController, which is essentially
a software driven remote thatcontrols OT endpoints, like
(03:47):
sensors and machines, that runthe power grid. So with the
Purdue Model, at a level zero,we're thinking of the OT
endpoints and machines. Levelone is the PLC with these
intelligent devices. Level twois the WiFi/human machine
interfaces, and really all ofthe control systems. And Level
three makes up thismanufacturing systems. And take
(04:09):
a quick pause there, and youenter the DMZ that Chuck is
about to explain here a littlebit more. The DMZ separates all
of those OT systems and levelszero, one, two, and three, from
the IT systems that really takeup level four and five, where
there's computers and theservers sit.
Chuck Louisell (04:27):
And in the Purdue Model, they have several
layers, right? This they haveall the way down at that machine
layer, layer and all the way upat the top. They have the, they
have your IT layers where peopleare handling their normal
business day to day. And inbetween those between layer
three and four in the PurdueModel, they wedge this thing
(04:47):
called the DMZ. And so you knowwhat is it and what's it for?
And it's really to bridge thedivide between IT world and OT
world because there's somesignificant differences, right.
And so, Ariel, the first onethat always comes to my mind is,
you know, the network structureand allowable navigation paths
(05:08):
in the IT world are defined byusers role, their scope and
their permissions. And that,because now people can, you
know, it's kind of like when youhave your commute, you can take
any path or combination of pathsto get from from home to work.
But that creates a, quite acomplex transaction pattern in
the IT space, and where in OT,communications are generally
(05:32):
over very defined specific andallowable pathways because it's
a highly directed environment.In other words, everything
doesn't always talk directly toeverything, it may talk within
its device level rings, youknow, three or four things in a
in a ring that have to cooperatein order to execute something.
But in general, it gets very oneway after it leaves the the
(05:55):
device level ring. So I thinkthat's one of the fundamental
things that we need tounderstand is when you make that
divide, transition from IT toOT, we're going from a multipath
world to a directed path world.
Ariel Stenger (06:10):
So, so that it sounds like, you know, you have
to really be able to think andto to address a totally
different context betweensomething that is multipath and
and then going to a single path.And like how do you how do you
streamline those two and makethem interconnect?
Chuck Louisell (06:25):
Right. So one of the things that happens in the
OT world, is it generallydoesn't get provisioned all at
one time, right? You don't say,hey, we woke up this morning,
we're going to do you know,industry 4.0. And whoosh, the
factory floor is transitioned.Usually what may happen is you
might have functions that gettransitioned, and they get
(06:47):
transitioned by company A. Andthen you get another activity of
another function that that isbest suited for Company B, and
then a third one, Company C, etcetera. And all of a sudden,
over a period of time you windup with this very diverse, yet
separated user environment,we're now the users not just
(07:11):
people, the users arepotentially machine controllers
and the sensors that help drivethem.
Ariel Stenger (07:17):
What Chuck is explaining here and about to dig
into is the strategic design toprotect the OT from the IT, and
vice versa, the IT from the OT,with all potential users on the
network. So some ways that youcan do this is by really
employing strategies likerestricted access, that limits
the ability to make potentiallydangerous changes to the
(07:37):
expensive OT endpoints, usingthings like multi-factor
authentication, so that only theright person can make changes.
And of course, what we've talkedabout before is workflow
enforcement, making sure thatthe right commands come in in
the right sequence, even if thehuman in the loop makes a
potential mistake.
Chuck Louisell (07:56):
And so what you wind up with, is you have a very
flat network that kind of hasthis wild wild west appeal. And
they're all little camps thatcan be attacked individually or
together. And they don't reallyhave a common defense. So the,
what the DMZ does, it gives youa place to provide the kinds of
structures that we wouldnormally, a hierarchical and
(08:19):
distributed structures that wemight put into an IT framework.
And we can now apply those, wecan know what everything that's
in there, what his name is, whatit does, what it should be
saying and who it should betalking to. And now we can
structure that. And then we canalso put up a gate, right, and
say, no one, not everyone on theIT side is allowed into the OT
side, right. And then uniquely,on the OT side, you may be
(08:43):
allowed in, but you may onlyhave permissions to do certain
things, you may have permissionsto download, or view data or
make adjustments within normaloperating limits. But you don't
have the ability to update thefirmware, for instance, or you
don't have the ability to askfor an outer limit. So what we
need to do on the machine sideis help provide an additional
(09:05):
layer of protection. So the DMZis usually characterized by a
firewall, you know, a modernstructure firewall, and it's
ideal to have one of those thathas what we call OT extensions.
In other words, it is tuned inand hooked to an intelligence
source that helps it understandwhat's happening in the OT world
(09:27):
in the different protocols youmight hear, hear, so that I can
now block some of those trafficelements at the firewall, before
I get to that secondary defensewhere we say, hey, your command
is illegal. You are not allowedto say that. So me the machine
is going to stay on my currentoperation until informed
(09:47):
otherwise. So that's sort of asimple explanation, if you will.
Ariel Stenger (09:53):
Yeah, yeah. I mean, the DMZ it sounds
incredibly complex to becompletely honest, because there
are a variety of layeredpermissions and just, you know,
kind of, it feels almost like anarbitrary line. But it but it's
not really arbitrary is it?It's, it's the machine side
versus the IT side, is that...
Chuck Louisell (10:11):
And you create a physical boundary with that
specialized firewall, thatfirewall that is dedicated,
right, to making the separation.So it know, it has, you know,
the, the ACLs, the, you know,the allowable, the allowable
list that can now come throughinto the system. And now so like
(10:35):
I said, Not everyone gets in.But once you get in, you can't
do everything, you may not evenbe able to address all the
machines, you may just be ableto address the one you're
specifically targeted to. So itreally follows the principles of
zero trust, right, zero trust onthe IT side is about what's your
role, we'll give you a scope,we'll assign you permissions,
and that's your navigationspace.
Ariel Stenger (10:54):
Zero trust is a relatively new term in
cybersecurity. And it was, cameout because of a publication
from NIST 800 207. And the ideais that just because you have
the device, and it's yours, youshould be able to trust it, you
technically can't trust it, andyou shouldn't. So what you'd
have to do is you'd requireauthentication and validation
before believing any of thecommands or any of the network
(11:16):
traffic. Zero trust reallyeliminates that implicit trust
in both IT and OT systems thatwe've had, historically. So when
we talk about the the DMZ, Imean, what is, what is it? What
are the main drivers to make theDMZ so prevalent?
Chuck Louisell (11:34):
Right, so one of the things, like I said, you
start off with a firewall, andthat's your first line of
defense. And then you buildstructure into the network, you
pull things and you startputting them on switches in the
same kind of manner that youwould gain devices or users in
an IT perspective. So you comeup with a network structure that
follows the operationalframework, right? And that's a
(11:55):
little bit different, right? Theoperational framework drives
that configuration, and then theallowable exchanges then drive,
what policies and permissionsyou put on someone's access.
Ariel Stenger (12:11):
Okay, so, so limited access some similar, I
mean, you mentioned zero trust,which we have another episode
on. But yeah, that that makessense that we are also applying
that same sort of layeredsecurity and don't trust any
part of any any part of thesystem on the IT or on the OT
side, regardless, and just doleast privilege basically.
Chuck Louisell (12:32):
Exactly. So it's least privilege, you have to
gain rights, you have to bring aticket to ride, so to speak. You
know, one of the other thingsthat's really important about
understanding the OT side andwhy it's different, well,
there's two, one is, on the ITside, you know, everybody's
heard of the CIA approach to theprotection, right.
Confidentiality, Integrity, andAvailability. On the OT side
(12:56):
that flips a little bit, becausethey're looking at, I need
integrity in that message, sothat I'm telling things to do
the right things and don't drivethem into a out limit state or
drive them into a non-operablestate, which is the AU is in
center, which is theavailability, and then
confidentiality becomes sort of,I won't say it's third tier,
(13:17):
because the step down is notvery far. However, the interest
in the IT side, or the OT side,excuse me, is about prioritizing
safety. And having a sharedperformance or availability,
it's just that those machines,whether it's electrical
generation management plan, orwhether it's a HVAC management
environment, deliver thefunctions under a wide range of
(13:40):
boundary conditions that protectpeople and equipment and
facilities.
Ariel Stenger (13:46):
Okay, interesting. So you mentioned
facilities and HVAC systems andjust you know, like the
different machine endpoints thatcould be there. How do how do
things like the sensors and IoTdevices, these smaller and more
Internet of Things objectsimpacts the DMZ?
Chuck Louisell (14:02):
Yep. So before I answer that Ariel, let me talk
to one thing, and because thiswill become important, you know,
on the IT side, you see thissort of turnover every three to
five years, you're, you'remaking some sort of technical
refresh, right. And so thelifecycle there's very, very
short lived, and in fact, in aswe've gotten increasingly
(14:22):
virtualized appliances, now youcan be changing them, you know,
quite, quite readily. It's not ahardware swap. It's hardware
hosting software. And those OSpatches and changes can happen
very quickly. On the OT side,these are things, so once you
put sensors and technologies outthere, they might sit there for
(14:42):
25 plus years. So in otherwords, those things don't come
with a rapid protection updateprofile associated with him.
They get deployed, and nowthey're out there. So when I
talk about sensors, I talk aboutdevices, I think of things in
terms of, they could be therefor a long time, they don't have
(15:05):
the ability to protectthemselves, so they have to be
protected within a network. Andthey actually just become users.
So, you know, user on the OTside is a machine, a sensor or
person, or, or combination ofall three.
Ariel Stenger (15:17):
Interesting. So this DMZ becomes a zone between
the IT and OT. And really, itdoesn't necessarily matter if
it's like the end user is thishuman, it could be a variety of
things. Like you said, the, thesensor, the machine or, or a
person.
Chuck Louisell (15:36):
Right, so it's all about three is three things
very simply, it's about who getsin the door, whether it's a
sensor or a person, once you'reon the other side of the door,
what are your allowable pathsbased on your scope, role and
permissions? And then, lastly,what is the allowable content
I'm delivering in theinstructions to that machine? Or
(15:58):
what is the allowable data thatI can pull? And I'll and I'll
touch change this up. So, youknow, the Purdue Model, I won't
say has gotten clunky over time,but it was born in a environment
where things were verystructured. But now that we have
maybe third party accessrequired, so the machine builder
(16:18):
has to access data from themachine. And that machine
builder wants that to come tothe cloud so it can be put in to
a preventive maintenanceprogram, for instance, right,
condition based maintenance. Andso, now all of a sudden, we have
to be very specific about notonly what, who gets in, where
(16:38):
they can go, we have to talk toexactly what can be delivered to
who, so that's that contentprotection. And then is that
message valid? Is it within themachine limits? Is it going to
preserve the safety of thepeople in the equipment in the
facility, and or the socialstructure of their supports?
Ariel Stenger (16:59):
Super interesting, Chuck, and it's so
helpful to hear about theoverlap between zero trust
approach to the DMZ and theprinciples that we really need
to protect both the IT side atthose Purdue layers four and
five, and the machine andintelligence sensor side, from
levels zero to three. From acyber perspective it's as
important as ever to ensure thatour systems on both sides of the
(17:21):
DMZ enforce content protection,validation and safe operations
for all users like youmentioned. Thank you so much for
your time today, Chuck.
Chuck Louisell (17:31):
You're welcome, Ariel. Thanks for having me.
Ariel Stenger (17:32):
Absolutely. Thank you for listening to this
episode of You Got Hacked,brought to you by Sierra Nevada
Corporation's cyber team. Formore information, you can visit
us online at sncorp.com. That'ssncorp.com. A special thank you
to our guests and of course, allof you, our listeners I'm Ariel
(17:53):
Stenger, see you next time.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Nikki Glaser Podcast
Every week comedian and infamous roaster Nikki Glaser provides a fun, fast-paced, and brutally honest look into current pop-culture and her own personal life.