What is OT/ICS system hardening?  

System hardening is the process of resolving risks and vulnerabilities on assets and networks to ensure secure and reliable cyber-physical operations.

 Key elements of ICS/OT system hardening include:

  • Patching of software and firmware
  • Secure configuration
  • User and account access limitation
  • Ensuring network connectivity security
  • Removal of unnecessary software
  • Ensuring proper backups

Elements of Verve’s OT System Hardening

Hardening OT systems requires an integrated set of actions to address some risks directly and develop compensating controls for others

  • Patch Review

    Review available patches for security criticality, system relevance, and OEM vendor approval

  • Patch Gathering and Preparation

    Gather and package all approved patches from OS, application and OEM vendors into delivery mechanism

  • Test and Verify Patches

    For patches with no specific vendor approval, test on redundant or single system, monitor and review

  • Patch Deployment

    Leverage Verve Security Center and our OT/ICS services team to deploy patches to all required machines

  • Review Compliance

    Review all systems for compliance with Verve OT/ICS configuration hardening guidelines

  • Design Configuration Remediation

    Working with process engineers, design system security given operational requirements of control system

  • Test, Verify, and Document

    For changes with no specific vendor approval, test on redundant or single system, monitor and document

  • Configuration Change

    Leverage Verve Security Center and our OT/ICS services team to execute configuration changes

  • Account Access Review

    Review all flagged access from vulnerability assessment to determine requirements (especially of service accounts)

  • Test and Verify Changes

    Test user/account removal and limitations to least privilege as feasible

  • Execute User/Account Changes

    Leverage Verve Security Center and our OT/ICS services team to remove or limit access to users/accounts as designed

  • Review Device Assignments

    Using Verve vulnerability assessment, review rationale for assets which bridge subnets or sit on inappropriate subnet

  • Redesign and Document

    Work with local engineers to develop secure solution that still enables operational reliability

  • Execute Desired Changes

    Conduct network device configuration, re-IP’ing, new access capabilities, etc.

  • Backup and Restore

    Verve’s team works with leading backup technology providers to ensure systems are regularly and correctly backed-up

  • Anti-Malware

    Verve’s team supports deployment on a wide-range of anti-malware and application whitelisting solutions to ensure they are up to date and locked down

  • Password Management

    Verve’s team supports several leading password vault/IAM vendors to deliver thorough password management in OT/ICS

OT/ICS network hardening is critical for security for several reasons:

  1. Many devices were not built with security in mind so need protective elements surrounding them
  2. Immediate patching is often challenging, requiring compensating controls to enable security
  3. Over time, systems that were originally secure become less secure as changes are made
  4. Often organizations deploy devices with IT-standard software which is not necessary, and potential creates risks, for OT/ICS networks
  5. In many cases, these devices are not connected to ActiveDirectory and lack standardized policies required for security

Executing operationally-safe remediation requires deep knowledge of industrial control systems and the processes they manage. Many policies and settings that would work well in IT create operational reliability issues in OT/ICS.  Therefore, it is critical that the people conducting this work are experienced and trained in the complexities of control systems. 

Verve’s deep experience across all OEM equipment and different industries enables us to harden systems and servers while maintaining reliability. Documentation cannot provide all of the potential implications of setting configuration settings in a certain way or why certain service accounts exist. It is only with experience and the learnings gained by years of working with these systems that you come to understand what is and is not feasible.

We partner with our clients to accelerate their ICS cyber security maturity by using vulnerability assessment outputs to rapidly shift and harden their control systems to jump start the security of their most critical assets.

Our Customer Success

"The big advantage to working with Verve is that one team can manage remediation across all the CIS controls - patching, configuration, backups, whitelisting, network segmentation, etc. We don’t have to manage multiple teams and try to integrate ourselves."

Director Cyber Security, Leading US Power Utility

System Hardening Customer Success

A leading US power generation organization needed to achieve fleet-wide compliance with all CIS controls within six months. See how the Verve Security Center delivered full compliance on time and on budget for visibility and automation.

Learn More

Schedule a call

Speak with our OT cyber security experts to discuss your system hardening challenges and initiatives

Schedule a Call