Vulnerability management in critical infrastructure

Vulnerability management in critical infrastructure – practical experience from the tank storage industry. To manage risks, you need to know your attack surface in the IT and OT infrastructure. Vulnerability management in critical infrastructure is therefore essential.

Practical experience from the tank storage industry

To manage risks, you need to know your attack surface in the IT and OT infrastructure. Vulnerability management in critical infrastructure is therefore essential. Holm Security has provided Alkion Terminals, a Dutch tank terminal operator, with a vulnerability management solution based on Holm Security VMP, which allows Alkion to identify and remediate vulnerabilities in both the IT and OT infrastructure. As an operator of tank storage terminals and the associated risks, Alkion is naturally a very security-conscious company.

“We care about the health and safety of our employees, customers, suppliers, contractors, neighbors, the environment and the safety of our facilities and firmly believe that all incidents are preventable.”

Added to this is the fact that Alkion’s 10 terminals are spread across 5 European countries. From an IT/OT infrastructure perspective, such a distributed infrastructure automatically results in a larger potential attack surface for external attackers. The motto is therefore to keep an eye on the attack surface at all times and to proactively minimize it through consistent vulnerability management processes.

Heterogeneous infrastructure with an unknown attack surface

Alkion Terminals operates a heterogeneous, decentralized and organically grown infrastructure that has grown very quickly since its foundation in 2017. The infrastructure includes, among other things:

  • 10 tank terminals in 5 European countries
  • A large number of IP addresses and own web applications, as well as
  • Control infrastructure (OT)

Before using Holm Security’s VMP vulnerability management solution, this heterogeneous IT/OT infrastructure posed a significant risk for Alkion:

  • There was no technical infrastructure to specifically identify vulnerabilities
  • There was no ongoing vulnerability management process to assess, eliminate and consistently track vulnerabilities

Due to the potential for damage associated with a tank farm, it was essential for Alkion’s IT team to implement a solution that would provide comprehensive knowledge of the potential attack surface of the IT and OT infrastructure.

It is essential, especially for operators of vulnerable critical infrastructure, to know their vulnerability and proactively counter the weaknesses identified.

Consequently, the Alkion IT team has set itself the goal of implementing a vulnerability management solution in line with the principle of continuous improvement (Plan-Do-Check-Act) anchored in quality and information security management.

In order to be able to objectively compare several providers and solutions, the decision was made to carry out a POC (proof of concept) phase.

Proof-of-Concept-Phase

The proof of concept phase was scheduled to last 6 weeks and included

  • The entire office IT, including all client/server systems (Windows and Linux)
  • Selected parts of the control/OT infrastructure

As a certain risk was seen in carrying out vulnerability scans at the control level and no unintentional failures of programmable logic controllers (PLCs) were to be caused, the vulnerability scans were limited to a dedicated test environment.

Holm Security VMP – the most powerful platform for vulnerability management in critical infrastructure

After conducting the POC, Alkion opted for the most powerful solution: Holm Security VMP. The main reasons for the Alkion IT team’s decision:

  • High vulnerability detection rate
  • Convincing coverage of IT and OT infrastructure
  • Smooth implementation in the Alkion infrastructure
  • Easy setup of the scan configuration
  • No proprietary hardware appliances required
  • Immediate implementation thanks to cloud-based
  • Deployment from Holm Security data center in Sweden
  • Quality of technical support during POC implementation

Following the successful completion of the POC phase, the implementation completed during the POC phase was seamlessly transferred to regular production operations.

Transition to the ongoing vulnerability management process

Since the successful implementation of the POC, the ongoing operation of the vulnerability management system has covered

  • 10 tank farm sites in 5 European countries
  • A large number of IP addresses and own web applications
  • Control infrastructure (OT) – approx. 10% of the total infrastructure scanned

The vulnerability scans are centrally orchestrated by Alkion’s IT department at its headquarters in Amsterdam. This also includes the implementation of the vulnerability management process, which is closely linked to the actual vulnerability scan and consists of the assessment, elimination and follow-up of the identified vulnerabilities.

Run it yourself or as a service?

In the beginning, the Alkion IT team was still actively supported, especially with regard to:

  • Setting up the scan configurations
  • Deploying the virtual scan appliances in infrastructure areas that are not accessible from the outside
  • Extensive training of the employees responsible for ongoing operation

Alkion now operates the vulnerability management platform itself.

But there are also alternatives. Our customers often choose to purchase vulnerability management as a service, including infrastructure and the associated human resources. This approach has some very obvious advantages, especially for companies that do not have dedicated resources for IT security:

  • Fastest possible deployment
  • No lengthy build-up of additional human resources
  • Access to appropriate technical expertise
  • By taking responsibility for large parts of the entire vulnerability management process, the additional burden on the internal IT team is minimized

Holm Security and Trovent Security – a long-term, strategic partnership

Holm Security, based in Sweden, is a strategic technology partner of Trovent Security. Holm Security supplies its powerful VMP platform and Trovent Security the associated services to provide our customers with a coherent overall package consisting of technical infrastructure and specialist expertise.

Have we aroused your interest in a purely European vulnerability management solution? Would you like to find out how vulnerability management in critical infrastructure can be realized as a service? Don’t hesitate to contact us and arrange a free initial consultation!