What is Operational Technology (OT)?
To set the base for OT Security, the definition of Operational Technology needs to be highlighted first. Gartner defines OT as “Hardware and software that detects or causes a change through the direct monitoring and or control of industrial equipment, assets process, and events.”
Operational Technology systems can be found in a vast range of asset-intensive sectors, performing a wide variety of activities such as monitoring critical infrastructure, controlling building management systems, or controlling physical access control mechanisms. Therefore, sectors and environments that are heavily involved in manufacturing and production utilize Operational Technology. The list of those sectors includes but is not limited to Oil &Gas, Power, Utilities, Chemicals Manufacturing, Pharmaceutical Manufacturing, Water Treatment, Waste Management, Transportation, Scientific experimentation and Critical Manufacturing.
What is OT Security and its key solutions?
Due to digital revolution, more OT devices are getting connected to the network, which greatly increases the attack surface for those devices. To address this rapidly growing risk, the number of security solutions for OT available in the market has also increased in the last years. Therefore, OT security, defined as “practices and technologies used to (a) protect people, assets and information, (b) monitor and/or control physical devices, processes and events, and (c) initiate state changes to enterprise OT systems”2 is becoming particularly important for companies. The following paragraphs highlight and detail a few of the OT security solutions currently existing on the market.
Next-generation firewalls (NGFWs)
A firewall is a network security system that monitors and controls incoming and outgoing traffic based on a predetermined set of rules. Next-generation firewalls include traditional firewalls with other network device filtering functions, such as an application firewall using in-line deep packet inspection(DPI) or an intrusion prevention system (IPS). Compared to older and more traditional solutions, NGFWs use a more exhaustive inspection style like checking packet payloads and matching signatures for harmful activities (e.g., exploitable attacks and malware).
OT Passive Monitoring
In general, Passive Monitoring refers to various techniques deployed when analyzing data to identify deviations from usual patterns, without performing any active action on the target systems.
Passive Monitoring solutions are also commonly used as seamlessly integrated OT security solutions into production lines and machines. Those appliances usually comprise a series of sensors, installed on the network where production machines are connected, and a dashboard (a software with human-readable data). OT Passive Monitoring solutions also offer assets discovery capabilities, thus signaling when new assets or systems are connected to a monitored network or vulnerability management.
Portable Antivirus Scanners
An Antivirus, also known as Anti-Malware, is a computer program used to prevent, detect and remove malware from a system. Manufacturers must carefully plan the maintenance period of manufacturing machines, including defined time windows for performing anti-malware scans, to avoid costly disruption of the production itself.
Portable Antivirus Scanners allow a convenient way to perform security tests on manufacturing machines despite the inherent limitations of OT environments. Additionally, an advantage of these devices is that they do not require installation, automatically scan standalone computers and air-gapped systems, and also remove detected malware. Those Portable Scanners are similar to USB flash drives that find great use as memory storage in the IT world.
OT Application Whitelisting
Application Whitelisting is an approach that consists in allowing only a certain set of applications, or application components, to run on OT devices. Application Whitelisting aims to prevent the execution of malware and other unauthorized software.
Application Whitelisting is an effective way to stop malicious software from being executed on a network, but its implementation represents an intense initial effort from security teams as it requires gathering detailed information from the system's users about their tasks and needs.
Why is OT security important?
In the ever-increasing digitalization of modern businesses, it is getting more and more important to carefully plan how to protect the OT environment.
Contrary to the IT industry, which has a high level of cybersecurity maturity, the OT industry is much more vulnerable.
Especially in the past years, there have been numerous and frequent cyber-attacks on the manufacturing industry. This new predilection for targeting the manufacturing industry can be attributed to the fact that manufacturers encounter significant consequences in the case of a cyber-attack. First of all, manufacturers could have to shut down their production to isolate systems involved in a cyber-attack to stop the spreading of the attack itself. By doing this, they lose a large amount of money. Other cardinal consequences are the loss of reputation, facing legal consequences and fines, and, in extreme cases, the jeopardization of people.
What are the challenges in OT security?
As explained in the previous chapter, the importance of OT security is increasingly getting pivotal for manufacturers. OT security presents a vast of diverse array of challenges, including:
- Lack of security awareness among OT staff
- Difficulties to patch OT systems because of time and specification constrains
- Constraint to adhere to maintenance windows of OT systems
- Complexity of various OT systems (e.g., workstations, servers, ICS - Industrial Control Systems, SCADA -Supervisory Control And Data Acquisition) complicates the usage of universal solutions
- Increase of the attack surface because of internet-connected machines
- Not proper segmentation of networks makes it easier for attackers to disrupt considerable portions of a network
- The wide variety of OT security solutions on the market increases the complexity of vendor selection processes
The challenges above can be solved with conscious steps that include:
- Raise awareness within the OT staff
- Carefully plan maintenance windows of OT systems and follow the specifications
- Consciously investigate the market for the most fitting solutions based on the environment to secure
- Implement firewalls and controls
- Segment networks and enable layers separation
- Design specific solutions that consider the OT environment peculiarities and challenges
What are the differences between IT and OT?
Even if, at a first glance, the IT and OT world might seem very equal, they have some fundamental dissimilarities. That makes it necessary to think about different approaches to address different cyber security challenges and therefore, be aware of those differences. The main differences between the IT and OT world can be summarized as follows:
BxC Take Away
"With increasing digitalization, the distinction between IT and OT will fade away." Létitia Combes, BxC's founder
The digital revolution is already happening and has, as stated before, an immense impact on the IT but also OT environment. OT network components, like control systems and SCADA and industrial networks, are getting connected to IT network components such as servers, data storage, and systems management. This enables OT industries to better monitor their systems, promptly identify errors and faults and swiftly find solutions. This integration between the IT and the OT world is referred to as IT-OT convergence.
The downside of digital revolution is the rising attack surface, which makes it necessary to consider and address new potential cyber threats in both environments. It is now more important than ever to form professionals that will act as a bridge between IT and OT and will facilitate organizations in achieving their security goals for both worlds.
At BxC, we believe that the IT-OT convergence will produce huge benefits for manufacturers, by allowing them to improve efficiency, cut costs, enhance monitoring capabilities and reduce errors. We also believe that a well-thought implementation of cybersecurity measures in OT environments is a fundamental process to ensure business continuity, maintain organizations’ reputation, avoid facing legal consequences, and not put in danger the life of people.