What is OT security?

Such industrial processes and equipment include:

• Critical infrastructure
• Utilities
• Electric grids
• Manufacturing plants
• Traffic control systems

The umbrella term “operational technology” encompasses many specialized frameworks, such as:

• Process control domains
• Programmable logic controllers
• Physical access controls
• Distributed control systems
• Safety instrumented systems
• Transportation systems
• Supervisory control and data acquisition (SCADA) systems
• Building management/automation systems (often collectively referred to as Industrial Control Systems, or ICS)

IT vs. OT Security

While operational technology and information technology security share some similarities, OT has characteristics that distinguish it from traditional information processing systems.

OT’s direct impact on the physical world

Perhaps the most marked difference between IT and OT security is OT’s direct connection to the outside world. In other words, OT has the potential to impact the physical elements of society. Some of these potential impacts include:

• Disruption of production
• Public health and safety risks
• Environmental damage
• Financial problems
  • Production losses
  • Negative impacts to a nation’s economy
  • Compromised proprietary information

Unique performance and reliability requirements

OT environments rely on applications and operating systems which could be unconventional to typical IT professionals.

Conflicting safety and efficiency vs. security goals

When it comes to the design and operation of OT systems, safety, and efficiency sometimes conflict with security.

The following table compares IT and OT systems requirements for connectivity and security:

Convergence of IT and OT

Historically, IT and OT were managed by separate groups in an organization. IT and OT did not share interdependencies. However, in recent years, the paradigm has shifted.

Today, it’s common for OT systems to be provisioned with networking and computational technologies. The worlds of IT and OT are converging, which is laying the groundwork for the Industrial internet of things (IIoT).

Modern OT environments must facilitate the exchange of data between machines and applications. At the same time, OT environments need to be able to scale processes across physical and virtual systems. This is why OT systems are starting to resemble IT systems.

IIoT is set to play a key role in the fourth Industrial Revolution. Converged IT/OT ecosystems will serve as conduits that will deploy IIoT into the 4IR ecosystem

The integration promises numerous benefits:

• Improved flow of information
• Process automation
• Advances in the management of distributed operations
• Better adherence to regulatory compliance

Why Is OT Security Important?

As the lines of distinction between IT and OT fade, the attack surface of interconnected IT/OT systems widens. The most common attack vector for hackers to infiltrate is via the internet.

ICS sensors, instruments, and OT devices accessible over an OT network are susceptible to weaponization. Botnets can be used to launch targeted attacks on critical infrastructure.

Usually, human-machine interfaces (HMIs) that connect human operators to industrial control systems are also networked to IT infrastructures. The accessibility to HMIs from internet-facing business networks poses a grave risk to ICS security. Consequently, HMIs are susceptible to IP-based vulnerabilities, including:

• Authentication bypass
• Weak session management
• Unsecured ICS communication protocoling
• Insufficient control traffic encryption

Attackers typically infiltrate ICS systems with malware. It could be generic, or it could be malware designed to attack critical infrastructure. These infiltrations often result in denial of service (DoS) attacks that paralyze or halt industrial networks and operations.

ICS and IIoT devices are also high-value targets for hackers. Whether malicious actors are looking to collect ransoms or sabotage rival nations by accessing confidential data, this is a target area.

OT Security Risks and Challenges

Digital transformation and connectivity in OT environments bring great promise, as well as significant risk. A flood of connected devices will increase opportunities for attack. This is especially true in OT environments because OT devices are vulnerable and exposed.

• 1K+ common vulnerabilities and exposures in industrial control systems
• 80+ vulnerabilities in top 4 OT vendor devices
• 29% of OT devices exposed due to internet connectivity

The dangerous aftereffects of security breaches on ICS differ greatly from typical cyber attacks. Consider the impacts of possible incidents an OT system may face:

• Interference with safety systems operations
• Interference with equipment protection systems (which protect costly equipment that is not easily replaced)
• Malicious changes to alarm thresholds, commands, or instructions
• Malware infected OT software or improperly modified OT configuration or software settings
• Jammed or delayed flow of data through OT networks, which could disrupt OT operation
• Erroneous data sent to system operators (designed to disguise unauthorized changes or cause operators to take inappropriate actions)

Top OT Security Best Practices

According to NIST, there are nine OT security recommendations for forming, implementing, maintaining, and continually improving an OT security program. In implementing and maintaining these best practices, organizations can establish an OT security roadmap for risk management:

1. Establish OT security governance.
2. Build and train a cross-functional team to implement OT security program.
3. Define OT security strategy.
4. Define OT-specific policies and procedures.
5. Establish security awareness training program for OT organization.
6. Implement a risk management framework for OT.
7. Develop maintenance tracking capability.
8. Develop incident response capability.
9. Develop recovery and restoration capability.

Establishing a complete and effective OT security program is a complex undertaking differing from typical cybersecurity strategies. Ultimately, the end goal is to maximize operational uptime by reducing security breaches. Whether environments are partially air gapped or cloud connected, this can be accomplished with a Zero Trust OT security approach. A Zero Trust OT security approach consists of:

1. Least- privileged access control

• Microsegment
• Grant minimum access

2. Continuous trust verification

• Assess OT device security posture and behavior
• Assess app and user behavior

3. Continuous security verification

• Inspect all traffic, even for allowed connections
• Prevent all threats, including zero-day threats

Suggested FAQs