Operational technology (OT) systems control both industrial and essential infrastructure for those in the industrial sectors – energy, utilities, manufacturing, communications, transportation, and defense. Since OT networks and internet-connected information technology (IT) are progressively converging, cybercriminals have more opportunities to attack. Previously isolated OT systems are now exposed to a wide range of IT-based threats. Get this Fortinet Training course that will provide you with an overview of cyberattacks and will help you learn concepts like virus detection, email filtering, firewall policies, user authentication, web filtering, and application control.
Understanding Operational Technology
The usage of software and hardware for monitoring and controlling infrastructure, devices, and physical processes is known as operational technology (OT). Systems of operational technology can be found in a wide number of asset-intensive industries, performing functions as diverse as monitoring CI for managing robots on a factory floor. Manufacturing, gas and oil, electrical production and maritime, rail, distribution, utilities, and aviation are all businesses that employ OT.
Understanding Security in Operational Technology
According to Gartner, “Practices and technologies are used to
- Secure people, assets, and information.
- Track and/or control events, processes, and, physical devices, and,
- Trigger state changes to enterprise OT systems”.
NGFWs, SIEM systems, identity management, and access, and other technologies are all part of OT security solutions.
Since OT systems weren’t connected to the internet in the past, OT cyber security was not required. As a result, they were shielded from external threats. Organizations tended to bolt-on particular point solutions for addressing specific problems such as IT Operational Technology networks converged and DI initiatives expanded.
The separation of OT and IT networks is frequent, resulting in inadequate transparency and redundant security measures. These IT Operational Technology networks are unable to keep track of what is going on across the surface of the attack. OT networks are typically reporting COO, while IT networks will be reporting CIO, which results in two teams for network security, each guarding half of the entire network. Since those various teams have no idea what is connected to their network, identifying the attack surface’s bounds could be difficult. Operational Technology IT networks are insecure and difficult to administer.
Fortinet states, “Because standard security techniques were not created with the specific and sensitive demands of OT in mind, network operations analysts must look for protection that gives visibility, control, and situational awareness across different domains”.
1. Defending the OT Network from an Expanding Attack
Isolating, or air gapping Operational Technology networks from networks of information technology had been the most effective way to guard them.
With 75% of firms reporting at least some type of fundamental connection among OT and IT, the convergence voids the security of air gap, resulting in 97 percent of firms acknowledging security impacts as an outcome of convergence.
2. Finding a New OT Security Solution
“Due to the confluence of OT and IT, an effective and evolved OT security posture necessitates several unique considerations,” says Fortinet,“ Attempts to reduce risk by merely implementing off-the-shelf firewalls, sandboxes, and intrusion prevention systems into OT environments create unsatisfactory, disruptive, and unknown outcomes,” according to the author.
To address the wider picture, firms must design security into even the most basic levels of OT systems, rather than using a bolt-on approach to network security solutions.
3. The Attack Surface’s Visibility
“You can’t safeguard what you can’t see,” according to Fortinet, which claims that “82% of organizations can’t identify all the devices linked to their network”.
To ensure reliable OT operations in today’s digitally-driven environment, it’s critical to have continuous awareness of every device (wired and wireless).
Fortinet states, “These technologies provide a potential backdoor for threats to target susceptible OT systems since they connect to an [external] IT network for extra capabilities. A centralized, transparent view of the entire OT environment is possible with an integrated security architecture”.
4. Access Control, Updates on security, and More
Normal traffic and predefined allowed functions must be baselined for OT control.
“Fortunately, device behavior in an OT context is more likely to be static and within a known range than in traditional IT systems, so abnormal behavior is more likely to be instantly visible and addressed,” explains Fortinet.
The ability to push traffic from primitive devices through a next-generation firewall solution is also crucial to OT control. “Access policies should be capable of being applied and compelled depending on what and who the network is connected to,” adds Fortinet.
5. Situational Awareness
A single hour of operational disruption can cost a company over $100,000 in lost revenue (reports 98% of manufacturers in a PwC study).
With this in mind, “When a single device in an OT environment is attacked, organizations want immediate alerts and contextual threat information to determine the best course of action.” says Fortinet.
However, network operations analysts can receive thousands of security alerts every day, and manually tracking down the location of a suspicious device and any other important information around the incident to establish whether this is an actual attack can take hours of inquiry.
6. Industrial and Critical Infrastructure Networks Need More Transparency
A major problem for OT networks is to walk the fine line among defending against the growing threat of attack while without disturbing critical functions.
“While the IT and OT convergence has more benefits, it also develops new hazards that security teams and analysts of network operations might be unaware of. At all times, businesses must be able to know who is connected to their infrastructure,” concludes Fortinet.
In this blog, we have understood what is Operational Technology, Security in OT. We also have discussed the six main visibility aspects that drive a successful business.