While the digital transformation of industrial systems offers various business advantages and efficiency gains, the ensuing interdependence between these systems and the IT network of organizations has rendered operational technology (OT) highly vulnerable to cyber-attacks.
The goal of conventional IT is to reduce risk and solve problems. However, in operational technology, companies still don't know what threats and challenges exist. Therefore, it has become critical for companies to work towards identifying the vulnerabilities that exist in their operational technology (OT). To do that, companies must first know what OT refers to and entails.
What is Included in Operational Technology?
The inability to identify the vulnerabilities in your operational technology is a byproduct of not knowing what it includes. Gartnerdefines operational technology as hardware and software that identifies or triggers a shift via direct observation and/or control of the company's physical structures, procedures and activities.
Operational technology (OT) is utilized to operate industrial control systems (ICS) that are prevalent across a wide-variety of asset-intensive industries. It is used in these industries for performing a wide range of activities, from tracking critical infrastructure (CI) to managing robots on a production floor.
The ICS systems are the systems that are critical to public health and well-being i.e., transportation, power plants, education, water supplies, manufacturing, etc. These systems are enabled to a large extent by OT networks. These networks that run modern society today are a set of devices that are built to function together as an interconnected and homogenous framework. Failure in one of these processes can have a devastating domino effect.
For instance, electricity needs telecommunications to transport wheeling power information from the electrical grid. This very same communications infrastructure is utilized to allow both the producers and consumers of electricity to perform financial transactions.
To power the telecommunications and financial companies, electric generators are needed that rely on oil, natural gas, coal, etc. Trucks and railroads provide the means for transporting these products needed to produce electricity. And it goes on. This interdependency between the different industrial control systems makes operational technology (OT) security just as important as IT security.
What Is OT Security?
The following is how Gartner defines OT security:
“Practices and technologies used to (a) protect people, assets and information, (b) monitor and/or control physical devices, processes and events, and (c) initiate state changes to enterprise OT systems.”
OT security solutions comprise a host of security technologies from identity access and management to security information and event management (SIEM) systems to next-gen firewalls (NGFWs) and more.
There was no need for OT cybersecurity in the past because the OT systems operated offline. This meant that they had no vulnerability to attacks from outside. However, as the demand for digital innovation (DI) grew, and IT/OT networks merged, companies started to jump on the bandwagon of different point solutions to solve specific problems. However, such OT security strategies culminated in a complex network where the solutions were unable to exchange information and ensure maximum visibility.
The positive outcome of the digital innovation in OT was that it necessitated an engagement between operational technology systems and information technology systems. Why is this important? With the convergence of IT and OT, the data gathered by physical devices and industrial internet of things (IIoT) sensors can be utilized to find vulnerabilities or boost efficiency.
What Makes OT Security Critical?
With increased connectivity of industrial systems, the vulnerability of these systems to outside threats also increases. The increasing costs of industrial machinery and the widespread destruction that an attack could create for communities and economies are important factors to consider for organizations that want to secure their industrial networks.
Add to this legacy equipment, safety standards that may restrict any changes to machinery and compliance regulations requiring confidential information to be made available to third parties, and you are facing quite a challenge.
On the positive side, industrial systems can now be secured without perturbing operational activities or jeopardizing compliance with the laws. Through the use of solutions that provide full visibility of network traffic control and setting up appropriate security policies, you can implement an effective OT strategy that will safeguard your people, processes, and profit while minimizing security vulnerabilities and failures considerably.
How IT-OT Convergence Impacts Cybersecurity
For a very long time, IT and OT were handled separately. In other words, they were treated as two completely different entities by organizations. However, in the past few years, the trend of IT-OT convergence has gained recognition and grown.
Through the integration of IT capabilities such as machine learning and big data analytics into OT systems, combined with fast and efficient connectivity solutions to respond to occurrences related to safety and security, these industries have been able to improve efficiency and performance, providing them with a competitive edge.
However, OT teams must understand how this convergence impacts vital infrastructure’s cybersecurity state, especially considering the effect that disruption caused by a cyber-attack can have on a country's productivity, health, and economy. Worst of all, there are possible health hazards for staff and even local communities should a critical system get affected.
This makes it important to consider the potential risks for critical industries that may arise from the convergence of IT and OT. Some insight into this is provided by theState of Operational Technology and Cybersecurity Report. Based on a survey involving 2500 employees of organizations in four critical industries, the report identified spyware, malware, and security breaches as the three most common types of cyber-attacks affecting OT. The report also identified the following four main reasons why these attacks persisted:
Lack of Visibility—limited visibility into operational technology
Lack of Personnel—A key concern for operational leaders is the lack of skilled cybersecurity professionals for operational technology
Rapid Pace of Change—When it comes to security, keeping up with the rapid pace of change is a major challenge for most operational leaders
Network Complexity—As they can include anywhere between fifty and five-hundred devices that need to be monitored and secured, OT networks are often too complicated for organizations to manage efficiently
How Operational Technology Security Can Be Improved
Keeping in mind the common types of attacks affecting operational technology and the security challenges mentioned above, operational leaders can take a number of measures to enhance the OT security at their organizations and reduce the risks that arise due to disruption caused by a security breach or cyber-attack.
These measures include implementing multiple risk management measures that have proven effective in critical infrastructure sectors, such as multi-factor authentication (MFA), passive vulnerability management and monitoring of security events, role-based access control, conducting security compliance reviews, and network segmentation.
At Quzara, we protect organizations that utilize operational technology through our Cyber Fusion center Quzara Cybertorch™ (www.cybertorch.com) that consolidates OT and IT signals into a single platform. As a Tenable MSSP Partner, we leverage capabilities in the OT monitoring stack and fusion with Azure Sentinel to drive next-gen capabilities to meet CMMC and DoD Impact-Level 4, FedRAMP+ requirements. Additionally, it offers advanced persistent threat detection by integrating threat intelligence with machine behavior inside your organization, that allows identification of suspicious reconnaissance and lateral movement to stop advanced persistent threats (APTs).
This article, "Why Operational Technology (OT) Is Just As Relevant As IT Security", was written by managing director and co-founder of Quzara, Saif Rahman. It first appeared on LinkedIn on June 28, 2020.