Until recent decades, Operational Technology (OT), which involves the monitoring and controlling of physical machinery and equipment, was manually managed by human workers. As Information Technology (IT) relies on computers for operation, its integration into cybersecurity has been swift compared to its OT counterpart. But with the increasing number of industrial systems connected to the internet, OT is vulnerable to cyberattacks and stands to benefit from IT experience. Examples of OT systems include public services like power, water treatment or transportation applications. Cyberattacks on these systems can have devastating results.
Key Differences Between OT & IT
IT operations exist within an office setting and involve the security of data, while OT exists on the factory floor and involves the reliability of mechanical functions. When it comes to transferring cybersecurity best practices learned from IT to OT, there are key differences to consider:
IT operates over servers and the cloud, involving protocols such as HTTP, SSH and RDP. OT operates through machinery and uses protocols such as Modbus, Ethernet/IP and Profinet. The two operate on systems and protocols not seen in the other environment. Thus, implementing security solutions directly from one to the other is not perfectly fitting.
IT focuses on data storage, retrieval, manipulation and transmission. Confidentiality and security are key concerns. OT focuses on the safety and availability of operational equipment and processes. When OT systems slow or breakdown, the physical implications to worker safety and public operations can be severe. Inversely, an unplanned shutdown of IT processes can be managed with little harm beyond finances. Thus, planned maintenance and security upgrades are more readily scheduled in IT, whereas OT relies on keeping machines running at all costs and avoids software updates that would require downtime.
Managing OT Cybersecurity
Although IT and OT have different priorities, the two are beginning to overlap in terms of cyber vulnerability, security requirements and smart devices. This phenomenon, known as IT-OT convergence, stresses the importance of viewing IT and OT as coexisting systems with shared internet connections that require security solutions.
Despite their differences, OT can be secured by modifying IT security best practices:
Know Your Assets – It’s difficult to protect OT without knowing what needs protected. A list should be made of every internet connected device, and security vulnerabilities should be identified.
Segment Networks – Segmenting the OT network into smaller sections can prevent hackers from infiltrating the entire factory floor and keep operations safe. Furthermore, segmenting OT from IT can prevent attacks on one network from breaching the other.
Patch Vulnerabilities – OT equipment cannot undergo security updates as frequently or as easily as IT devices. And some legacy equipment may not be updatable at all. However, managing security patches should not be overlooked. This means OT and IT must work together to manage acceptable downtime periods and reasonable patch delays.
Secure Remote Connections – As more employees are working from home, steps must be taken in both IT and OT environments to protect assets from increased security risks.
Open Communications – IT teams should work with OT teams in managing cybersecurity. As IT personnel are experienced in managing cybersecurity, it could be easy for IT teams to assume expertise. However, OT teams understand the unique needs of factory floor operations. IT and OT teams should work together in establishing a successful and trusted security plan.
The Need for Smart Security Strategies
Though securing OT presents unique challenges, internet connectivity and cyberattacks are only likely to increase. Smart security strategy involves planning for and managing OT cybersecurity sooner rather than later.