04/15/2024 | News release | Distributed by Public on 04/15/2024 03:32
Guest blog by Sean Tickle, Cyber Services Director at Littlefish #techUKOTSecurity2024
Operational Technology (OT) refers to hardware and software that's used to monitor and control physical devices, processes, and infrastructure inside industrial operations, including critical national infrastructure (CNI). For example, OT exists in industries like manufacturing, energy, transportation, waste control, and utilities and is incredibly important in terms of both its capability and profitability.
For ease, we can think of OT as it falls into two categories: 1) the Internet of Things (IOT), e.g., smart devices that introduce networking capabilities to traditional OT systems and - perhaps more prominently - 2) Industrial control systems (ICS), which are specialised systems used to monitor and control industrial processes and operations.
OT is often thought of alongside its cousin, IT - and, while both are technologies with specific purposes, OT does differ from IT in several distinct ways. For example, IT focuses on managing and processing digital information within an organisation (including activities like data storage, software development, user support, devices, and comms, etc.), whereas OT controls high-tech specialist systems, including components like supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), sensors, actuators, and so on. These are systems that are crucial for ensuring the smooth and efficient operation of critical processes like assembly lines, power generation plants, oil refineries, and water treatment facilities.
In recent years, the intermingling of OT with IT, known as IT/OT convergence, has become increasingly important for improving efficiency, safety, and security in industrial operations. However, it also introduces new challenges related to cyber security, as OT systems are becoming more interconnected with IT networks and therefore more exposed to cyber threats.
Operational Technology is fundamental for driving innovation, improving productivity, ensuring safety and reliability, and maintaining the infrastructure that underpins most modern industrialised societies.
The crucial role it fulfills includes ensuring elements like:
It's due to the criticality of operations like the ones above that OT is actually incredibly vulnerable.
Not only are cyber-attacks against OT systems and critical infrastructure ranked among the top five most significant risks by the World Economic Forum, but it's also very difficult - if not impossible - to shut down OT for maintenance, upgrades, or even damage control should the worst happen.
After all, any momentary delay or period of unplanned downtime loses massive amounts of money for corporations, not to mention being often highly disruptive if not destructive to the rest of us (imagine, for example, if our water became chemically imbalanced due to an OT failure).
Long since critical for IT, cyber security is also of vital importance for OT. It helps protect our national infrastructure and keeps machines and networks up and running inside industries that generate profit and help create jobs.
Naturally, as OT becomes more and more connected and interlinked with the IOT, new vulnerabilities open for cyber criminals to exploit - a truth that's incredibly worrying given around 90% of organisations that operate OT systems have experienced one or more security events in a two-year period, with 50% of these leading to downtime.
This is exactly why it's so crucial for organisations to be proactive when it comes to building secure networks that run OT and take into consideration full end-to-end security measures from the ground up.
To this end, and along with implementing regulatory compliance standards such as ISA/IEC62443 and NIS2 (the EU's mandatory cybersecurity directive), I recommend a four-phase approach to building a secure OT environment:
It's important to begin with an assessment to establish alignment of the current OT environment against industry best practice standards such as the ISA/IEC62443. This is carried out through evaluation of risk, vulnerabilities, and the organisation's threat landscape.
The assessment will result in recommendations for the approach's design and implementation phases.
The design phase will carefully consider design elements and associated documentation, e.g., network zoning/segmentation, vendor and supply chain security, and attack surface minimisation through areas such as secure remote access and enforcement of a defense in-depth strategy.
With a comprehensive design in place, changes are then implemented into the OT network ensuring that key areas such as interoperability, along with compatibility and maintenance of the systems used, are considered.
Now that the network is built with proactive security in mind, it's time to ensure that there are mechanisms in place for detection and response capabilities. These allow for a dedicated security team to ensure that threats to the OT environment maintain a reduced dwell time and the team to contain and eradicate any threats.
Given the importance of OT environment uptime, phase four should not be undertaken lightly; it should be built on dedicated solutions and maintained by experienced security professionals.
Following the above four phases helps enhance the security of OT environments hugely because they provide a structured approach to building OT infrastructure from a foundation of industry best practice.
Implementing the four phases in a well thought out and effective manner provides OT organisations the ability to monitor and respond to security incidents in an ever-changing threat landscape.
Other security best practices OT organisations can implement include:
By implementing these security measures and adopting a holistic approach to OT security, organisations can reduce the risk of cyber threats, protect critical infrastructure, and maintain the integrity, availability, and confidentiality of their operational systems and data.
techUK's Cyber Programme is delighted to be holding our first securing Operational Technology (OT) security impact day to showcase how cyber companies are helping organisations to secure their OT and navigate the convergence of IT/OT systems.
The Cyber Security Programme provides a channel for our industry to engage with commercial and government partners to support growth in this vital sector, which underpins and enables all organisations. The programme brings together industry and government to overcome the joint challenges the sector faces and to pursue key opportunities to ensure the UK remains a leading cyber nation, including on issues such as the developing threat, bridging the skills gap and secure-by-design.
Our new group will keep techUK members updated on the latest news and views from across the Cyber security landscape. The group will also spotlight events and engagement opportunities for members to get involved in.
Sign-up to get the latest updates and opportunities from our Cyber Security programme.
Cyber Services Director, Littlefish