Operational Technology (OT) systems are responsible for the critical operations across a wide variety of industries, including Energy & Utilities, Manufacturing, and Transportation, and Defense. OT foundationally drives everything from manufacturing floors and oil rigs to complex transportation systems. Arguably, the most critical infrastructure systems of our society are dependent upon and continuously sustained by OT.
Historically, OT systems were protected by keeping them completely isolated from the enterprise IT network. This “air gapping” strategy was necessary as OT systems are less resilient and simply not designed to accommodate operational interruptions due to cyberattack preventative practices like routine patching. Huge turbines generating energy or thermostats managing massive boilers containing thousands of gallons of caustic chemicals were less able to survive the instability resulting from traditional IT security practices.
More recently, the desire to gain sustained operational efficiency spawned change that reduced the traditional separation of networks. With the advent of Digital Transformation, industries are increasingly adopting a wide spectrum of new digital technologies and web applications to enable features like remote monitoring, inventory management, and just-in-time manufacturing. As a result, OT networks are increasingly converging with internet-connected information technology (IT) networks. This convergence movement means that previously isolated OT systems are now connected to the entire enterprise thereby expanding the attack surface via exposure to a broad array of IT-based threats.
IT Security Doesn’t Cleanly Address OT Challenges
Traditional security strategies were not designed to address the unique and sensitive needs of OT infrastructure. Similarly, IT security strategies do not align with OT needs that are prioritized and geared to deliver Confidentiality, Integrity, and Availability (CIA). Conversely, for OT systems the prioritization of requirements relating to security starts with protecting the safety of employees, the local environment, and surrounding communities. With safety as the paramount requirement across the OT industry, the demand for constant availability of systems is unequivocal. The next layer in OT priority would be maintaining the integrity of data, protocols and configurations. Finally, and in reverse order from IT would be maintaining confidentiality of communications, which runs a distant third. With these contrasting priorities in mind, network operations analysts should naturally seek out proactive defensive capability that deliver visibility, control, and situational awareness across the OT environment without compromising sensitive control systems or fragile/aging devices.
The migration to a converged IT/OT infrastructure across the OT industry is clearly driven by the desire to gain operation efficiency. The downside of course is the risk consequence, which requires defending the newly exposed attack surface of OT networks and systems against today’s sophisticated threats. Now more than ever, OT network security operations teams are under tremendous pressure to simultaneously maintain safety, operational uptime, and data confidentiality.
Defining a New OT Security Strategy
Traditional firewalls, sandboxes, and intrusion prevention systems were never designed for OT as the principle environment. Trying to follow a prescriptive IT security strategy will fail to deliver the intended outcome. Instead of simply mitigating risks, the IT approach can introduce uncertain and potentially disruptive outcomes. In fact, altering traffic flows or even passively scanning fragile/sensitive OT devices can cause critical systems to crash. OT requires purpose-built security tools designed to align with and support the protocols, communications, and services that are native to these delicate environments.
Modern OT security also requires more than the traditional – and often ineffective – IT approach of bolting security point solutions onto a network after it has been built. About two-thirds (65%) of OT networks lack role-based access control, giving attackers greater freedom to move laterally across OT environments. What’s needed is an integrated security approach that can visualize and track all devices while applying real-time analytics to maintain contextual awareness. In a sense, every device that is introduced to the IT and OT environment must earn trust prior to gaining even rudimentary access. By analyzing traffic and device behavior at speed, each connected device is sustaining the earned trust to ensure situational awareness and detection of malicious activity. This begins by designing security into the most basic levels of the OT environment, thereby enabling OT teams to establish controls that not only ensure device and system integrity, but also enable security tools to work together as a cohesive and coordinated system to see across the entire OT environment to recognize and respond to critical events.
Establishing Broad Visibility Across the Attack Surface
Of course, you cannot protect what you cannot see. Presently, 82% of organizations are not able to identify all the devices connected to their network. One of the compounding challenges of OT security is the proliferation of Industrial IoT (IIoT) devices, such as smart environmental controls or connected device monitors, which afford additional access points for adversaries to attack vulnerable OT systems. As a result, securing OT operations requires continuous visibility of every device (wired and wireless) within the environment as they join, leave, or move from one location to another.
One effective strategy is the adoption of network access controls (NACs) to help with passive inventory and management of IoT devices, as well as other endpoints, without disrupting sensitive OT systems. By combining NAC with intent-based segmentation – dynamic, role-based controls that group applications, link data, and limit access based on policy – enables organization to continuously adjust device access based on continuous trust assessment.
Further, correlating data collected from all identified and tracked devices with behavioral analytics solutions and SIEM solutions allow OT administrators to quickly identify compromised devices. Appropriate action moving forward includes executing countermeasures, from quarantining an infected device or isolating a segment of the OT network to limit the spread of infection, to issuing safety alerts to protect workers and civilians.
Greater Transparency Means Safer OT Networks
Protecting the expanding OT attack surface without disrupting sensitive systems absolutely presents challenges. Any security countermeasure needs to begin with deep and broad visibility across the entire OT network, whether it is confined to a single production facility, or spans a complex system, such as oil and gas systems that include extraction, transportation, refinement, and delivery.
This requires OT organizations to recognize every role and every device connected to their infrastructure at all times. Achieving this comprehensive level of transparency requires centralized management and compensating controls, such as SIEM, NAC, and network segmentation. These controls in turn need to be combined through an integrated security architecture that connects all of an organization’s various security solutions into a cohesive, defensive architecture that can help protect OT from the rapidly evolving landscape of cyber threats.
Learn more about securing operational technology that controls critical infrastructures such as pipelines, electric grids, transportation systems, and manufacturing plants, with Fortinet.