OT / Operational Technology Security – What Is It ?
Gartner defines OT in industrial areas as “hardware and software that detects or causes a change, through the direct monitoring and/or control of physical devices, processes and events.”
OT is the hardware and software that keeps things running, for instance in factories and power plants. Using Industrial control systems (ICS), OT performs diverse industrial tasks, and processes across many environments, such as controlling robots on a production line, and, by using supervisory control and data acquisition (SCADA) systems, remotely monitors critical infrastructure, even going so far as to predict maintenance needs.
OT systems can be found in a wide range of asset-intensive industries, from energy and utilities, oil and gas, chemical, manufacturing, transportation to health care, pharmaceuticals, aerospace, maritime and defence, the opportunities for OT are endless.
How does OT differ from IT?
In IT the key deliverable is information, as systems are used to deliver information to make business decisions. However in OT, information is used for additional purposes, such as to control the OT device or its environment. In essence IT systems manage data and OT devices control the physical world.
The Convergence of IT and OT
The lines between IT and OT are often blurred as the two converge. Digitisation and innovation has resulted in OT systems interacting and integrating with IT systems.
OT network components such as ICS and SCADA systems are being connected to IT network components such as processors, and the data collected by physical equipment and IoT devices, such as sensors and monitors, is being used to identify problems or increase efficiencies.
The improved agility and efficiency that comes from OT-IT network convergence comes with increased risks. Connecting OT devices to the internet via an IT network immediately exposes the OT network and all connected OT devices to cyber attacks making the entire network vulnerable.
What is OT / Operational Technology Security?
With OT managing critical infrastructure such as transportation, power and utilities, cyber risks take on a whole new scale when you consider the potential consequences of attacks. What’s more, cyber criminals have been increasingly targeting OT networks with sophisticated attacks as they recognise the potential for disruption.
Just this past year there have been a significant number of targeted attacks on the water industry. In February 2021 we heard news that a hacker tried to poison Florida’s water supply, a cyber breach could bring life threatening and fatal consequences. And in Oct 2021 several U.S. government agencies, including the FBI and National Security Agency, issued a joint alert to warn organisations in the water and wastewater sector about ongoing cyberattacks. The agencies are aware of attacks against the IT and OT networks of water facilities, plus noted that cyber threats are increasing across all critical infrastructure sectors.
As reported by Fortinet’s 2021 State of Operational Technology and Cybersecurity Report, the operational technology (OT) market is expected to continue to grow at an annual growth rate of 6.40%, and operational technology (OT) leaders will continue to face cyber security challenges, some of which were exacerbated by the shift to work from home due to the pandemic.
An OT cyber security strategy should focus on protecting the most important assets whilst ensuring that operations can continue in a safe and continuous way.
A Multi Layer Cyber Approach for OT (Operational Technology) Security
Gartner defines OT security as “practises and technologies used to (a) protect people, assets and information, (b) monitor and/or control physical devices, processes and events, and (c) initiate state changes to enterprise OT systems.
Therefore OT security solutions require a multi layer security strategy to achieve the visibility, control and behavioural analytics needed by businesses of today:
The first Line of Defence – the Next Generation of Firewalls (NGFW)
- In simple terms, a firewall is a security solution that prevents unauthorised users, devices, software and applications from entering your network. The latest range of NGFWs give superior protection via advanced techniques and technology that address the evolving threat landscape. They deliver ultra-fast end to end security whilst improving operational efficiency.
- Our Managed Firewall service team manage, monitor, and provide 24/7 support to ensure your firewalls provide robust security to organisations of any size. Our skilled team of certified security professionals provide the technical security expertise required to deliver operational protection to your network and its infrastructure.
A Zero Trust Approach – Network Access Control (NAC)
- Modern businesses need secure access solutions built around the Zero Trust model of continuous verification and authorisation – enforcing verification and validation whenever a user or device requests access, with the ability to control those devices and users. You can read more about Zero Trust in a recent blog post.
- NAC is therefore essential to keep unauthorised users & devices OUT of private networks. Infosec Partners provides real-time NAC solutions that improve enterprise network security and workforce productivity.
Real Time Analysis – Security Information & Event Management (SIEM)
- SIEM technology collates log data, security alerts and events, from applications, devices, networks, infrastructure, and systems, providing a holistic view into network activity into a centralised platform to provide real-time analysis for security monitoring.
- Infosec Partners provide a range of Managed SIEM Services, ranging from our cloud-based ‘SIEM as a service’ which is up and running in days, to a fully architected and deployed on-premise, remotely managed and operated SIEM service managed by fully vendor-certified and trained SIEM engineers and analysts.
Quick and Efficient Response – Incident Management
- Quick discovery and an efficient response to an attack on your network can save an untold amount of time and money, not to mention protect your reputation.
- You may need assistance with creating a Cyber Incident Response Plan (CIRP) or perhaps require a Managed Incident Response Service where cyber experts act on any security breach on your behalf. In either case, is your business prepared for a cyber attack?
Complex OT Environments Require Expert Cyber Security Solutions
With the growing OT-IT needs of organisations, coupled with the increasing complexity of the cyber security landscape, many organisations recognise that Managed Security Service Providers (MSSPs) are required for businesses to operate efficiently, safely and securely. There are many benefits to hiring an MSSP, and when you look at how much they can save your organisation in the event of a breach, it’s definitely money well spent.
As a Fortinet UK Partner of Excellence and the UK’s first and only certified expert level dedicated Fortinet MSSP partner, we leverage the Fortinet range of security products to develop powerful cohesive cyber security solutions for organisations embracing IoT opportunities.
Furthermore, we have recently been recognised globally as the first expert partner, formally certified by Fortinet, to secure OT environments, demonstrating our advanced skills and ability to deploy, administer and troubleshoot OT cyber security solutions.
Contact the Infosec Partners team if you would like to chat about how we can protect your IT and OT environments from emerging threats.