Securing OT with IT cybersecurity best practices
With digital transformation comes the need for robust cyber security specific to the OT domain. Looking to the IT domain can offer solutions.
- Understand the importance of merging operational technology (OT) and information technology (IT) teams together./li>
- Learn how to get everyone on the same page in terms of objectives and priorities and developing a shared plan.
- With Industry 4.0, the convergence of operational technology (OT) and information technology (IT) necessitates a shared cybersecurity approach to safeguard against targeted attacks, given the unique vulnerabilities presented by OT systems.
- Achieving a secure OT environment demands alignment in standards, practices, and tools, often necessitating expert help from partner organizations well-versed in digital transformation and the complexities of the crowded cybersecurity market.
Alongside plant digitalization comes a need to consider cybersecurity at every step. Information technology (IT) staff have traditionally been responsible for the cyber protection of a business but as operational technology (OT) systems begin communicating with enterprise-wide software, that responsibility is now placed on every member of the team, if not more directly on OT.
Studies show manufacturing is being targeted at a higher rate than any other sectors because of the new vulnerabilities that are presenting themselves in OT technology.
Traditionally, the OT environment was “air-gapped” to wider enterprise systems. While outdated, this approach did help protect systems as OT technology was harder for hackers to reach.
Fast forward through Industry 4.0 and the digital transformation of the sector, much of that OT technology remains in operation. The issue is that many OT systems were never designed with enterprise-wide communications in mind and today’s open communication between OT and IT highlights the differences in the two environments, but also why a shared approach to cybersecurity is needed. OT environments traditionally focus on safety.
Physical systems that can put workers in harms way require complete control and availability, removing that with a ransomware attack, for example, puts a company at risk. Not only will downtime be costly for everyday the company isn’t in control, but in some extreme cases, OT professionals and the general public may be put at risk. While IT cyber incidents may be more frequent and quicker to solve, OT incidents can cause serious damage.
Ensuring OT is cybersecure
The starting point for a secure OT setting is to align approaches in standards, practices and tools. One example of this is how quickly IT systems are updated to ensure ongoing cybersecurity. The same cannot always be said for OT systems. This sees many OT systems remaining vulnerable for longer than they have to be. Even simple best practices such as never plugging external devices into enterprise systems or having dedicated scanning environments for removable media are often not understood to be critical to OT professionals.
Cybersecurity for OT is a complex and never-ending journey, encompassing a growing list of solutions, products and approaches. OT professionals are often over-stretched and their workload is expanding as digital transformation advances. Adding the same strain IT feels to the already full plate of OT may seem like overkill, especially when considering IT has specific training and has been in this space for all of their working lives. Finding a viable approach to cybersecurity for OT is a lot like digital transformation, it requires buy in from all levels of a business, input from multiple sources and a collaborative approach that stays up to date with the latest products and services.
Achieving a secure OT is an almost impossible task without expert help. To alleviate the strain for the already busy OT professional often requires a partner organization. OT professionals need to address their cyber security concerns and having a partner to remove the complexity can be helpful. The chosen partner needs to have a deep understanding of digital transformation and must work closely with the organization to navigate the products in this crowded market, and create an approach to cybersecurity that aligns with the busy schedule of OT professionals.
There is no one-size-fits all approach to cybersecurity for OT, it’s about working closely with partners to meet industrial regulatory and compliance requirements and to achieve peace of mind.
Lee Carter is cybersecurity product manager at SolutionsPT. This originally appeared on Control Engineering Europe. Edited by Chris Vavra, web content manager, CFE Media and Technology, firstname.lastname@example.org.
Keywords: cybersecurity, operational technology (OT)
What is the biggest challenge you face in developing a cybersecurity plan?
Original content can be found at Plant Engineering.