Six best practices for OT cybersecurity
Exploring the complexities of cybersecurity for operational technology can be a daunting task; this article delves into the challenges of IT/OT integration, exposes vulnerabilities, and advocates for a balanced, strategic approach to safeguarding critical infrastructure in the digital age.
- Understand the cybersecurity risks associated with the convergence of operational technology (OT) and information technology (IT)
- Learn about the vulnerabilities inherent in legacy OT systems and the complexities involved in upgrading these systems.
- Gain insight into best practices for OT cybersecurity, and the importance of IT/OT integration for effective defense strategies.
OT Cybersecurity Insights
While IT/OT convergence has provided benefits such as real-time data analysis, predictive maintenance and enhanced decision-making, it has also introduced new cybersecurity challenges.
The integration of IT with OT introduces conflicting requirements and priorities, further complicating the cybersecurity landscape. While OT environments prioritize the availability of systems, IT systems prioritize confidentiality.
Six best practices for OT cybersecurity can help end-users to safeguard their critical infrastructure.
In today’s modern industrial landscape, the convergence of operational technology (OT) and information technology (IT) has brought various benefits and efficiencies across multiple sectors. OT refers to the hardware and software used to control and monitor physical devices and processes such as factory machines, presses, robotics and computer terminals.
This integration has facilitated real-time data analysis, predictive maintenance, and enhanced decision-making, and has revolutionized industrial operations. However, it has also introduced many cybersecurity challenges. The potential threats to OT networks highlight the need for organizations to prioritize cybersecurity measures and invest in robust defenses to safeguard their critical infrastructure. This article discusses cybersecurity considerations for OT environments, and provides an overview of the challenges and vulnerabilities introduced by IT/OT convergence.
Legacy OT is exposed
In the past, OT systems operated in isolation from IT networks and the internet, which offered a certain level of inherent machine and data security. Despite this isolation, they were still susceptible to cyber threats. For instance, removable media such as USB memory disks or CDs could easily introduce malicious software into these isolated systems. This limited level of the cybersecurity threat landscape was generally perceived as mild.
However, as industries began to integrate IT and OT systems (putting sensors, computers and data gathering systems on IP and in some cases into the cloud), the cybersecurity threat landscape changed, exposing OT systems to a broader range of modern cyber threats. There are many legacy OT systems still in operation which exacerbates this problem as these systems were designed at a time when cybersecurity was not a primary concern. They require more robust security features to defend against modern cyber threats.
The integration of IT with OT introduces conflicting requirements and priorities, further complicating the cybersecurity landscape. In OT environments, the priority is on the availability of systems, as any downtime can lead to significant operational disruptions and potential safety hazards. In contrast, IT systems traditionally prioritize confidentiality. This divergence in priorities presents a unique challenge in aligning cybersecurity strategies across IT and OT domains, necessitating an approach that balances all critical elements: confidentiality, integrity, and availability.
There are a number of contributing factors that make the IT and OT security threat challenging. These include the use of untested commercial off-the-shelf components from low-cost suppliers. OT such as machines and sensors on IP expose all aspects of the OT system to whoever is accessing the local network. Increased remote monitoring and access exposes OT systems to external cyber attacks and unauthorized access.
In 2021, there were 64 publicly reported OT cyberattacks, marking a 140% increase from 2020. Out of these, about 35% resulted in physical harm, and these instances created an estimated damage of $140 million.
Vulnerabilities of legacy OT systems
Industrial processes and critical infrastructure rely heavily on OT systems. Unfortunately, many of these systems are built on outdated technologies that do not meet the requirements of the current era of cybersecurity threats. To secure OT environments, it is essential to understand why these systems are still in use and the vulnerabilities they present. OT systems are designed with a focus on longevity, which can result in potentially high replacement costs. Additionally, these systems often lack modern security features and use outdated software. These challenges contribute to a situation where the cost of upgrading these systems is often perceived as very high or even prohibitive.
IT/OT integration to protect assets
Bringing together IT and OT systems is not only crucial for operations but also a strategic step towards boosting cybersecurity. Enhancing cybersecurity through IT/OT integration can be achieved in a few ways. First, establish a proper IT/OT view across both domains. Security policies should be consistent across all systems. OT systems must adhere to the best practices of IT systems simultaneously, and IT and OT security practices must be unified.
Best practices for OT cybersecurity
Cybersecurity best practices are crucial in the domain of OT to safeguard critical infrastructure from the ever-growing number of cyber threats. Standards are pivotal in shaping these practices and offer structured guidance and frameworks for securing OT systems. Common standards when it comes to OT cybersecurity include IEC 62443, NIST SP 800-82 and ISO 27001. Some best practices derived from established standards and guidelines are as follows:
1. Develop a risk management and security policy
Develop an asset inventory that includes all OT devices and software. Classify assets based on their criticality and the potential impact of their compromise on the organization. Then perform periodic risk assessments to identify vulnerabilities within the OT network and prioritize them based on the level of risk they pose. Finally, establish and maintain security policies that are specific to the needs of the OT environment, with a clear delineation of security responsibilities among personnel.
2. Have continual network security and monitoring
Segregate OT networks from IT networks and use firewalls and demilitarized zones (DMZs) to control traffic between different network segments. Then implement continuous monitoring strategies to detect unusual activities or unauthorized access attempts in real time. This could involve intrusion detection systems (IDS) tailored for OT environments.
3. Have access control and management throughout the OT and IT system
Standardize access controls, authentication and authorization (commonly referred to as the triple A policy) to ensure that critical systems are only accessible to authorized users. Enforce the principle of least privilege, ensuring that users have only the access necessary to perform their job functions. Utilize multi-factor authentication (MFA) for remote access to OT systems to add an additional layer of security beyond traditional usernames and passwords.
4. Maintain system and data integrity
Establish a systematic approach for applying patches, considering the operational constraints of OT environments. Where patching is not feasible, implement compensating controls such as virtual patching. Ensure data integrity by implementing backup procedures and using cryptographic measures where appropriate to protect sensitive data in transit and at rest.
5. Develop an incident response and recovery
Develop an incident response plan that includes specific procedures for OT environments, considering the potential physical impacts of cyber incidents. Prepare disaster recovery plans that enable the restoration of operations with minimal downtime in the event of a cybersecurity incident.
6. Hold continual education and training
Conduct regular cybersecurity awareness training for all OT personnel, focusing on the unique aspects of OT cybersecurity. Provide technical training for IT and OT security teams, covering the specific technologies and processes used in the OT environment.
How to get started
To enhance cybersecurity in OT, organizations should conduct a comprehensive audit of their systems to identify and assess any vulnerabilities in all assets. This critical step will pave the way for a security strategy customized for the unique OT landscape. The focus should be on integrating technological safeguards with human-centric elements, such as training programs, to ensure personnel are equipped to recognize and respond to cyber threats and incidents.
While long-term solutions like system upgrades are being planned and executed, immediate measures must be taken. Investments should prioritize virtual patching and other risk mitigation techniques to address the vulnerabilities of legacy systems. These short-term defenses will be a crucial buffer in maintaining system integrity against ongoing cyber threats. Additionally, budgeting for cybersecurity should be viewed as an integral element of operational investment, essential for ensuring safety and continuity.
Lastly, organizations should foster a culture of collaboration and information sharing. It is essential to remain proactive by continuously updating cybersecurity strategies and incident response plans to adapt to the rapidly changing threat landscape.
Younes Rashidi, vice president of engineering operations, Hedgehog Technologies, a CFE Media and Technology content partner. Edited by David Miller, content manager, Control Engineering, CFE Media and Technology, firstname.lastname@example.org.
What aspects of your legacy network could stand to be better protected?