Protecting OT systems with IT collaboration

Protecting OT systems with IT collaboration
(Image credit: Pixabay)

Over the past decade, the manufacturing industry has made steady progress toward improving productivity and performance through digital transformation. While this approach has proven to be beneficial across the entire value chain, these benefits don’t come without a price.

About the author

Adrian Louth, Operational Technology Cybersecurity Business Development at Fortinet

As organisations make their operations more agile to stay competitive within a quickly evolving marketplace, many operational technology (OT) systems are being connected to the outside world for the first time. This trend promises great benefits for manufacturers, but also directly exposes OT systems to cyber threats they were never prepared to address. In a world where a factory production line could be controlled by malicious actors, it’s essential that businesses adopt a collaborative approach to security solutions and incident response.

The disappearing air-gap

Until the early 1990s, the connected world was a simpler place where physical wires were necessary for two machines to establish communication. In the absence of such a physical connection there existed a void – also known as an ‘air-gap’. Historically, OT has operated autonomously and fully isolated both from the internet and the IT network, creating an air-gap through which these systems were thought to be protected from reconnaissance, hacking attempts, and other malicious activities. The reality has always been that few air-gaps are routinely bridged for maintenance and other work and the risk this bridging entailed was seen as trivial.

However, as OT systems become more connected and the air-gap rapidly disappears, organisations are having to face the reality that the risk is now significant. Vulnerabilities in critical systems are being directly exposed, making OT an easy target for adversaries. In fact, a recent survey found that 58% of industrial firms have suffered a breach in the past 12 months, illustrating that OT systems are indeed cyber targets of primary interest.

One of the industry’s main challenges is that the operational life span of provisioned OT systems is far greater than in any IT infrastructure. This is because OT systems were traditionally thought to be ‘hardened’ by the air-gap, and were therefore built upon legacy software with long life cycles. As a result, you’ll find unpatched and unsupported technologies sometimes years or decades old, which are now being exposed to the outside world.

For OT to continue with minimal disruption, network vulnerabilities need to be managed and cyberattacks need to be detected and blocked. However, it remains unclear who within an enterprise is responsible for securing production sites and processes – is this the job of the IT department?

IT/OT collaboration is key

To date OT has focused on production and industrial equipment availability, but hasn’t needed to consider connectivity or cybersecurity. IT, however, takes care of data security and has little to no experience in dealing with industrial systems. If these teams worked together to adopt a unified, converged infrastructure, businesses would be able to achieve much faster incident response and more thorough process control for critical OT systems.

Anyone looking to kickstart this merger will need to recognize that the devices used by OT often present a set of unique security liabilities that IT teams may not have had to tackle before. Older systems that have been in place for years not only have never been updated, they also monitor critical systems, such as thermostats and pressure valves, so they cannot ever be taken offline, even for patching. It’s therefore critical that businesses adopt security tools that cater to both IT and OT requirements. 

Dynamic, intelligent processing solutions like Next-Generation Firewalls and Network Access Control can be combined with OT-specific protocols to create a zero-trust network access strategy. This will ensure accurate control of network traffic, as well as high visibility across the new converged team’s operations, allowing easy and centralized management of these complex systems.

Driving cultural transformation will also play a key role in the success of any convergence project, with strong leadership needed to ensure culture clashes are dissipated and neither party feels like an afterthought. Of course, some aspects of unified teamwork might be slightly more difficult due to clearly different – and sometimes oppositional – objectives between teams. 

For example, while confidentiality is the top concern for IT systems in order to protect data, and occasional systems downtime, this is the reverse for OT networks, where uninterrupted availability is mission-critical. At such times it is important for teams to communicate effectively and find ways to address the differences between IT and OT environments.

One goal

As industrial systems continue to evolve, OT leaders are faced with new challenges that have led to new priorities. To effectively protect their high-value assets, those who manage and maintain critical infrastructure must keep abreast of the latest security trends and understand how to secure their migration into this broader, digitally transformed landscape.

By looking at the bigger picture and adopting a collaborative approach between IT and OT teams, organisations can meet evolving business demands whilst maintaining a strong cybersecurity profile. This convergence will not only protect specific OT systems, it will reduce security vulnerabilities and incidents for the organisation as a whole.

Adrian Louth

Adrian Louth is the Operational Technology Cybersecurity Business Development at Fortinet. Adrian works with cybersecurity and OT teams to improve their business security, protect their key assets and ensure their critical processes.