OT Security

 OT Security

Gartner defines OT security as, “Practices and technologies used to (a) protect people, assets, and information, (b) monitor and/or control physical devices, processes and events, and (c) initiate state changes to enterprise OT systems.” OT security solutions include a wide range of security technologies from next-generation firewalls (NGFWs) to security information and event management (SIEM) systems to identity access and management, and much more.

Traditionally, OT cyber security was not necessary because OT systems were not connected to the internet. As such, they were not exposed to outside threats. As digital innovation (DI) initiatives expanded and IT OT networks converged, organizations tended to bolt-on specific point solutions to address specific issues. These approaches to OT security resulted in a complex network where solutions could not share information and provide full visibility.

Often, IT and OT networks are kept separate, duplicating security efforts and eschewing transparency. These IT OT networks cannot track what is happening throughout the attack surface. Typically, OT networks report to the COO and IT networks report to the CIO, resulting in two network security teams each protecting half of the total network. This can make it difficult to identify the boundaries of the attack surface because these disparate teams do not know what is attached to their own network. In addition to being difficult to efficiently manage, OT IT networks contain huge gaps in security.

Effective OT Security is Not Negotiable

Operational technology is responsible for processes that if breached could impact outages of critical services that result in loss of life. Emergency services, water treatment plants, traffic management, and other critical infrastructure rely on operational technology solutions to operate correctly. Even a successful attack on OT organizations not responsible critical infrastructure can cause dire consequences. For example, a food production facility could ship unsafe food if safety checks are removed by a hacker.

While historically, cyber criminals have been primarily interested in stealing data, they are increasingly targeting OT networks as they recognize the potential for disruption due to inadequate OT security. They are developing more sophisticated and destructive attacks targeted specifically at operational technology companies.

OT organizations are aware of the danger. OT security professionals responded that risk is at critical levels in a recent survey by the SANS Institute. As corroboration, the Fortinet State of Operational Technology Report discovered that OT security risk is indeed a top concern—nearly 74% of OT organizations reported experiencing a malware intrusion in the past 12 months, causing damages to productivity, revenue, brand trust, intellectual property, and physical safety.