In order to address the growing cyber threats, manufacturing companies need to enhance the collaboration between IT and OT teams, adopt a unified cybersecurity strategy, and ensure the network security of the entire organization.
How can manufacturing companies protect Information Technology (IT) and Operational Technology (OT) from malicious actors and escalating cyber threats? Fundamentally, addressing these challenges requires the collaboration and coordination of IT and OT teams. However, the integration of IT and OT has always been a challenge across various industries. To better understand this phenomenon, let's first clarify the main differences between them:
● Focus: IT focuses on managing and processing data and information to support business systems and objectives. OT focuses on monitoring and controlling physical industrial/operational processes and equipment.
● Systems: IT systems mainly include computers, networks, software, and data centers. OT systems mainly include industrial control systems, SCADA systems, sensors, and actuators.
● Purpose: The purpose of IT is to process information. The purpose of OT is to control industrial processes and automate them. IT systems implement communication, data analysis, and software applications, while OT systems control and automate physical processes in the industrial production environment.
Advertisement
● Operation: IT systems mainly operate in office environments. OT systems operate in industrial plant environments and interact with physical industrial processes.
● Performance Metrics: Key metrics for IT systems include system uptime, response time, and data accuracy/integrity. For OT systems, key metrics are system reliability, availability, safety, and output capacity.
● Security: The IT department prioritizes data security, confidentiality, and privacy. OT prioritizes the availability, integrity, and reliability of control systems. Security strategies differ due to their different requirements.
In summary, IT involves information flow and information processing. OT, on the other hand, handles physical process operations and automation through control systems and sensors. As facilities become increasingly digital, the integration of IT and OT systems also becomes higher, which requires a unified IT/OT approach in terms of cybersecurity and data management.
01 Enable Better Collaboration Between IT and OTGiven the inherent differences between the two, the following seven strategies can help IT and OT work together more effectively to protect the organization from cyber attacks and maintain readiness:
1. Strengthen communication and collaboration between IT and OT teams. Conduct joint IT/OT department exercises to jointly respond to simulated cyber attacks.
2. Adopt security strategies that span both IT and OT. Share policies, best practices, threat intelligence, and technology requirements specific to each business department to maximize the security of each.
3. Properly segment IT and OT networks, limiting lateral data movement and communication between departments within the organization. Deploy demilitarized zones (DMZs), firewalls, etc., to achieve the best balance between connectivity and isolation.
4. Understand the security risks in a unified IT/OT environment. Audits, risk assessments, vulnerability scans, and asset visibility studies are common in IT systems and should also be completed in OT systems. Develop an overall remediation roadmap based on the results of both.
5. Deploy complementary security monitoring and analysis to achieve centralized visibility across IT and OT systems. Use cybersecurity technologies to quickly detect anomalies and network intrusions.
6. Strictly control remote access to OT systems. Limit connection permissions, monitor third-party vendors, and strictly authenticate through multi-factor authentication with audit trails.
7. Provide integrated security awareness and training for IT and OT employees at all levels of the company. Update skills through ongoing training.
02 Learn from IT Cybersecurity Best Practices
Given the differences between the disciplines and IT's leading experience in the field of cyber protection over the past 20 years, OT can follow the recommendations of the IT department or develop a NIST framework to address activities related to identification, protection, detection, response, and recovery in a similar OT environment.There should be a clear demarcation line between OT (Operational Technology) and IT (Information Technology), and these boundaries should be understood. Even within the same organization, IT and OT are essentially third parties to each other, with completely different roles, responsibilities, applications, systems, and technologies. In terms of installing and managing their own firewalls, OT should take the same stance as IT does with other third parties.
Just as the IT department would undoubtedly say they are responsible for enterprise systems (such as ERP, email, enterprise data centers, infrastructure, and business networks), from a cybersecurity perspective, the OT department must take a similar level of ownership for its environment.
For this reason, visibility of the plant floor network is equally important for both OT and IT to accurately determine what devices are present on their network. This is crucial for asset inventory and accessing the latest information related to software levels, installed programs, and patch levels through configuration management tools. OT needs to take the same asset detection, monitoring, and remediation steps that IT has been doing for years.
As factories become more digital, cybersecurity issues must be considered at every step. Traditionally, IT personnel are responsible for the network protection of the enterprise, but as OT systems begin to communicate with enterprise-wide software, this responsibility falls on every member of the team, and even more directly on OT.
Research shows that due to new vulnerabilities in OT technology, the manufacturing industry has a higher rate of being targeted than any other industry. Traditionally, the OT environment is "isolated" from broader enterprise systems. Although this approach is outdated, it did help protect the systems because it made it difficult for hackers to access OT technology.
With the rapid advancement of Industry 4.0 and digital transformation, many new challenges have also emerged. Many OT systems were never designed with enterprise-wide communication in mind, and now the open communication between OT and IT highlights the differences between these two environments, while also explaining why a common cybersecurity approach is needed.
Physical systems that could harm workers need complete control and availability. For example, deleting them through a ransomware attack would put the company in danger. Downtime is not only costly for the company but also poses risks to OT professionals and the public in some extreme cases. While IT network incidents may be resolved more frequently and quickly, OT incidents can cause serious damage.
03 Ensuring OT Cybersecurity
The starting point for securing OT settings is to adjust the approach in standards, practices, and tools. An example of this is the update speed of IT systems to ensure continuous cybersecurity. This is not always the case for OT systems. This makes many OT systems more vulnerable to attacks for longer periods than necessary. Even simple practices, such as never plugging external devices into enterprise systems or providing a dedicated scanning environment for removable media, may not have received enough attention from OT personnel.
OT cybersecurity is a complex and never-ending journey, involving an increasing number of solutions, products, and methods. As digital transformation progresses, OT professionals are often overwhelmed, and their workload increases. Adding the same pressure felt by the IT department to an already overloaded OT team seems a bit excessive, especially considering that the IT department has received specialized training and has been working in this field throughout their career. Finding a viable cybersecurity approach for OT is very similar to digital transformation; it requires support from all levels of the enterprise, input from multiple sources, and a collaborative approach to staying up-to-date with the latest products and services.Achieving secure OT without the help of experts may be an extremely challenging task. To alleviate the pressure on already busy OT professionals, it is often necessary to seek assistance from partners. OT professionals need to address their cybersecurity issues, and having a reliable partner to eliminate complexities may be helpful. The chosen partner must have a deep understanding of digital transformation and must work closely with manufacturing enterprises to help them create a cybersecurity approach that aligns with the busy schedules of OT professionals.
Key concepts:
■ Understand how to reach a consensus on goals and priorities between IT and OT, and formulate a joint plan.
■ Given the unique vulnerabilities present in OT systems, the integration of OT and IT requires a shared cybersecurity approach to guard against targeted attacks.
Leave a Comment