These days, just about everybody knows the phrase IT, or Information Technology. However, despite its integral role in just about every industrial and commercial process, the concept of OT (Operational Technology) is less well known. In this post, we’ll be going over the basics of OT security, how it’s different from IT security, the meaning behind OT-IT convergence, and how Fend can secure your OT systems and networks.
According to the CSRC, Operational Technology (OT) consists of “programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events”.
In other words, while IT is mainly concerned with the use of computers and other devices for moving and storing data, OT is mainly concerned with the systems and equipment that manage or monitor physical processes, and can be found in a variety of facilities, such as warehouses, water treatment plants, power plants, and many more. Examples of these systems include industrial control systems, building management systems, fire control systems, and programmable logic controllers.
What is OT Cyber Security?
Like IT cyber security, OT cyber security consists of the measures taken to safeguard the people, assets, and information associated with operational technologies. More specifically, OT security protects industrial control systems, critical infrastructure and other assets from cyber threats, unauthorized access and potential disruptions to ensure their reliable and safe operation.
Unlike most IT networks, which have been connected to the internet since their inception, OT networks have traditionally operated as fully isolated or air-gapped networks. Because of this, most OT devices and networks lack the common built-in cyber security measures you’d expect to see in an IT setting. However, organizations are increasingly connecting OT networks up to IT networks and the internet in what has become known as the Industrial Internet of Things (IIoT). This connectivity brings benefits including increased visibility into operational data, real-time equipment monitoring, and cost savings, but opens up OT systems to cyberattack.
Many IT cyber security technologies have been adapted and applied in an OT context (operator cyber training, firewalls, network monitoring, intrusion detection) to protect OT systems, but sometimes OT systems are too important or too critical for approaches that are not 100% effective at stopping cyber threats.
What is OT Security? An Overview of Operational Technology Security
"While IT is mainly concerned with the use of computers and other devices for moving and storing data, OT is mainly concerned with systems and equipment that manage or monitor physical processes."
Why Is OT Cyber Security Important?
The main focus of OT cybersecurity is to prioritize the secure operation of critical physical assets. Facilities that become compromised can lose time, money, and assets. In a worst-case scenario, OT cyberattacks can result in loss of life. OT cybersecurity emphasizes the need to maintain control and ensure operational safety at all times.
Threats on OT infrastructure are especially serious – a successful attack on OT equipment can be catastrophic, as the critical infrastructure industries that depend on OT systems include everything from emergency services and food/agriculture to dams and nuclear reactors.
What Is the Difference Between IT and OT Cyber Security?
Now that we’ve covered the basics of OT security and its importance, let’s take a closer look at the differences between IT cybersecurity and OT cybersecurity:
Secures computer systems, networks, data, and information.
Deals with traditional IT infrastructure like servers, desktop computers, laptops, and corporate networks.
Protects sensitive information and maintains confidentiality, integrity, and availability of data.
Common threats include loss of data, intellectual property theft, and ransomware.
Secures industrial control systems (ICS), critical infrastructure, and operational technologies.
Protects devices like programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, and other industrial devices.
Prioritizes the safety, reliability, and availability of physical processes and operations.
Common threats include operational disruptions, physical damage, safety hazards, and public safety threats.
Because OT assets are being connected to the internet as Industrial IoT devices, legacy systems are becoming exposed to the internet, resulting in new vulnerabilities. OT systems have been in place for a long time in most facilities, before the internet, making them extremely insecure.
This is the main idea behind IT-OT Convergence – each of these different landscapes have been separated in the past, but as the need for real-time data and updates from OT networks outside the facility has grown, a need for OT and IT to be integrated has arisen. In many air-gapped OT networks, it isn’t uncommon for data to be retrieved from the site by a physical medium (such as an optical disk or flash drive) on a regular basis to keep OT and IT separated.
Luckily, with the physical and optical isolation provided by data diodes, the best of both worlds can be achieved between an air-gapped network and real-time visibility of critical assets.
As IT and OT converge, industry standards are recognizing the benefits of network segmentation and several key guidance documents now promote the use of data diodes, including:
IT-OT Crossover: Network Security Monitoring for Compliance and Prevention
Monitoring networks for possible intrusion from outside attackers is an IT industry best practice. Such monitoring can also be useful for OT networks as well. Data diodes can be used to extract network data in the form of log files or otherwise from air gapped networks for use in threat detection platforms. Doing helps identify insider threats without opening the door to outsider threats. The practice can also make it easier to comply with mandates impacting both industry and government stakeholders. For example:
The US Department of Homeland Security (DHS) Binding Operational Directive (BOD) BOD 23-01 was released with the goal of "Improving Asset Visibility and Vulnerability Detection on Federal Networks." All IP devices, whether IT or OT are in scope.
The Federal Energy Regulatory Commission (FERC) is strengthening its Critical Infrastructure Protection (CIP) Reliability Standards by requiring internal network security monitoring (INSM) for high- and medium-impact bulk electric system cyber systems. Many of these systems operate behind air gaps today, so data diodes present a great option for compliance that doesn't sacrifice security.
How Fend Can Strengthen Your OT Security
Historically, data diodes have been costly and complicated devices to install. Fend’s data diodes are an accessible and affordable solution for creating a one-way valve for data to flow from an OT network to a local IT network (or beyond).
Our diodes include ethernet and serial interfaces for drawing data from even the oldest equipment, making them largely compatible with most forms of OT equipment. All of our diodes have an ethernet interface on the output side, which allows for data received serially to be transmitted elsewhere via ethernet (or by cellular signal on our cellular models). Our diodes also support a variety of relevant protocols for OT data, such as Modbus and FTP/FTPS.