This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Securing OT with the help of IT cybersecurity best practices

02 October 2023

As digital transformation is unrolled across industry the need for robust cybersecurity specific to the OT domain increases. Looking to the IT domain can offer solutions, argues Lee Carter.

Digital transformation is a powerful force for good for the industry and, more importantly, the people that work within it. It is also a necessary journey for any industrial business that aims to stay competitive and achieve meaningful improvements in the realm of maintenance, efficiency, and energy use. However, once digital transformation has been established as a necessary and one-way journey, the issue of cybersecurity needs be considered at every step. 

Driving this change, and many of the capabilities of a digitally transformed business, is the convergence of information technology (IT) and operational technology (OT). IT staff have traditionally been solely responsible for the cyber protection of a business but as OT systems begin communicating with enterprise-wide software, that responsibility is now placed on every member of the team, if not more directly on OT as this is where hackers are specifically targeting. 

Recent reports from cybersecurity specialist, Claroty, show that across water/wastewater specifically, 22% of cyber-attacks affected OT systems only, resulting in costly downtime. Studies also show that manufacturing is being targeted at a higher rate than any other sector because of the new vulnerabilities that are presenting themselves in OT technology. So, while holding back on digital transformation is counter-productive, it has to be advanced in a cyber secure way that takes into account the daily lives of OT professionals. 

While it may not seem that long, it is now many years since the OT environment was ‘air-gapped’ to wider enterprise systems. While outdated, this approach did help protect systems as OT technology was harder to reach for hackers – harder, but not impossible, as Stuxnet proved. 

Fast forward through Industry 4.0 and the digital transformation of the sector, much of that OT technology remains in operation. The issue is that many OT systems were never designed with enterprise-wide communications in mind and today’s open communication between OT and IT highlights the glaring differences in the two environments, but also why a shared approach to cyber security is needed. While IT looks after the security of enterprise systems, encompassing everything from confidential customer data to new product information, OT, traditionally focuses on safety. Physical systems that can put workers in harms way require complete control and availability, removing that with a ransomware attack, for example, puts a company at risk – not only will downtime be costly for everyday the company isn’t in control, but in some extreme cases OT professionals and the general public may be put at risk. So, while IT cyber incidents may be more frequent and quicker to solve, OT incidents can cause immeasurable damage.

The starting point for a secure OT setting is simply to align approaches in standards, practices, and tools. One example of this is how quickly IT systems are updated to ensure ongoing cyber security. The same cannot always be said for OT systems which likely require long periods of downtime to update. This hinderance sees many OT systems remaining vulnerable for much longer than they have to be. Even simple best practices such as never plugging external devices into enterprise systems or having dedicated scanning environments for removable media are often not understood to be critical to OT professionals. 

While it can start small, cyber security for OT is a complex and never-ending journey, encompassing an ever-growing list of solutions, products, and approaches. OT professionals are often over-stretched and their workload is expanding as digital transformation advances. Adding the same strain IT feels to the already full plate of OT may seem like overkill, especially when considering IT has specific training and has been in this space for all of their working lives. Finding a viable approach to cybersecurity for OT is a lot like digital transformation, it requires buy in from all levels of a business, input from multiple sources, and a collaborative approach that stays up to date with the latest products and services.

The fact of the matter is, achieving SecureOT is an almost impossible task without expert help. To alleviate the strain for the already busy OT professional and keep a constant ear to the ground on the latest solutions often requires a partner organisation. Cyber security is a complex world; OT professionals need to address their cyber security concerns and having a partner there to remove the complexity makes it as simple as possible, now and for the future. The chosen partner needs to have a deep understanding of digital transformation and must work closely with your organisation to navigate the array of products in the crowded market, and create an approach to cyber security that aligns with the busy schedule of OT professionals.

There is no one-size-fits all approach to cyber security for OT, it’s about working closely with partners to meet industrial regulatory and compliance requirements and to achieve peace-of-mind.

Lee Carter is Cyber Security Product Manager at SolutionsPT.


Contact Details and Archive...

Print this page | E-mail this page