An Overview of OT Security
Author: TM Ching and Peter Dowley
In the year 2013, the term “Industry 4.0” was cemented to describe the next manufacturing revolution which extends the current system automation and data exchange processes in a hyper-connected world through the use of cyber-physical devices, Internet of Things, cloud infrastructure and machine learning technologies. Broadly speaking, Industry 4.0 is the industry-focused application of the broader digital transformation trend and the term also applies to industrial markets such as manufacturing, energy, utility, oil and gas, mining, construction, transportation, logistics and healthcare.
In a hyper-connected world using cyber-physical devices, organisations in industrial markets must consider the security of their OT environment.
Before the rise of Industry 4.0, organisations in industrial markets had been operating an Operational Technology (OT) function to manage their industrial equipment and devices in the areas of monitoring, production and logistics functions. Unlike the Information Technology (IT) functions prevalent in most industrial organisations, cybersecurity practices in the OT environment are not mature and have been lagging the IT environment by at least 5 to 10 years.
As these industrial organisations are starting to embrace Industry 4.0, they are beginning to realise that the OT security management framework has to be progressively improved as their industrial processes begin the adoption of modern digital technologies and hence introduce additional risks to their industrial processes.
In December 2017, a Middle Eastern oil and gas petrochemical company had its plant operations shut down by malware known as TRITON which specifically targeted the safety system inside their OT environment. Such an attack is not an anomaly, and in the last year ICS-CERT (headed by US CERT) has received reports of cybersecurity attacks on various industrial organisations around the world.
If industrial organisations are to embrace Industry 4.0 to improve their competitiveness in the market, it is important for them to adopt good cybersecurity practices within their OT environments, and it is important to align their OT Security frameworks to relevant frameworks and standards such as the NIST Cybersecurity Framework, ISA/IEC 62443 and the NERC-CIP standards. Some of the best practices developed over the last two decades by the IT Security industry can also be applied in a manner that is appropriate for the OT environment.
Differences between ICS security and IT security
OT Security generally covers security controls around Process Control Systems (PCS), Distributed Control Systems (DCS) and Supervisory Control and Data Acquisition (SCADA) environments which are also collectively referred to as Industrial Control Systems (ICS) environments.
An ICS environment can be as simple as an engineering workstation connected to a Programmable Logic Controller (PLC) which interfaces with a small set of relays and meters, or as complex as a highly redundant and distributed system in a command centre that manages thousands of Industrial IoT (IIoT) devices across many sites. The ICS environment will also utilise common IT systems and devices such as authentication servers, IP-based network switches, and firewalls as well as PC workstations which run the engineering software for managing the ICS devices.
While most industrial control systems leverage Ethernet and IP-based protocols, there are many types of industrial protocols which make it harder to apply security controls in a consistent manner. Protocols such as Common Industrial Protocol (CIP), Modbus, MTConnect, DNP3, Profinet and EtherCAT were built for different purposes, and are often exposed to a larger set of attack vectors than traditional IP-based protocols.
The most critical differences between security management in an ICS environment and an IT environment are due to the major differences in the operating priorities for industrial processes compared to IT systems.
Read the full insight to find out more.