OT Networks Are Often a Black Box for Security Teams and Don’t Have the Telemetry to See and Monitor Industrial Environments
Every company in the world relies on operational technology (OT) networks. For nearly half of the Fortune 2000 – in industries including oil and gas, energy, utilities, manufacturing, pharmaceuticals, and food and beverage – these networks are critical components to their business. The rest rely on OT networks to run their office infrastructure – lights, elevators, and datacenter infrastructure.
Adversaries understand the importance of these networks and have attacked them boldly to create widespread havoc, as in the case of WannaCry and NotPetya. They also know how to manipulate them in more subtle ways that would not be immediately observable but could erode public trust. For example, disrupting production of the top pharmaceutical companies to create shortages of medications, or tampering with the industrial machines responsible for logistics at our largest transportation hubs to bring commerce to a standstill.
The more important OT networks are to your business, the more essential effective OT security is to the success of your operations. In fact, it enables your business in three important ways: 1) protecting “business as usual,” 2) reducing risk from digital transformation, and 3) securing remote access. Let’s explore these further.
1. Protect business as usual
For organizations whose OT networks are the lifeblood of their business, revenue is generated and customers’ lives are improved when those systems are up and running. Any risk that threatens availability and uptime can have significant financial impact when systems must be shut down and restarted. Attacks can also be devised to put product delivery at risk, creating changes in a product that aren’t desirable in many, different ways, such as tampering with machinery to change recipes, or contaminating water supplies used in the production process. Finally, and most importantly, OT environments often include safety systems to protect people inside or near the facility in case of machinery malfunctions. A compromise to these systems could have devastating effects on the lives of workers, their families and local communities.
Action: The OT network has been a blind spot for IT security professionals for decades, but now the urgency is escalating to address the IT-OT security gap. Because OT networks have no modern security controls you have an opportunity to design a security program from scratch – without having to worry about existing security technology. You can prioritize the most important use cases and focus on gaining full visibility into your OT environment. With granular details of all assets, sessions, processes, and corresponding risk levels, you can identify threats in the network to mitigate risk and assure continued operations of critical processes.
2. Reduce risk from digital transformation
Digital transformation is here to stay and is good for business. Connecting OT networks to IT systems for automation and inputs has unlocked tremendous business value – enabling improvements in operations efficiencies, performance, and quality of service. Recently, the move to digital has accelerated as companies transition more of their operations online to create a new normal and prepare for a post-pandemic future. As enterprises continue to increase connectivity between their OT and IT networks, many are finding that accurately identifying – much less reducing – risk in their industrial environments is exceedingly complex and resource-intensive largely due to fundamental differences between OT and IT.
Action: As a security professional, chances are you’ve worked hard and made strategic investments to build a strong cybersecurity foundation on the IT side to support your company’s digital initiatives. Now you have an opportunity to do the same on the OT side by using the differences between OT and IT networks to your advantage. OT networks are designed to communicate and share much more information than is typically available from IT components – the software version they are running, firmware, serial numbers, and more. As such, OT network traffic provides all the security information you need to monitor for threats. With a solution that you can quickly implement for asset visibility and continuous threat monitoring, you can start to close the IT-OT security gap.
3. Secure remote access
Network administrators of OT networks need to provide secure remote access to more workers than ever. In addition to manufacturers who typically have contracts to service machines remotely, they have an influx of new users they need to support. Any employee who previously worked onsite, for example on the manufacturing shop floor, but is now working outside the facility, needs online access so they can continue to do their jobs. Third-party contractors who previously provided specialty services like production optimization, also now need remote access to relevant equipment to support their contract and keep production lines running smoothly.
Action: In times like these, where every organization is reducing staff on site, the need to safeguard OT networks from threats introduced via unmanaged and unmonitored access by remote users, including employees and third-party vendors is increased. Consider solutions that provide granularity of control, the ability to audit access, and additional levels of security, such as password vaulting and secure file transfer, so you can mitigate risk.
Despite their ubiquity, OT networks are often a black box for security teams; they simply don’t have the telemetry to see and monitor these environments. When your core business operations, digital transformation initiatives and workers’ ability to do their jobs are at risk, effective OT security must become just as ubiquitous. It is what enables your business to move forward and realize its full potential.