Smart IoT Devices in Industrial Settings Have Shifted the Perspective on OT Environments From Being Reactive to Proactive
In the last decade of IT, security professionals have zeroed in on one overarching mission: identifying and containing data breaches. Not anymore. While still a primary goal of any security operations center (SOC), the attack service has expanded massively in recent years. Analysts understand the new frontier of connected devices represents the next generation of security threats. And at this year’s RSA Conference we saw a clear trend: IoT security is changing the ways IT and Operational Technology (OT) work together.
Claroty’s call-out at RSA was clear: you must effectively respond to threats with OT-specific context your existing SOC team can understand and act on. And it all starts with an assessment – understanding your current segmentation strategy, assessing weak points and building a mitigation plan.
Smart IoT devices in industrial settings, such as energy, oil/gas and manufacturing, have shifted the perspective on OT environments from being reactive to proactive and predict failures. IoT and smart monitoring are particularly important in this quest which is why OT practitioners are making serious investments in predictive analytics technology. Predictive maintenance solutions can demonstrate ROI, but security needs to be the focus in implementing such programs. Failure to implement the right controls could actually damage system availability and performance.
Almost every IoT vendor I saw at RSA also talked up the convergence of IT and OT — despite their disparate priorities — as smart IoT/OT devices continue to be integrated and networked across organizations’ digital environments. Both IT and OT teams realize the importance of security in this process, resulting in a shift of focus for IT staff on monitoring to ensure visibility so OT staff can focus on production issues. But IT and OT should go beyond their siloed focus and work together in order for IT to better protect the OT environment.
OT folks – help your IT colleagues understand the role and priority of your systems and processes. These OT-related details can help IT correlate and expedite alerts for improved risk-based decisions.
How to make OT technology secure
A lot of the answers to securing OT technology is in the OT data itself. In order for organizations to secure and efficiently optimize industrial operations, they need to make production and security data accessible and shareable across a converged IT/OT architecture, from the field network to the IT network. This will require a platform or set of integrated solutions that can both ingest data and integrate it for advanced data correlation. It’s key for rapid access and analysis of security-relevant production data.
Converged IT/OT networks typically include supervisory control and data acquisition (SCADA) systems, data historians and manufacturing execution systems (MES) that are often integrated with enterprise resource planning (ERP) and other IT systems. SCADA systems in these environments gather data from programmable logic controllers (PLCs) and remote terminal units (RTUs), analyze it and relay equipment statuses to operators and managers.
All these devices generate troves of production data, but they can also be tapped for monitoring hacked credentials or unauthorized access. Looking at and analyzing production or process downtime and security incidents within IT/OT converged networks can provide unexpected correlations and help improve the accuracy of risk assessment. Be prepared to uncover stealthy security incidents that you’ve missed when looking at production data and security data separately.