Blog / 4 min read
In recent years, operational technology (OT) has seen a transformative period which has changed the way that critical infrastructure organizations must think about their OT security. From the effects of COVID-19, forcing enterprises worldwide to quickly embrace distributed workforce models, to the convergence of IT and OT networks to maintain productivity and drive competitive advantage, OT security has become increasingly foundational to resilience and operational continuity. Unfortunately, a combination of legacy devices connected to the internet, a growing number of attack vectors, and opportunistic adversaries have created a perfect storm to exacerbate cyber risk.
The more heavily an enterprise relies on OT to conduct its core business activities, the greater the importance of security as a business enabler for ensuring operational success and continuity. Attempts to bolster OT security with traditional IT security best practices and technologies is highly ineffective, while often introducing unnecessary complexity. This is especially true because OT networks rarely have security controls in place that are suitable to the cyber threats they are increasingly exposed to because of digital transformation.
To overcome these challenges, security leaders should first determine what can be done immediately to achieve the maximum possible risk reduction, and then act accordingly. The first step to achieving this is ultimate OT security best practice, gaining full visibility into the OT environment — including granular details of all assets, sessions, and processes. Next, these details can be correlated with known threats and corresponding risk levels to inform an effective course of action for ensuring operational continuity and process integrity.
One of the biggest challenges for those tasked with securing OT environments is a lack of telemetry, and therefore, visibility into OT networks. OT assets communicate and share far more information than is typically shared among IT assets — including the software version they are running, firmware, and serial numbers. In most cases, OT network traffic can provide all the security information required for comprehensive threat monitoring. As an OT security best practice, decision makers should evaluate OT-centric asset visibility and continuous threat monitoring solutions based on their ability to be quickly implemented and integrated into IT systems and workflows to immediately increase preparedness and improve risk management.
The unprecedented circumstances of the COVID-19 pandemic and the convergence of IT and OT environments have exposed security gaps and pushed IT and OT personnel to work together to drive resolution. That being said, good intentions only go so far.
Differing — and often competing — priorities have long stood as a barrier between IT and OT teams. Specifically, IT teams typically prioritize the CIA triad, which encompasses the principles of confidentiality, integrity, and availability in the context of data or information and corresponding IT systems. Meanwhile, OT teams typically prioritize the principles of availability, reliability, and safety in the context of physical processes and corresponding OT systems.
Another IT/OT distinction that presents a challenge is the different ways in which organizations and adversaries view IT and OT networks. Organizations tend to regard IT and OT as separate networks — but to adversaries, a network is a network, so attacks impacting one environment are intertwined. Despite these differences, IT and OT security teams share an overarching desired outcome: risk reduction. Solutions that enable security teams to view IT and OT environments holistically and start to identify deviations from established behavioral baselines, unauthorized connections, and the presence of adversary techniques bring the full power of the organization's resources to bear on risk mitigation.
Working together toward a common goal while recognizing and respecting differences enables collaboration to become concrete — not just philosophical — and organizations to become more resilient, faster.
As security teams reassess what risk looks like and develop plans that focus on cyber resilience within a new structure, strong coalitions are essential to moving forward quickly. The events of the past few years have forced IT and OT personnel to make rapid progress that can serve as the groundwork for sustained efforts to strengthen cybersecurity over the coming years.
There is no better time for cybersecurity leaders to rally executive-level support for the work the security teams are doing. Many board members have been hands-on at an operational level when it comes to adapting to new and expanding cyber threats, and they have seen how preparedness and having the right technologies and processes in place are essential to enabling IT/OT convergence and creating a more resilient business. This dynamic puts CISOs and other security leaders in a strong position to garner cross-organizational support.
As organizations continue towards the trend of remote work and IT/OT convergence persists, security leaders must tackle the challenges these conditions bring to their critical OT environments head-on. By following recommended OT security best practices, organizations can better understand the relevant threats, improve collaboration, and build coalitions to accelerate digital transformation with greater confidence and unlock new business value. Achieving and maintaining cyber resilience amid challenging security and risk conditions is far from impossible — but organizations must be prepared to take the necessary steps to build a successful OT security strategy.
Read Next >> CISO Series: OT Ransomware an Evolving Threat