Building secure networks for Operational Technology (OT)
Sean Tickle is Cyber Services Director at Littlefish, a managed IT and Cyber Security Provider based in the UK
Operational Technology (OT) refers to hardware and software that’s used to monitor and control physical devices, processes, and infrastructure inside industrial operations, including critical national infrastructure (CNI). For example,OT exists in industries like manufacturing, energy, transportation, waste control, and utilities andis incredibly important in terms of bothits capability and profitability.
For ease, we can think of OT as it falls into two categories:1) the Internet of Things (IOT), e.g., smart devices that introduce networking capabilities to traditional OT systems and – perhaps more prominently – 2) Industrial control systems (ICS), which are specialised systems used to monitor and control industrial processes and operations.
OT is often thought of alongside its cousin, IT – and, while both are technologies with specific purposes, OT does differ from IT in several distinct ways. For example, IT focuses on managing and processing digital information within an organisation (including activities like data storage, software development, user support, devices, and comms, etc.),whereas OT controls high-tech specialist systems, including components like supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), sensors, actuators, and so on. These are systems that are crucial for ensuring the smooth and efficient operation of critical processes like assembly lines, power generation plants, oil refineries, and water treatment facilities.
In recent years, the intermingling of OT with IT, known as IT/OT convergence, has become increasingly important for improving efficiency, safety, and security in industrial operations. However, it also introduces new challenges related to cyber security, as OT systems are becoming more interconnected with IT networks and therefore more exposed to cyber threats.
Important OT functions
Operational Technology is fundamental for driving innovation, improving productivity, ensuring safety and reliability, and maintaining the infrastructure that underpins most modern industrialised societies.
The crucial role it fulfills includes ensuring elements like:
Efficiency – OT systems enable industries to automate and optimise their processes, leading to increased efficiency in production, distribution, and resource management. By monitoring and controlling physical devices and processes in real-time, OT helps minimise downtime, reduce waste, and maximise output.
Safety: – OT plays a vital role in ensuring the safety of industrial operations by monitoring environmental conditions, detecting abnormalities, and triggering automated responses to prevent accidents. For example, in manufacturing plants, OT systems can detect equipment malfunctions or hazardous conditions and initiate shutdown procedures to prevent injuries or damage to equipment.
Reliability – OT systems are designed to operate in harsh and demanding environments, providing reliable performance even in extreme conditions. This reliability is essential for industries where downtime can result in significant financial losses or pose risks to public safety, such as power generation, transportation, and healthcare.
Quality control – OT systems help maintain product quality and consistency by continuously monitoring and adjusting production processes to meet predefined standards and specifications. This is critical in industries like food and beverage, pharmaceuticals, and automotive manufacturing, where product quality directly impacts consumer satisfaction and safety.
Data-driven decision making – OT generates vast amounts of data about industrial processes, equipment performance, and environmental conditions. By analysing this data, organistaions can gain valuable insights into their operations, identify opportunities for improvement, and make data-driven decisions to optimise efficiency, reduce costs, and enhance competitiveness.
Infrastructure management – OT is essential for managing critical infrastructure such as energy grids, water treatment plants, and transportation networks. These systems ensure the reliable and efficient operation of essential services that support modern society and economic activities.
It’s due to the criticality of operations like the ones above that OT is actually incredibly vulnerable.
Not only are cyber-attacks against OT systems and critical infrastructure ranked among the top five most significant risks by the World Economic Forum, but it’s also very difficult – if not impossible – to shut down OT for maintenance, upgrades, or even damage control should the worst happen.
After all, any momentary delay or period of unplanned downtime loses massive amounts of money for corporations, not to mention being often highly disruptive if not destructive to the rest of us (imagine, for example, if our water became chemically imbalanced due to an OT failure).
Building a secure OT network
Long sincecritical for IT, cyber security is also of vital importance for OT. It helps protect our national infrastructure and keeps machines and networks up and running inside industries that generate profit and help create jobs.
Naturally, as OT becomes more and more connected and interlinked with the IOT, new vulnerabilities open for cyber criminals to exploit – a truth that’s incredibly worrying given around 90% of organisations that operate OT systems have experienced one or more security events in a two-year period, with 50% of these leading to downtime.
This is exactly why it’s so crucial for organisations to be proactive when it comes to building secure networks that run OT and take into consideration full end-to-end security measures from the ground up.
To this end, and along with implementing regulatory compliance standards such as ISA/IEC62443 and NIS2(the EU’s mandatory cybersecurity directive), I recommend a four-phase approach to building a secure OT environment:
Phase one: assess
It’s important to begin with an assessment to establish alignment ofthe current OT environment againstindustry best practice standards such as the ISA/IEC62443. This is carried out through evaluation of risk, vulnerabilities, and the organisation’s threat landscape.
The assessment will result in recommendations for the approach’s design and implementation phases.
Phase two: design
The design phase will carefully consider design elements and associated documentation, e.g., networkzoning/segmentation, vendor and supply chain security, andattack surface minimisationthrough areas such as secure remote access and enforcement of a defense in-depth strategy.
Phase three: implement
With a comprehensive design in place, changes are then implemented into the OT network ensuring that key areas such as interoperability, along with compatibility and maintenance of the systems used, are considered.
Phase four: monitorand respond
Now that the network is built with proactive security in mind, it’s time to ensure that there are mechanisms in place for detection andresponse capabilities.These allow for a dedicated security team to ensure that threats to the OT environment maintain a reduced dwell time andthe team to contain and eradicate any threats.
Given the importance of OT environment uptime, phase four should not be undertaken lightly; it should be built on dedicated solutions and maintained by experienced security professionals.
Following the above four phases helps enhance the security of OT environments hugely because they provide a structured approach to building OT infrastructure from a foundation of industry best practice.
Implementing the four phases in a well thought out and effective mannerprovides OT organisations the ability to monitor and respond to security incidents in an ever-changing threat landscape.
Other security best practices OT organisations can implement include:
Access Control – enforce strong access controls to restrict privileges and limit access to OT systems and data based on the principle of least privilege. This includes implementing multi-factor authentication, role-based access control, and regular user access reviews.
Patch management – establish a robust patch management process to promptly apply security patches and updates to OT devices, software, and firmware. Regularly monitor vendor advisories and security bulletins to stay informed about vulnerabilities and patches.
Incident response plans – develop and maintain incident response plans and procedures to effectively respond to and mitigate security incidents in OT environments. This includes establishing communication protocols, defining roles and responsibilities, and conducting regular incident response exercises and drills.
Physical security – implement physical security measures to protect OT assets, facilities, and infrastructure from unauthorized access, tampering, theft, and sabotage. This may include access controls, surveillance cameras, perimeter fencing, and intrusion detection systems.
Training – provide comprehensive cybersecurity training and awareness programs for OT staff, including operators, engineers, and maintenance personnel. Educate employees about common threats, phishing attacks, security best practices, and the importance of maintaining a security-conscious culture.
Vendor security – work closely with OT vendors and suppliers to ensure the security of third-party components, equipment, and software integrated into OT systems. Conduct security assessments, review vendor security practices, and include security requirements in procurement contracts.
By implementing these security measures and adopting a holistic approach to OT security, organisations can reduce the risk of cyber threats, protect critical infrastructure, and maintain the integrity, availability, and confidentiality of their operational systems and data.