OT security (operational technology security) is the process and means of keeping physical operational systems safe from malfunction as a result of accidental or intentional harm. Industrial (e.g. manufacturing) and infrastructure (e.g. electricity, water, gas) systems are the domains most relevant to OT security
Why is OT security important?
OT security is so important because the areas affected by operational technology systems often impact directly on our physical safety and individuals’ or societies’ ability to function.
An IT cyber attack on a bank can cause loss of money. An OT cyber attack on a water facility – contaminating or shutting down a water supply – can cause loss of lives.
Because of the impact potential, OT security programs are top priority for critical infrastructure sectors and any industry (like food or vehicle manufacturing) that would have a direct impact on human health and safety.
How is OT security different from IT security?
IT refers to digital and electronic information, while OT is the technology hardware and software that is used for managing and monitoring physical industrial devices and machines. It is used in physical production industries, like electricity, water, oil and gas, manufacturing, and more.
The growing convergence of OT and IT (the virtual networking of physical operational systems with each other and with systems in the outside world) opens up new opportunities for productivity, convenience and efficiency, but it also opens up OT to new threats and vectors of attack.
The result is a growing need for OT cyber security and OT network security
: protection of industrial control systems on the virtual plane.
What are the main features of an OT security program?
The main features include:
1) OT risk assessment – in order to produce an informed, prioritized plan for protecting your organization, people and assets, you need to conduct an ICS risk assessment that specifies risks and vulnerabilities, establishes the probability of risks, determines impacts, develops mitigation and performs cost and benefit analysis on the different options.
2) System protection – this is the proactive part of an OT security program: putting safeguards into place against identified risks. An ounce of prevention is worth a pound of remediation. Also included in system protection are measures to keep systems functioning even if an attack should occur, such as backups and redundancy.
3) Threat detection – this is already the reactive part of an OT security program: if a threat does materialize, you want to be able to identify it as soon as possible so you can address it immediately and minimize the damage. OT security tools that handle threat detection include system observability, monitoring and alert tools.
4) Mitigation and remediation – after you’ve identified a threat, how do you deal with it? This is the job of OT security mitigation: ousting attackers and fixing any problems they’ve managed to cause.
Building a solid OT cybersecurity resilience program entails understanding what you have in your network, where you’re vulnerable (specific devices or segments in your network), prioritizing your next steps, implementing the right security controls, monitoring, and testing to see it withstands possible cyber attacks- pentesting or a passive IDS solution.