Currently industrial operations encompass complex technology infrastructures, which work in different parts of the organization, detecting cybersecurity threats. An example of this is information technology (IT) and operational technology (OT), which pose new challenges to protect industrial environments, identifying in time threats that are difficult to detect, investigate and correct, to prevent attacks against organizations.
Previously, IT infrastructure played a critical role, ensuring complete visibility, security and compliance within industries. Especially since it was the target of attacks against organizations. However, in the last 20 years OT became an attractive target for new attacks so coordinating both technologies is a smart strategy.
But why are OTs now the focus of attacks on industrial operations and critical infrastructure? Because industrial controllers, depending on the type of industry, are extremely reliable and control everything. These can be called PLC (Programmable Logic Controller), RTU (Remote Terminal Unit) or DCS (Distributed Control System), which control everything from cooling stations to turbines, through electrical networks, gas and oil, and much more. Industrial control systems (ICS) in fact keep basic operations running, remaining unstoppable for years, so we can consider them the engine of society, and a very attractive target, for cyberattacks.
Industrial controllers were previously neither connected nor interconnected. However, contemporary technological advancements brought these devices online and thus they have become the target of hackers. The drivers were not designed to deal with threats or human error, as their functions are others but a carefully executed attack can accomplish as much or more than modern warfare.
An attack can start in an IT environment, but it can quickly progress to an OT environment and vice versa. Lateral movement is almost the attack methodology preferred by hackers, due to the relative ease of finding a weak link in the system, taking advantage of it as an entry point, and then quickly taking over the entire organization network.
Nowadays, Few organizations manage IT and OT with the same staff and the same tools. After all, these networks evolved with a different set of priorities, operating in different environments by nature. However, to deal with complex threats, many industrial organizations have chosen to converge their IT and OT infrastructure, but it is not an easy task as the difficulties are increasing and this can be a challenge.
The trend of IT / OT convergence, in addition to promoting the integration of IT tools with OT solutions, also requires the alignment of strategic objectives, collaboration and training; since some of the biggest differences between these environments are their genealogy and approach.
IT environments are very dynamic, so staff often worry about the confidentiality, integrity and availability of data. This is because for a long time IT was in the front line to identify, mitigate and report attacks, so the fluidity of the environment had to constantly evolve. As a result, these teams are often kept up to date on the latest trends and threats in this area.
On the other side, OT personnel work in an operating environment where stability, security, and reliability are top priorities. Their jobs involve maintenance of complex and sensitive areas, such as oil refineries, chemical plants, and public water supply services; which are full of legacy systems that were implemented decades ago and have not changed since. Their motto is: "If it works, don't change it."
IT personnel are generally used to working with the latest and greatest hardware and software, including the best security available to protect their networks. Meanwhile, OT staff are used to working with pre-internet technologies, often using proprietary network protocols lacking basic security controls such as authentication or encryption. They also have no event or audit logs. As a result, incident detection and response in an OT environment is very different from what occurs in an IT environment.
Regardless of the technology deployed and the mindset individuals are used to, IT and OT environments must come together to combat technology threats on both sides of the network, preventing an attack from one environment from attacking the other.
As stated above, IT and OT are intended to protect the organization, so there are key elements that establish a robust security posture for industrial security such as:
- The detection and mitigation of threats that combine behavioral anomalies with policy-based rules
- Asset tracking that includes inactive devices, and PLC backplane configurations
- Vulnerability management that tracks ICS device risk and patch levels, and scores them
- Configuration control that tracks all changes to code, operating system and firmware, whether they are made over the network or locally
- Business visibility to ensure that all collected data is integrated into a single dashboard
Another factor driving the IT / OT convergence trend is regulatory compliance. For example, the North American Electric Reliability Corporation (NERC) and the US Federal Energy Regulatory Commission (FERC) require that IT and operations personnel at critical infrastructure companies collaborate and manage risk in a cooperative, and share relevant documentation to ensure safety and reliability. In fact, regulations specifically demand an environment in which there is the ability to conduct forensic analysis across both networks, in order to identify, prevent and report incidents that may disable important industrial deployments and critical infrastructures. The union of IT and OT accelerates compliance with regulatory statutes, and the ability to proactively report on compliance, and to demonstrate it, greatly facilitates any potential audit.
Remember that the successful implementation of an industrial cybersecurity initiative must take advantage of both IT and OT resources. In order to bring together IT and OT staff and unify security thinking and practices, organizations must create a culture of collaboration between the two groups for the common good of the business. Some organizations begin by creating a role on the Board of Directors to facilitate convergence, closing the gap between IT and OT, bridging the cultural divide, and establishing incident response processes that span both groups.
Oversight at the business level and leadership from the Board of Directors help ensure that both parties collaborate effectively with each other. Creating an environment where people, processes and technologies intersect and unify both sides of the IT and OT dividing line. Whose benefits would be notable, for example:
- Improved security automation, detection and visibility
- Greater control over distributed operations
- Better compliance with regulatory requirements and their monitoring
- Greater response capacity when incidents occur and improvement of the organization's performance
- Making better decisions, based on more detailed information
- Proactive maintenance and reduction of response times to unforeseen interruptions
- Improved information flow to stakeholders
Knowing the benefits of the alliances between IT and OT will help your organization to prosper in adverse situations. It is time to converge to strengthen your cybersecurity.