Operational technology (OT) systems manage a wide range of industrial control systems that are targets of terrorists and saboteurs. Unlike IT systems developed to safely connect to the outside world, OT systems were designed to operate in a virtual vacuum, making them vulnerable to external threats.
Much of the OT in use today was designed when network connectivity was limited and operational activities were concentrated at a few locations. From the beginning, the isolation of OT was a security feature. Like a person born without an immune system, OT existed and functioned in a bubble.
That bubble is threatening to burst. As agencies pursue efficiency, OT and information technology (IT) networks are converging. Ramping up the use of automation and remote monitoring of geographically distributed OT systems increases cyber vulnerability. Deploying Internet of Things (IoT) devices — cameras, thermal imaging systems, thermostats — further increases the security risk to OT systems.
The goal for agencies is to balance the benefits of OT, IoT and IT through convergence and connectivity without compromising the security of infrastructure.
For that to happen, agencies must redouble efforts to protect and monitor systems that have unique requirements, limitations, vulnerabilities and security risks. The Biden administration has made that a priority, incorporating OT into the May 12, 2021 executive order on cybersecurity.
Consider a typical use case for improving cybersecurity in converged OT-IT-IoT environments.
The OT of a critical water treatment plant using a SCADA system that oversees numerous individual distributed control systems. To allow logging data from OT devices such as programmable logic controllers and human-machine interfaces, for example, to be aggregated in an enterprise data platform, network operators establish communication between OT and IT environments.
Cameras and thermal imaging systems are deployed to detect fire hazards and electrical faults. The IoT devices are managed in the cloud.
There are three main challenges:
- Lack of visibility into the OT environment
- A new requirement to monitor traffic to the cloud
- New vulnerabilities for the OT system
Solutions to the first and second challenges include tapping into switches carrying data between PLCs and HMIs over ethernet. Deploying containerized software on edge compute devices allows operators to view the industrial IoT and to monitor cloud traffic.
Agencies can address the third concern by efficiently delivering network traffic (whether on-premises or in the cloud) to the correct tools, passively monitoring data packets to identify systems, account for vulnerabilities and address malicious or abnormal traffic.
This article is an excerpt from GovLoop’s recent report, “You Can’t Secure What You Can’t See: Cybersecurity in a Converged IT/OT/IoT Environment.” Download the full report here.