Operational Technology, or OT, including SCADA (supervisory control and data acquisition) and ICS (industrial control systems), is a system of hardware and software designed to monitor and/or control the physical devices, processes, and events used in the production and operations segments of businesses and organizations, including critical infrastructure (CI). OT networks play a critical role in things like production, manufacturing, defense and emergency, food and agriculture, and financial systems. These systems are traditionally kept separate from IT networks, and are often owned, managed, and operated by a different team.

 

OT devices and networks can be deployed anywhere – inside a manufacturing floor, distributed across a chemical processing plant, or out in the arctic monitoring oil and gas pipelines. These OT systems often perform simple yet essential tasks, such as monitoring a valve and shutting it off when a certain value is triggered. As a result, they can perform their tasks with little change for years. Which also means they sometimes run on aging operating systems and obsolete hardware using home grown applications. Since the goal for an OT system is to run exactly as designed, even patches are only applied if they do not hinder the process of the OT system.

 

But because these OT architectures run on a separate and isolated infrastructure, until recently they have been traditionally isolated from the Internet. One of the reasons for this is because these systems are often tasked with monitoring and managing the highly sensitive processes associated with critical infrastructure. The other is that these systems can be notoriously delicate. Something as benign as an active system scan can cause these devices to fail. And any failure or compromise can have serious if not catastrophic results.

 

However, new requirements, such as connected power grids, active inventory control, smart environmental control systems, just in time manufacturing, and interactive systems tied to Big Data have begun to change all of that.

 

In addition, companies are looking for productivity improvements and cost savings by implementing such changes as optimizing plant operations, deploying a more flexible operating environment, or establishing a more proactive inventory control system that requires real time online data.  As a result, many of today’s OT systems are transited or tunneled over corporate networks, leverage common internet protocols, run on general-purpose hardware and mainstream operating systems, and are increasingly connected via wireless technologies.

 

These critical infrastructure systems are also increasingly targeted by cybercriminals, with a reported 51% of critical infrastructure enterprises reporting an OT/SCADA/ICS security breach within the past 12 months.

 

As a result, Presidential Policy Directive 21 has established a national policy on critical infrastructure security and resilience for the following sixteen sectors:

 

Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, the Defense Industrial Base, Emergency Services, Energy, Financial Services, Food and Agriculture, Government Facilities, Healthcare and Public Health, Information Technology, Transportation Systems, Water and Wastewater Systems, and Nuclear Reactors, Materials, and Waste.

 

Targeting and taking out a critical infrastructure system has huge appeal for many cybercriminals, especially cyberterrorists or criminal organizations. Motivations include holding systems hostage for a ransom, stock price manipulation (short sell, attack, and reap a “clean” profit), denial of asset or production for strategic or tactical reasons, political awareness or impact, or corporate malfeasance (illegal competitive action).

 

Unfortunately, not only are many of these now-connected systems quite vulnerable to compromise, unlike IT networks, a failure in one of these sectors also has the possibility of causing a catastrophic event affecting both human life and property. The consequences of a successful attack can lead to the disruption, and even destruction of physical assets and essential services like water, electricity, and fuel.

 

As the utility, oil and gas, transportation, and manufacturing sectors increasingly adopt connected control systems and Industrial IoT devices, the CI attack surface is rapidly growing. The connected nature of these devices and systems poses serious challenges as they begin to utilize traditionally IT owned network infrastructure, wireless access points, and mobile networks. At the same time, the specialized nature of OT infrastructure technologies means that most IT security and threat intelligence solutions don’t have visibility into, let alone the ability defend against attacks on critical infrastructures.

 

While securing OT systems requires an integrated approach similar to IT, its objectives are inverted, with availability being the primary requirement, followed by integrity and confidentiality. OT systems are necessarily focused on delivering a particular essential service, such as electricity or water, or maintaining safety systems at chemical plants or dams, and cannot afford to be disrupted even momentarily. Conversely, IT systems are primarily focused on the collection, correlation, and distribution of data, with a primary focus on protecting confidential or personally identifiable information or trade secrets.
Addressing the requirements of an OT network requires an integrated approach comprised of the following elements:

  • Segmentation and Encrypted Communications: Perimeter security alone is inadequate. Security needs to be driven deep into the OT infrastructure, segmenting systems and devices, actively monitoring east-west traffic, and isolating compromised devices. In addition, applications and data should be encrypted in order to prevent the injection of malware into that traffic.
  • Access Control: Access to OT devices needs to be strictly managed and monitored for devices, users, applications, and protocols.
  • Secure Wireless Access: Industrial IoT (IIoT) devices communicate using a wide variety of communications protocols. Securing Wi-Fi connections only solves part of the problem. There are now thousands of vendors building IoT devices using a wide variety of connectivity and communications technologies in addition to Wi-Fi, including Bluetooth, NFC, Zigbee, and RFID. And this doesn’t include IoT devices hardwired into the network behind the firewall. Security resources need to be committed to identifying, segmenting, and securing these connections.
  • Vulnerability and Patch Management: With availability as a primary concern for OT networks and devices, patch management has historically not only been overlooked, but actively avoided. Operators may specifically decide not to patch systems that are operational and cannot afford to be taken offline for an update. But as these devices are connected to the IT network and Internet, this approach can no longer remain the status quo. Cybercriminals target known vulnerabilities, so tracking devices and vulnerabilities and implementing an aggressive patch and replace program is essential. For systems that cannot tolerate any down time, it is critical to deploy redundant, active-active devices, alternate data routes, or strict segmentation and active signature and behavioral-based security to protect unpatchable devices.
  • Behavioral Analytics and tracking: Advanced threats require more than passive security systems, especially when protecting critical infrastructure. Fortunately, the behavior of most OT systems can be pretty easily defined, which means that unusual or aberrant behavior should be likewise relatively easy to detect and block with a UEBA (user and entity behavior analytics) system in place.
  • Ruggedized devices: Traditional OT devices are often required to operate in industrial environments, exposed to extremes in temperature, weather, vibration, and impact. As IT and IoT devices are introduced to this environment, it is critical that organizations select those devices that have been tested and rated to function in extreme settings. The same is true for the security technologies used to protect OT devices and networks.
  • Deep Packet Inspection: Malware is increasingly successful at hiding and obfuscating attacks inside applications and data. Given the sensitive nature of industrial control systems (ICS) and the potential for devastating results should they be compromised, it is essential that organizations implement a combination of signature- and protocol/behavioral-based inspection of traffic traveling to, from, and between OT systems to prevent the abuse of particular industrial protocols. Such an approach is also better suited to the OT environments as it can provide protection critical protections without requiring frequent updates.

 

The transition to hyperconnected networks, such as smart cities and connected utility services, is driving the convergence of IT, OT, and IoT networks. To successfully defend these integrated networks, organizations need an architecture that scales across the entire infrastructure to provide unified visibility and control, distributed segmentation, and integrated protection. Protecting and defending today’s critical infrastructures requires a single, unified approach that integrates security solutions into an interactive Security Fabric capable of adapting to and spanning distributed IT environments, while simultaneously providing the advanced capabilities needed to defend their critical OT infrastructure.


RECOMMENDED ARTICLE FOR TECHWORLD


 
May landline ka pa ba? Here are four reasons you still need a landline at home.
Techworld Date Posted: 20 February 2019 1:34 PM | 186 Views
For today’s digitally savvy netizens, the landline is as ‘old school’ as it gets. It represents a time that an older generation now look back on with fondness —operator-assisted long-distance calls, ‘Hello, party.... See More
 
May landline ka pa ba? Here are four reasons you still need a landline at home.
Techworld Date Posted: 1:34 PM | 186 Views
For today’s digitally savvy netizens, the landline is as ‘old school’ as it gets. It represents a time that an older generation now look back on with fondness —operator-assisted long-distance calls, ‘Hello, party...See More

 
Aruba Modernizes Network Security to Help Businesses Reduce Risk in the Era of Mobile, Cloud and IoT
Techworld Date Posted: 23 September 2017 1:04 PM | 351 Views
Aruba, a Hewlett Packard Enterprise company (NYSE:HPE), today announced the Aruba 360 Secure Fabric, a security framework that provides 360 degrees of analytics-driven attack detection and response to help organizations reduce risk in today's.... See More
 
Aruba Modernizes Network Security to Help Businesses Reduce Risk in the Era of Mobile, Cloud and IoT
Techworld Date Posted: 1:04 PM | 351 Views
Aruba, a Hewlett Packard Enterprise company (NYSE:HPE), today announced the Aruba 360 Secure Fabric, a security framework that provides 360 degrees of analytics-driven attack detection and response to help organizations reduce risk in today's...See More

 
Reward Yourself This Payday with Nokia Mobile’s Weekend Promos
Techworld Date Posted: 15 March 2019 4:47 PM | 35 Views
HMD Global, the home of Nokia phones, today announced its latest offering for Nokia fans, just in time for the payday weekends this March.. See More
 
Reward Yourself This Payday with Nokia Mobile’s Weekend Promos
Techworld Date Posted: 4:47 PM | 35 Views
HMD Global, the home of Nokia phones, today announced its latest offering for Nokia fans, just in time for the payday weekends this March.See More

 
Dreading Wi-Fi Deadspots? Here Are 5 Quick Hacks!
Techworld Date Posted: 16 October 2018 3:31 PM | 31 Views
In a world where our favorite videos, music, and games are just right at our fingertips, files can be shared in an instant, and our loved ones are just a chat or video call.... See More
 
Dreading Wi-Fi Deadspots? Here Are 5 Quick Hacks!
Techworld Date Posted: 3:31 PM | 31 Views
In a world where our favorite videos, music, and games are just right at our fingertips, files can be shared in an instant, and our loved ones are just a chat or video call...See More

 
The Lowdown on the Philippine ID System What Filipinos Need to Know
Techworld Date Posted: 21 September 2018 9:19 AM | 246 Views
The majority of modern nations implement a national ID system to achieve greater efficiency in the provision of services. Many of these nations, however, continue to struggle with the competing interest of personal privacy..... See More
 
The Lowdown on the Philippine ID System What Filipinos Need to Know
Techworld Date Posted: 9:19 AM | 246 Views
The majority of modern nations implement a national ID system to achieve greater efficiency in the provision of services. Many of these nations, however, continue to struggle with the competing interest of personal privacy....See More

 
AKAMAI POSITIONED IN LEADERS QUADRANT OF GARTNER MAGIC QUADRANT FOR WEB APPLICATION FIREWALLS
Techworld Date Posted: 24 August 2017 10:38 AM | 30 Views
Akamai Technologies, Inc. (NASDAQ: AKAM), the world's largest and most trusted cloud delivery platform, today announced it has been acknowledged by Gartner, Inc. in the "Leaders" quadrant of the "Magic Quadrant for Web Application.... See More
 
AKAMAI POSITIONED IN LEADERS QUADRANT OF GARTNER MAGIC QUADRANT FOR WEB APPLICATION FIREWALLS
Techworld Date Posted: 10:38 AM | 30 Views
Akamai Technologies, Inc. (NASDAQ: AKAM), the world's largest and most trusted cloud delivery platform, today announced it has been acknowledged by Gartner, Inc. in the "Leaders" quadrant of the "Magic Quadrant for Web Application...See More

 
Data for Nothing: Fraudsters Use Fake Gift Cards to Lure Consumers into Handing Over Personal Data
Techworld Date Posted: 23 July 2018 2:37 PM | 542 Views
Kaspersky Lab experts have discovered the distribution of an unusual fraudulent scheme that tricks users into parting with their time and their data, for no return.. See More
 
Data for Nothing: Fraudsters Use Fake Gift Cards to Lure Consumers into Handing Over Personal Data
Techworld Date Posted: 2:37 PM | 542 Views
Kaspersky Lab experts have discovered the distribution of an unusual fraudulent scheme that tricks users into parting with their time and their data, for no return.See More

 
Kris Aquino, Bimby Give Three-Part Exclusive Tour of PLDT Home Fibr-Powered Home
Techworld Date Posted: 3 January 2018 2:26 PM | 523 Views
PLDT Home Ambassador and Queen of all Media Kris Aquino gave her viewers a treat this Christmas season through an exclusive corner-to-corner tour of her new, PLDT Home Fibr-powered home in Quezon City.. See More
 
Kris Aquino, Bimby Give Three-Part Exclusive Tour of PLDT Home Fibr-Powered Home
Techworld Date Posted: 2:26 PM | 523 Views
PLDT Home Ambassador and Queen of all Media Kris Aquino gave her viewers a treat this Christmas season through an exclusive corner-to-corner tour of her new, PLDT Home Fibr-powered home in Quezon City.See More

 
Kaspersky Lab Teams Up with Cybersecurity Pros to Secure the Future of the Security Industry with SAS Unplugged
Techworld Date Posted: 29 March 2019 5:16 PM | 27 Views
In an effort to give back to the security research community, global cybersecurity company Kaspersky Lab is announcing the introduction of the newest component of its annual Security Analyst Summit (SAS) that aims to.... See More
 
Kaspersky Lab Teams Up with Cybersecurity Pros to Secure the Future of the Security Industry with SAS Unplugged
Techworld Date Posted: 5:16 PM | 27 Views
In an effort to give back to the security research community, global cybersecurity company Kaspersky Lab is announcing the introduction of the newest component of its annual Security Analyst Summit (SAS) that aims to...See More

 
Grade School Students, Big Winner in Power Mac Center App Contest
Techworld Date Posted: 27 February 2019 3:51 PM | 33 Views
A game app that will help toddlers and grade school students build their passion for learning bagged the grand prize in Power Mac Center’s recently concluded “emPOWER UP! Design a Better World: App Development.... See More
 
Grade School Students, Big Winner in Power Mac Center App Contest
Techworld Date Posted: 3:51 PM | 33 Views
A game app that will help toddlers and grade school students build their passion for learning bagged the grand prize in Power Mac Center’s recently concluded “emPOWER UP! Design a Better World: App Development...See More


Power by

Download Free AZ | Free Wordpress Themes