The five foundations for strong OT security

IT / OT convergence unlocks Industry 4.0 benefits, but it’s risky without understanding OT security.

The five foundations for strong OT security

IT / OT convergence unlocks Industry 4.0 benefits, but it’s risky without understanding OT security.

Richard Bainbridge
Richard BainbridgeGeneral Manager, Cyber-security Portfolio

Integrating Information Technology (IT) and Operational Technology (OT) systems is the key to unlocking digitalisation and harnessing the benefits of Industry 4.0.

It lets manufacturers make real-time decisions driven by OT data and business insights. This insight helps organisations compete and meet rising customer expectations in today’s fast-moving market.

While plenty of quick wins can be made, a strategic IT / OT convergence approach is essential. By connecting standalone OT equipment and IoT devices to the business’s IT infrastructure and internet, manufacturers create a massive attack surface for cyber-criminals to exploit. Manufacturers must overcome these difficulties and put a robust security strategy in place. Otherwise, in this connected ecosystem, a single threat can take down operations across the entire business.

Preparing a secure foundation for digitalisation

Manufacturers can ensure the security of their systems and pave the way for a successful digital transformation by following these five steps:

1. Identify a cross-organisation committee of relevant experts

OT security shouldn’t happen in isolation. Because IoT solutions often introduce IT-like attributes into OT operations, the knee-jerk reaction is simply to pass OT responsibility onto the Chief Information Security Officer (CISO). 70% of European organisations have already done this, but it isn’t necessarily the right approach, as often the budget and people responsibility stays with the plant manager.

Instead, CISOs need to build trust that they can handle the security aspect of plant operations while not impacting operations. Security is more robust if a cross-organisation committee of relevant experts from both IT and OT teams put their heads together and develop overarching security policies. By bridging the divide between siloed teams, there’s less risk of cyber-criminals exploiting gaps in your security.

2. Baseline existing OT security maturity and networked devices

Typically, OT infrastructure wasn’t designed with security in mind. With lifespans of 20-30 years, devices often run on old operating systems that are difficult, even impossible, to patch. Connecting these systems to your wider network adds complexity to your security processes.

A cyber-maturity assessment takes stock of your OT environment and current security maturity and can help identify critical vulnerabilities and unknown connections before they cause any damage.

3. Plug immediate critical holes and segment your network

Perimeter defences and air gaps are no longer enough to secure the OT environment. Once an attacker breaches, they can move around within the network freely. Segmentation barriers, like a firewall or a de-militarised zone (DMZ), prevent this from happening – bolstering security so network segments can be individually controlled, monitored and protected from malicious actors. As OT networks become increasingly connected, this first step is vital to plug any obvious holes and keep OT operations secure.

4. Create visibility of the OT network with an OT security platform

Effective security is grounded in visibility. Without oversight of the entire network, manufacturers risk leaving a door wide open to criminal actors. You should deploy a dedicated OT threat management solution, to map your OT environment and baseline your OT processes. This increases transparency and highlights vulnerabilities within your equipment.

Whereas traditional IT asset discovery tools can adversely affect OT devices, modern scanning methods avoid this by using passive detection and actual Industrial Control Systems (ICS) protocol requests to collect detailed information from your assets. By turning the platform to protect mode, system alerts warn about security threats and any process anomalies that might otherwise go undetected.

5. Standardise security policy and capabilities across individual sites

As individual manufacturing plants have operated in silos for so long, it’s not uncommon to see different policies and security infrastructure across different sites. A proactive and integrated security approach covering IT and OT is the best way to create a standardised security policy and a unified threat response.

This process should begin with creating a DMZ and appropriate firewalls, before creating visibility using detection platforms that scan for vulnerabilities, access, and threats. From here, deeper segmentation should be created before integrating security outputs into a single Security Operations Centre.

We are a trusted partner with a wealth of experience

We’ve been delivering cyber-security services to nation-states and blue-chip organisations for over 70 years. Our Security Advisory Services help organisations assess and test their defences at all stages of their security journey. We can help organisations select the solutions that best match their security needs by combining head office and plant management insights to navigate the IT / OT divide.

Our Operational Technology Threat Management and Managed Security services cover a range of security controls, with solutions selected from market-leading vendors. We can also provide integrated IT / OT Security Operations Centre services to give you a single pane of glass view over your entire IT and OT estate.

To find out more about how we can make your journey from standalone OT to Industry 4.0 safer, read our whitepaper, Industry 4.0: Solving the conundrum of connectivity and security