The Impact of Digital Transformation on Operational Technology Security – Part 1
As industrial sectors such as energy, oil and gas, and manufacturing are rapidly digitizing their operations to remain competitive, executives are focusing on enterprise-wide cybersecurity.
Converging IT and operational technology (OT) puts many systems such as safety instrumented systems (SIS), water flow meters and hydraulic pumps, as well as vital information stored in data lakes, at risk of being exploited by threat actors.
According to the SANS 2021 OT/ICS Cybersecurity Survey, 70 percent of respondents rated the risk to OT environments as high or severe, up from 51 percent in 2019. Even more alarming, almost half (48 percent) of all respondents did not know if their organization had been compromised in the past year. While IT breaches typically garner more headlines, OT breaches can be far more critical, with the potential for successful attacks resulting in physical injury, harm or even death.
In this three-part blog series, we will outline a digital transformation journey that different organizations are undertaking and provide a blueprint for businesses to incorporate OT and IoT security into the mix. This blog introduces the important first steps in gaining visibility into and protecting assets and networks. In parts two and three, we will go into more detail on how to build a resilient cybersecurity posture for organizations with industrial control systems.
You Can’t Manage OT Assets You Can’t See
Organizations often focus on three key steps when going through digital transformation.
- Identifying and protecting ‘Critical Assets’
- Preparing a holistic cybersecurity transformation with a focus on IT/OT SOC integration
- Improving operational efficiency and taking measured steps towards preventive maintenance
Since we cannot manage what we cannot see, protecting and gaining visibility into the assets and networks that matter most (‘Critical Assets and Systems’) is the most important first step. Organizations often face challenges in this area as they begin their digital transformation journey. For example:
IT teams tend to have visibility into IT assets that are centrally managed in data centers, but struggle to get a real-time view of OT assets. The nature of OT is that its assets can span a wide geographic area, making it difficult for operators to easily identify and secure their critical assets.
OT environments often consist of legacy equipment that can be sensitive to many types of network traffic. In some cases, widely deployed IT solutions can slow down the devices that keep the plant running securely. Even pinging or scanning inadequate devices for vulnerabilities has caused major outages. With these risks, facility managers are wary of using unproven solutions in their facilities.
OT cyberattacks have additional subtleties related to typical IT incidents. Some are cases where the incident may be accidental, such as a misconfigured device. Other threats may involve specialized protocols whose communications cannot be assessed by IT security tools.
How OT and IoT Security Aligns with the Digital Transformation Journey
To address these challenges, organizations should choose an OT and IoT security and visibility solution – a cyber solution built specifically for OT environments.
Solution:
- Provide comprehensive OT network visualization and asset inventory without risk to the industrial process. Asset inventory capabilities can identify characteristics such as device type and manufacturer, while network visualization can help quickly identify micro-segmentation requirements and provide a more comprehensive view of the topology.
- Get superior real-time OT and IoT threat monitoring that reduces average detection and response time. Artificial Intelligence (AI) and machine learning can identify and alert operators to known threats and abnormal events. Machine learning algorithms are based on critical assets and operational situations, so even unknown activities are detected. An example is the identification of unauthorized operational behaviors that can affect operations, e.g. online edits of PLC actions such as start and stop.
- Commission quickly and easily with mature technology certified to ISO 9001.
In a nutshell, the first steps of taking a snapshot of the moment and asset mapping help security and operations personnel gain real-time visibility into their environment, improve threat detection and often meet audit and compliance requirements. As organizations digitize, they can use cybersecurity technology to strengthen their security posture, advance their cybersecurity maturity and optimize their environments for reliability and cost efficiency.
Stay tuned for parts two and three of this blog series on building cyber resilience as we go through digital transformation.