What is OT Security?
What is Operational Technology (OT)?
Operational technology (OT) is the use of hardware and software to monitor and control physical processes, devices, and infrastructure. Operational technology systems are found across a large range of asset-intensive sectors, performing a wide variety of tasks ranging from monitoring critical infrastructure (CI) to controlling robots on a manufacturing floor. OT is used in a variety of industries including manufacturing, oil and gas, electrical generation and distribution, aviation, maritime, rail, and utilities.
What is OT Security?
Gartner defines OT security as, “Practices and technologies used to (a) protect people, assets, and information, (b) monitor and/or control physical devices, processes and events, and (c) initiate state changes to enterprise OT systems.” OT security solutions include a wide range of security technologies from next-generation firewalls (NGFWs) to security information and event management (SIEM) systems to identity access and management, and much more.
Traditionally, OT cyber security was not necessary because OT systems were not connected to the internet. As such, they were not exposed to outside threats. As digital innovation (DI) initiatives expanded and IT OT networks converged, organizations tended to bolt-on specific point solutions to address specific issues. These approaches to OT security resulted in a complex network where solutions could not share information and provide full visibility.
Often, IT and OT networks are kept separate, duplicating security efforts and eschewing transparency. These IT OT networks cannot track what is happening throughout the attack surface. Typically, OT networks report to the COO and IT networks report to the CIO, resulting in two network security teams each protecting half of the total network. This can make it difficult to identify the boundaries of the attack surface because these disparate teams do not know what is attached to their own network. In addition to being difficult to efficiently manage, OT IT networks contain huge gaps in security.
What are the Components of Operational Technology?
Industrial control systems (ICS) are a main component of operational technology. ICS includes different types of devices, systems, controls, and networks that manage a variety of industrial processes. The most common are supervisory control and data acquisition (SCADA) systems and distributed control systems (DCS).
What is SCADA?
SCADA systems collect data from sensors, often at distributed sites and send it to a central computer that manages and controls the data. DCS are used to manage local controllers or devices of production systems in one location.
What are Industrial Internet of Things (IIOT) Devices?
The smallest components of operational technology are a diverse array of sensors, monitors, actuators, and other technologies that are deployed on or near OT equipment. This equipment is pervasive and includes generators, pipelines, fans, programmable logic controllers (PLC), remote processing units (RPU), industrial robots, etc. These sensors are examples of IIOT.
IT vs. OT?
It’s important to understand the difference between IT and OT because IT and OT are often confused. While operational technology controls equipment, information technology (IT), controls data. Specifically, IT focuses on securing confidentiality, integrity, and availability of systems and data.
What is IT-OT Convergence?
Digital innovation requires operational technology systems to interact with information technology systems. OT network components like control systems, SCADA, and industrial networks are being connected to IT network components such as processors, storage, and systems management. With IT-OT integration, the data collected by physical equipment and IIOT devices can be used to identify problems or increase efficiencies. Another example according to IDC, is that customer interaction and service case information typically found in a CRM application, when aligned to the customer experience, can then be used to make improvements in supply chain, operations, and product development.
However, connecting a previously air-gapped (not connected to the outside world) OT network to the internet via an IT network immediately exposes the OT network and all connected OT devices to the entire threat landscape. OT is generally not secure, since it was originally designed with the assumption it would not be exposed to threats. In addition, the rise of remote access to OT networks by third-party vendors further expands the attack surface and creates new vulnerabilities.
Effective OT Security is Not Negotiable
Operational technology is responsible for processes that if breached could impact outages of critical services that result in loss of life. Emergency services, water treatment plants, traffic management, and other critical infrastructure rely on operational technology solutions to operate correctly. Even a successful attack on OT organizations not responsible critical infrastructure can cause dire consequences. For example, a food production facility could ship unsafe food if safety checks are removed by a hacker.
While historically, cyber criminals have been primarily interested in stealing data, they are increasingly targeting OT networks as they recognize the potential for disruption due to inadequate OT security. They are developing more sophisticated and destructive attacks targeted specifically at operational technology companies.
OT organizations are aware of the danger. OT security professionals responded that risk is at critical levels in a recent survey by the SANS Institute. As corroboration, the Fortinet State of Operational Technology Report discovered that OT security risk is indeed a top concern—nearly 74% of OT organizations reported experiencing a malware intrusion in the past 12 months, causing damages to productivity, revenue, brand trust, intellectual property, and physical safety.
Choosing an OT Security Vendor: What to Look For
The industrial cybersecurity market, which includes ICS, network security, and other components of the converged IT-OT network, is estimated to reach more than $24 billion by 2023. It is a highly competitive and fast-growing area as OT systems are increasingly targeted by cyber-attacks.
According to a recent OT survey, 70% of OT organizations plan to roll OT security under the CISO in the next year (only 9% of CISOs oversee it currently), and 62% of OT security budgets are being increased.
When evaluating a security vendor, determine whether the vendor can offer solutions that will help OT companies achieve best practices for securing their networks. For converged networks, an ideal IT-OT security solution’s top five requirements are to:
Identify assets, classify them, and prioritize value
Segment the network dynamically
Analyze traffic for threats and vulnerabilities
Secure both wired and wireless access
For more details on OT security best practices, read the eBook.
The key is to make sure the solution can proactively limit risk in OT networks. While breaches cannot be stopped 100% of the time, they can be limited through network segmentation, detected faster through traffic analysis, and minimized in frequency through identity and access management, and wired and wireless access control. Following these best practices not only stops threats, but also greatly reduces the cost and potential downtime if an attacker is able breach an OT network.
Why OT Security is Critical: 3 Benefits of a Security Fabric
Securing converged OT-IT networks with a security fabric helps security leaders achieve the necessary visibility, control, and behavioral analytics they require. Since OT equipment and IIOT devices typically rely on traditional security, the network must be secured in a manner that ensures cyberthreats do not gain access to these devices. To achieve consistent, effective IT and OT security, a security fabric delivers:
Discover any device attached anywhere on the IT-OT network, determine the degree of trust, and continuously monitor behavior to maintain a level of trust. Define the attack surface and ensure active device and traffic profiling. Traffic visibility ensures actionable intelligence, and OT security teams can dictate allowed traffic, ports, protocols, applications, and services. Enforcement points within the environment ensure north-south and east-west protection.
Depend on each OT system and subsystem to do its job—and only its job. Multifactor authentication ensures the appropriate people have the appropriate assigned permissions and access. Network segmentation and micro-segmentation provide a layered and leveled approach with zones of control. Sandboxing detects threats on the OT network and automated quarantine prevents them from doing damage.
Continuous analysis of behaviors in OT networks helps teams learn what, where, when, who, and how by gathering intelligence about known and unknown threats. A central security tool helps with logging, reporting and analytics, and evaluates activity collected across the system. It also provides security information and event management, and security orchestration automation and response capabilities. OT security insights are gained via user and device behavior analysis and threat assessments ensure continuous protection.
Learn more about the Fortinet Security Fabric
How Fortinet OT Security Works
Fortinet provides a proactive and transformative approach to OT security with the Fortinet Security Fabric. Instead of disparate point products operating in silos, the Fortinet Security Fabric enables multiple OT security technologies to work together across IT and OT environments. With full integration and shared threat intelligence, operational technology organizations gain fast, automated responses to attacks in any vector. One solution covers the entire converged IT-OT network to close OT security gaps, deliver full visibility, and provide simplified management.
The Fortinet Security Fabric delivers all network security controls required to cover the converged IT OT network across all attack vectors.
Why Fortinet for OT Security?
Fortinet is the only vendor that can deliver a true integrated Security Fabric that covers the OT security best practices and requirements for the entire converged OT-IT network. Fortinet has a strong track record protecting critical infrastructure, and ruggedized FortiGate NGFWs are built to secure sites with extreme heat, cold, vibration, and electrical interference. Fortinet’s proven and award-winning network security solutions for operational technology include:
- Next Generation Firewall (NGFW) - See Top Products
- Wireless Security | WLAN products
- Security Management and Analytics | Fortinet
- User and Entity Behavior Analytics (UEBA) Security Solutions | Fortinet
- FortiGuard Industrial Security Services to police ICS/SCADA protocols
- Ethernet Switches - Commercial & Enterprise Ethernet Solutions
- FortiDeceptor: Deception-based Breach Protection Overview