Since the late 1990s and early 2000s manufacturing networks, also referred to as operational technology (OT), and Enterprise (IT) systems lived in their own, different domains, OT term was a way to distinguish the technologies and systems used to control physical processes in industrial settings from the more traditional Information Technology (IT) used in office environments.

IT systems usually completely depend on standard Internet protocols like Ethernet, IP, and TCP/UDP. OT networks utilize various types of Fieldbus networks such as PROFIBUS, Modbus, PROFINET, Ethernet/IP, and several vendor-specific solutions.

Since OT & IT have quite different requirements from the network, as a result, production engineers from the OT and IT engineers have adopted distinct approaches, methods, and priorities.

However, the areas of IT and OT seem to converge technically since the advent of the Industrial Internet of Things (IIoT), industrial systems have been integrating traditional IT components (Microsoft Windows, Ethernet, IETF, TCP/ IP, etc.) into their ICS networks.

Hence, while protocols change to standard Internet technologies and channels open up for Internet protocols. The consequences are obvious. The new quality of information transparency and digital opening of Industrial Control Systems raises numerous issues concerning systems' cyber security.

OT SYSTEMS ARE NOT DESIGNED TO FIGHT AGAINST MALICIOUS ACTIVITY!

The occurrence of cyber-attacks on OT systems is on the rise due to various factors, including:

·     Intellectual property theft

·     Industrial sabotage

·     Denial of service or manipulation of processes in industrial installations

The OT cyber-attacks significantly harm the company’s operations, production tools, production output, or even its employees or customers. These events will have a material impact on the physical world.

As a consequence, the security situation in OT networks changes significantly. But how are our manufacturing organisations actually positioned to meet this challenge?

Implementing OT security brings up a lot of questions that Organizations need to resolve, such as:

1.    Are you using the Purdue model that provides framework of Network Segmentation?

The Purdue Model emphasises dividing the OT network into hierarchical levels or zones, such as the enterprise zone, site zone, area zone, and cell zone. Each zone has specific security controls and limited access, reducing the attack surface and limiting the impact of potential cyber-attacks.

Firewalls, network segmentation, and demilitarized zones (DMZ) are used to enforce these security zones and restrict unauthorized communication between different levels of the network.

With the advent of more intelligent IoT devices in the lower layers that generate actionable data for applications that may reside in any model or Public cloud layer, organisations need to go beyond just deploying firewalls to build an industrial DMZ. While Purdue framework is a necessary architecture, more needs to be done to secure your OT assets.

2.    Are you using a Zero-trust security framework?

According to this model, no user or ICS device can be inherently trusted, whether inside or outside the perimeter, until trust can be established. Once established, each endpoint should be provided only the minimum level of access that it needs to adequately perform its job, it should be monitored for any signs of compromise, and mitigation should be performed if any anomalous behavior is detected.

3.    How do you identify what is connecting to your network?

4.    How do you provide remote access to your OT environment?

5.    Can you monitor integrity of your industrial processes?

6.    And finally, how do you stop a threat when one has been identified and restore the secure working environment?

Thank you for taking the time to review our probing questions, these questions may have raised important issues that your organisation may also be facing. If you are interested in discussing potential solutions further, write to us at: contact.us@velocis.in

We would be more than happy to set up a meeting or call to discuss these matters in more detail.