Operational technology (OT) is the use of hardware and software to monitor and control physical processes, devices, and infrastructure. Operational technology systems are found across a large range of asset-intensive sectors. They are performing a wide variety of tasks ranging from monitoring critical infrastructure (CI) to controlling robots on a manufacturing floor.
OT is used in a variety of industries including manufacturing, oil and gas, electrical generation and distribution, aviation, maritime, rail, and utilities.
What is OT Security?
OT security is defined as the practices and technologies which are used to:
(a) protect people, assets, and information,
(b) monitor and/or control physical devices, processes and events, and
(c) initiate state changes to enterprise OT systems.
OT security solutions include a wide range of security technologies from next-generation firewalls (NGFWs) to security information and event management (SIEM) systems to identity access and management, and much more.
Traditionally, OT cyber security was not necessary because OT systems were not connected to the internet. As such, they were not exposed to outside threats. As digital innovation (DI) initiatives expanded and IT OT networks converged, organizations tended to bolt-on specific point solutions to address specific issues. These approaches to OT security resulted in a complex network where solutions could not share information and provide full visibility.
Often, IT and OT networks are kept separate which leads to duplicating security efforts and eschewing transparency. These IT OT networks cannot track what is happening throughout the attack surface.
Typically, OT networks report to the COO and IT networks report to the CIO, resulting in two network security teams each protecting half of the total network. This can make it difficult to identify the boundaries of the attack surface because these disparate teams do not know what is attached to their own network. In addition to being difficult to efficiently manage, OT IT networks leaves some huge gaps in security.
As FireEye explains its approach to OT security, it is to detect threats early using full situational awareness of IT and OT networks.
AN ENLIGHTENING NOTE ON OT SECURITY
In the attacks utilizing Industroyer and TRITON, the attackers moved from the IT network to the OT network through systems that were accessible to both environments. Traditional malware backdoors, Mimikatz extracts, remote desktop sessions and other well-documented, easily detected attack methods were used throughout these intrusions and found at every level of the IT, IT DMZ, OT DMZ and OT environments.
THAT'S WHY--
Defenders and incident responders in OT should focus much more attention on intrusion methods, or TTPs, across the attack lifecycle, because most of these are already present on what we can call “intermediary systems”. These are —predominately networked workstations and servers, and are using operating systems and protocols that are similar to or the same as those used in IT. These workstations and servers are used as stepping-stones by threat attackers to gain access to OT assets. This approach is effective because almost all sophisticated OT attacks leverage these systems as stepping stones to their ultimate target.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM