Blog · 03 Mar 2022

The five foundations for strong OT security

IT / OT convergence unlocks Industry 4.0 benefits, but without a good understanding of OT security, it’s a risky endeavour.

Richard Bainbridge
General manager, cyber security portfolio

Integrating IT and OT systems is key to unlocking digitalisation and harnessing the benefits of Industry 4.0.

It gives manufacturers the power to make real-time decisions that are driven by both OT data and business insights. And in today’s fast-moving market, this insight is vital to help organisations meet rising customer expectations and market competition head on.

While there are plenty of quick wins to be made, a strategic approach to IT / OT convergence is essential. By connecting standalone OT equipment and IoT devices to the business’ IT infrastructure and internet, manufacturers create a massive attack surface for cybercriminals to exploit. It’s vital manufacturers overcome these difficulties and put a robust security strategy in place, otherwise, in this connected ecosystem, a single threat can take down operations across the entire business.

Here are five steps manufacturers can take to protect their operations and create a secure foundation for digitalisation:

1. Identify a cross-organisation committee of relevant experts

Securing OT shouldn’t happen in isolation. Because IoT solutions often introduce IT-like attributes into OT operations, the knee-jerk reaction is to simply pass OT responsibility onto the CISO. This is something 70% of European organisations have already done, but it isn’t necessarily the right approach, as often the budget and people responsibility stays with the plant manager. Instead, CISOs need to build trust that they can handle the security aspect of plant operations while not impacting operations. Security is more robust if a cross-organisation committee of relevant experts from both IT and OT teams put their heads together and develop overarching security policies. By bridging the divide between siloed teams, there’s less risk of cyber criminals exploiting gaps in your security.

2. Baseline existing OT security maturity and networked devices

Typically, OT infrastructure wasn’t designed with security in mind. With lifespans of 20-30 years, devices often run on old operating systems that are difficult, even impossible, to patch. Connecting these systems to your wider network adds complexity to your security processes. A cyber maturity assessment takes stock of your OT environment and current security maturity and can help identify critical vulnerabilities and unknown connections before they cause any damage.

3. Plug immediate critical holes and segment your network 

Perimeter defences and air gaps are no longer enough to keep the OT environment secure. Once an attacker breaches, they’re able to move around within the network freely. Segmentation barriers, like a firewall or a de-militarised zone (DMZ), prevent this from happening – bolstering security so segments of the network can be individually controlled, monitored and protected from malicious actors. As OT networks become increasingly connected, this first step is vital to plug any obvious holes and keep OT operations secure.

4. Create visibility of the OT network with an OT security platform

Effective security is grounded in visibility. Without oversight of the entire network, manufacturers risk leaving a door wide open to criminal actors. Deploying a dedicated OT threat management solution to map your OT environment and baseline your OT processes increases transparency and highlights vulnerabilities within your equipment. Whereas traditional IT asset discovery tools can adversely affect OT devices, modern scanning methods avoid this by using passive detection and actual ICS protocol requests to collect detailed information from your assets. By then turning the platform to protect mode, system alerts give warnings about both security threats and any process anomalies that might otherwise go undetected.

5. Standardise security policy and capabilities across individual sites

As individual manufacturing plants have operated in silos for so long, it’s not uncommon to see different policies and security infrastructure across different sites. A proactive and integrated security approach covering both IT and OT is the best way to create a standardised security policy and a unified threat response. This process should begin with the creation of a DMZ and appropriate firewalls, before creating visibility using detection platforms that scan for vulnerabilities, access, and threats. From here, deeper segmentation should be created before integrating security outputs into a single Security Operations Centre.

We are a trusted partner with a wealth of experience

We’ve been delivering cybersecurity services to nation states and blue-chip organisations for over 70 years. Our Security Advisory Services help organisations at all stages of their security journey to assess and test their defences. And we can help organisations select the solutions that best match their security needs by combining insights from both head office and plant management to navigate the IT / OT divide.

Our Operational Technology Threat Management and Managed Security services cover a range of security controls, with solutions selected from market-leading vendors. We can also provide integrated IT / OT Security Operations Centre services to give you a single pane of glass view over your entire IT and OT estate.

To find out more about how we can make your journey from standalone OT to Industry 4.0 safer, read our whitepaper ‘Industry 4.0: Solving the conundrum of connectivity and security’

Contact