In the face of digital transformation, security has emerged as the domain that is suffering the most. New digital environments are highly elastic and in a constant state of flux, which means that traditionally static security solutions must become flexible and dynamic. As workflows and transactions flow between different environments, traditionally isolated security tools now need to seamlessly handle protocols so that data and OT-unique resources are consistently protected regardless of where in the converged network infrastructure they reside.
Nowhere is this challenge more apparent than in the effort to converge IT networks and digital transformation strategies with OT environments. Convergence enables an organization’s production arm to respond to new opportunities in areas such as on—demand manufacturing, just—in—time inventory, remote monitoring, process orchestration and management.
Despite all of the IT/OT convergence strategy advantages, there remain two primary challenges: technology and language.
Resolving IT and OT Technology Differences
From a technology standpoint, OT and IT networks certainly pose unique challenges. For example, the real-time nature of OT is absolute. OT systems and processes cannot withstand latency. Highly sensitive equipment might be monitoring a thermostat on a boiler filled with thousands of gallons of caustic chemicals or managing a complex, highly automated manufacturing floor. These OT environments can't afford the kinds of delays or downtime that typically occur when enforcing an IT strategy that updates or patches systems as a matter of routine.
Another challenge is the relative age and sensitivity of OT equipment. IT devices are typically refreshed every three to five years, if not sooner. OT devices, on the other hand, may remain in place, running the same application and operating system, for decades. Thus, many of these devices are still vulnerable to older exploits, many of which are still circulating in the wild. The primary reason they have been somewhat protected from IT—oriented attacks is that the OT networks depended upon an air gap—they weren't directly connected to any IT systems or public—facing networks.
Overcoming the IT/OT Language Barrier
Transitioning OT networks with new connected technologies, Wi-Fi-enabled IoT devices, and dynamic protocols is a daunting task. In addition, integrating systems with different priorities and requirements can create barriers that derail convergence efforts just as technology issues can.
The underlying structures of IT and OT teams are entirely different, and it all stems from how they define and balance risk. From an IT standpoint, risk mitigation is accomplished by ensuring the confidentiality and integrity of data. The third tier of the CIA model, availability, while essential, is a distant third-level priority in the service of confidentiality or integrity. Systems are regularly taken offline for patching and updating, and traffic may need to be slowed so it can be appropriately encrypted and inspected.
OT domain system managers, whether technologists or organizational leaders, have a different value system. Their top priority is keeping complex integrated systems safe and available. Shutting down a manufacturing floor for a critical security upgrade can cost an organization millions in lost revenue. In fact, in many instances, it simply may not be permissible to shut down an OT system without extensive planning or a condition that threatens safe operations. Massive energy turbines, manufacturing furnaces, chemical production or energy transmission can’t tolerate disruption for even a few seconds, as the consequences can be severe—even life-threatening.
In the OT world, availability and the safety of workers, citizens and systems via continuous process integrity for operations are the highest priorities. Integrating new IT systems that may be susceptible to botnets or malware, or exposing legacy OT systems to new exploits, runs counter to the primary objectives of any OT leader. Clearly, OT process integrity runs a close second to safety to ensure that systems perform as expected. On the other hand, confidentiality, which was the number one priority for IT, comes in as a distant third in favor of safe and continuous OT operations.
Finally, as with patching, IT systems need to be tested and audited on a regular, scheduled and mandated basis. Breaking regulations carries penalties and fines, and systems and protocols need to be regularly analyzed for compliance. OT systems, however, have routinely been excluded from such processes, though new and emerging regulations may change that.
How to Begin
The journey to accomplish security in an OT environment is not a tactical afterthought, to avoid security gaps and bottlenecks that can expose networks and data to confidentiality and integrity risks.
Rather than simply integrating an next-generation firewall or intrusion prevention system and calling it a day, OT engineers need to start with a careful analysis and inventory of devices and workflows. The network needs to be redesigned to accommodate segmentation, so new connected IoT devices are isolated from the more sensitive traditional OT devices, and management and communications protocols are isolated from device and user interfaces.
Most OT teams faced with IT convergence requirements realize that they've inherited many problems as digital transformation exponentially expands their attack surface. They now have to address a broader array of adversarial driven interests like extortion, industrial espionage, the loss of intellectual property and even industrial sabotage – all issues that were historically addressed through air gapping, requiring a very competent and organized cyberattack to accomplish anything significant against the OT environment.
An integrated security strategy can:
- Seamlessly and simultaneously span and protect the network
- Raise shields against detected threats
- Perform security analysis in parallel with business—critical operations so that systems remain scalable and available
- Dynamically segment and microsegment devices and processes to isolate
Absent a carefully orchestrated strategy that recognizes the uniqueness and fragility of the OT infrastructure, enforcing zero trust could substantially disrupt or disable systems as much as it can afford protection. Such an approach needs to be combined with an integrated security fabric that recognizes the distinct processes and priorities that govern an OT environment. An ability to safely recognize, consume and correlate threat data; communicate directly with a central management and orchestration system; and then enforce the appropriate security policy in the proper place without putting delicate OT systems and devices at risk is the absolute imperative.
Rick Peters brings more than three decades of cybersecurity and global partnering experience working across foreign, domestic, and commercial industry sectors at the National Security Agency (NSA). As Fortinet’s Operational Technology Global Enablement Director, he delivers cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments.