For those in industrial sectors – energy, utilities, manufacturing, communications, transportation and defense – operational technology (OT) systems control both industrial and critical infrastructure.
As OT networks increasingly converge with Internet-connected information technology (IT), the overlap translates into a growing potential for attacks from cybercriminals. Previously isolated OT systems are now exposed to all cyber threats.
“Because traditional security strategies were not designed for the unique and sensitive needs of OT, network operations analysts must seek protection that provides visibility, control, and situational awareness in these environments. “says Fortinet.
1. Defend an expanding OT network attack
In the past, the best way to protect OT networks was to isolate them from IT networks, known as air spacing.
However, with 75% of organizations reporting at least some form of basic connection between IT and OT, convergence negates airspace security, resulting in 97% of organizations acknowledging security challenges because of this convergence.
2. Find a new solution for OT security
“In light of OT and IT convergence, an advanced and effective OT security posture requires specialized considerations,” says Fortinet, adding that “attempts to manage risk by simply deploying firewalls, sandboxes and off-the-shelf intrusion prevention systems in OT environments exhibit unacceptable, disruptive, and uncertain results.
Instead of taking a bolt-on approach to network security solutions, organizations need to design security into even the most basic levels of OT environments to address the big picture.
3. Visibility on the attack surface
“You can’t protect what you can’t see,” says Fortinet, which reports that “82% of organizations are unable to identify all devices connected to their network.”
In today’s digital environment, it is important to have continuous visibility of every device (wired and wireless) to ensure reliable OT operations.
“Because these technologies connect to a [external] Computer network for additional capabilities, they provide a potential backdoor for threats aimed at attacking vulnerable OT systems. An integrated security architecture can support transparent and centralized visibility of the entire OT environment,” says Fortinet.
4. Control access, security updates, etc.
Control in OT requires the need to base normal traffic and predefined approved functions.
“Fortunately, device behaviors in an OT environment tend to be static and within a predictable range, so abnormal behaviors are more likely to be immediately apparent and identified than in traditional computing environments,” Fortinet says.
It is also critical to control in OT the ability to force traffic from primitive devices through a next-generation firewall solution. “Organizations must be able to apply and enforce access policies based on who and what is connected to the network,” Fortinet adds.
5. Situational Awareness
A single hour of operational downtime can cost companies over $100,000 (reported by 98% of manufacturers in a PwC study).
With that in mind, “when an individual device in an OT environment is under attack, organizations need instant alerts and contextual threat information to quickly understand the precise actions to take,” Fortinet says.
However, this is easier said than done, network operations analysis can receive thousands of security alerts per day, and it can take hours of investigation to manually pinpoint the location of a suspicious device and all other relevant information surrounding the event to determine if this is a real attack.
6. Greater transparency for industrial and critical infrastructure networks
Walking the line between protecting the growing potential for attacks without disrupting sensitive systems is a major challenge for OT networks.
“While the convergence of OT and IT offers great benefits, it also introduces new risks that may be unfamiliar to network operations analysts and security teams. Organizations need to be able to ensure that they know everyone and everything connected to their infrastructure at all times,” Fortinet concludes.
To read the full report “OT Network Security Starts with Visibility: Greater Transparency for Industrial and Critical Infrastructure Networks”, Click here.
To register for Fortinet’s “When, not if: Respond when your OT network experiences a ransomware attack” event on June 24, Click here.