Ultra Intelligence & Communications

OT Security Keeps Industrial Plants Safe from Cyber Threats

July 11th, 2017 / By

Image of conveyor belt with robotic arms under text(OT Security Keeps Industrial Plants Safe from Cyber Threats)

One of an industrial company’s top priorities will always be to protect its assets from threats. As technology systems become more sophisticated and interconnected, management and control of cyber threats is critical to protecting those assets. And that is a challenge. Industry news reports stories about cyber attacks daily. While the news tends to focus on IT system attacks, they are not the only systems at risk. As operational technology (OT) systems become more complex, they become more vulnerable. What can companies do to increase OT security?

First, what is the difference between operational technology and information technology?

While OT systems are increasing incorporating IT systems, they are different. Operational technology is the hardware and software used to control and monitor industrial processes — processing lines, utilities and the packaging equipment involved in producing products. While OT systems physically keep the plant running, information technology systems operate behind the scenes. They encompass all of the advanced computing, networking, security and software infrastructure companies use daily. IT addresses functions like enterprise resource planning (ERP), accounting, order management, human resources, and numerous other front office tasks. As OT systems become more sophisticated, there is an IT component to them, such as the supervisory control and data acquisition (SCADA) systems often used in industrial plants.

What is OT security and why do you need it?

A cyber attack on any technology system can have dire consequences. However, if an OT system experiences a cyber attack, the consequences go far beyond financial losses — prolonged outages of critical services could cause environmental damage or even loss of human life.

Cyber attackers can exploit security in IT/OT networks, process control systems and critical infrastructure. Whether the motive is industrial espionage or economic gain, the results can be catastrophic.

Robust OT specific security systems protects against that risk.

For example, while protecting an oil refinery’s OT systems may be different from that of a textile manufacturer, they have some things in common — in both settings, the OT systems likely connect to the internet to help vendors perform diagnostics and maintenance. If there is no firewall, or the firewall is outdated, the absence of security features such as multi-factor authentication, strong passwords and monitoring logs leave the OT system vulnerable to attack. OT security protects these common entry points. This is just one example of how OT security protects the company.

As you consider how to approach OT security, keep in mind that OT is not enterprise IT, despite the fact that some IT/OT technologies are the same. However, how those technologies are used and what drives their adoption for OT systems are completely different. Reducing the attack surface for both the enterprise and the operations sides of the business requires strategic planning and communication throughout the company. Working together to create a cohesive risk management plan is the key to OT security and keeping your plant safe from cyber threats.

For further reading, the International Electrotechnical Commission has two publications relevant to risk identification and management for industrial control systems: IEC 61511 “Functional safety – Safety instrumented systems for the process industry sector” and IEC 62443 “Security for industrial automation and control systems.”