OT Security: a dialog between IT and OT

Sarah Kolberg | February 29, 2024

To implement modern cybersecurity concepts in OT environments, several obstacles need to be resolved. IT security is in the role of a pioneer, as IT has experience with cyber threats since the 1970s when the first computer virus "Creeper" was already up to mischief. There has always been a battle between new attack methods and IT security solutions. Awareness of cybercrime threats is also slowly growing among OT managers, as the number of cyber-attacks in the industry is constantly increasing. In addition, with respect to various regulations and IT-OT convergence, it is essential that cybersecurity also finds its way into plants. For this to succeed, a dialog between IT & OT is needed.

There is a certain discrepancy between information technology and operational technology in terms of security expectations. While data integrity has the highest priority in IT security, security in OT primarily means system availability and safety: continuous, interference-free operation must not be jeopardized. In addition, the physical well-being of people must be guaranteed, particularly in factories or other areas where there is human-machine contact.

Two different worlds come together in IT and OT, and correspondingly different specialists. The expertise and specialist terminology differ. Finding a common language to clearly formulate the needs and requirements of the systems therefore quickly becomes a challenge. Furthermore, not all OT is the same. Every industry has its own standards and requirements.

Historically grown infrastructures and the long-life cycles of technology are a major challenge for OT security. For example, there are often devices in factories that have been running continuously for 20 years. OT systems were not originally designed to be connected to the network. Closing this gap and securing companies according to the latest state of the art is the central task of OT security.

Some of the software used is highly specific and communicates via protocols that are atypical for IT. It is often not transparent which components communicate with each other. However, only what is known can be secured. The first step is to create transparency in operational technology. This means gaining an overview of the status of the machines and other assets as well as their communication. Regarding the long product life cycles, software is not only industry-specific, but in some cases also extremely outdated. For example, you might find a dusty computer running with Windows XP in one or another industrial plant. Modern IT security solutions can overwhelm such structures. It is therefore important to develop security concepts that also protect legacy systems.

OT contains highly vulnerable systems. The smallest changes can lead to system failures. It is particularly important that security measures do not jeopardize operations, because once the process is interrupted, this can have far-reaching, costly consequences. In some respects, this can hinder security projects. Instruments such as penetration tests could result in disruptions or even failures and are therefore often not an option.

To develop suitable solutions for cybersecurity in OT, IT managers need to develop an understanding for OT systems. Often, initial processes such as risk analyses need to be reconsidered for OT. Manufacturers and customer companies need to get in touch. OT systems are highly diverse, which is why it is usually not possible to offer a one-fits-all solution. Keyword: Customizing!

The different requirements of OT and IT are also reflected in the demand for our Network Access Control solution macmon NAC. For example, the 802.1X standard for NAC is now mostly required in IT, as it promises a high level of cybersecurity. However, the maintenance of the associated RADIUS server is demanding and prone to errors. This can be problematic in operational technology. On the one hand, the staff responsible often do not have the necessary expertise. On the other hand, anything that poses a risk to operations must be prevented. In addition, machines and systems often do not support the standard.

However, macmon NAC also offers an SNMP-based solution - a protocol that most OT systems also support. Post-Connect NAC enables passive monitoring and reactive functionality. This allows compliance guidelines to be implemented step by step without jeopardizing operations. How certain security-relevant events should be handled can be defined individually. The security solution is manufacturer- and infrastructure-agnostic and does not require any new purchases or constructions. macmon NAC is considered the easiest NAC solution on the market in terms of handling and implementation. macmon NAC offers numerous advantages that address the needs of OT networks. This is also reflected in the user landscape: one third of macmon’s customers operate in an industrial environment.