Securing OT with the help of IT cybersecurity best practices

22 September 2023

With digital transformation comes the need for robust cyber security specific to the OT domain. Looking to the IT domain can offer solutions, argues Lee Carter.

Alongside plant digitalisation, comes a need to consider cybersecurity at every step. IT staff have traditionally been solely responsible for the cyber protection of a business but as operational technology (OT) systems begin communicating with enterprise-wide software, that responsibility is now placed on every member of the team, if not more directly on OT. 

Studies show that manufacturing is being targeted at a higher rate than any other sectors because of the new vulnerabilities that are presenting themselves in OT technology. 

Traditionally, the OT environment was ‘air-gapped’ to wider enterprise systems. While outdated, this approach did help protect systems as OT technology was harder for hackers to reach. 

Fast forward through Industry 4.0 and the digital transformation of the sector, much of that OT technology remains in operation. The issue is that many OT systems were never designed with enterprise-wide communications in mind and today’s open communication between OT and IT highlights the differences in the two environments, but also why a shared approach to cyber security is needed. OT environments traditionally focus on safety. Physical systems that can put workers in harms way require complete control and availability, removing that with a ransomware attack, for example, puts a company at risk – not only will downtime be costly for everyday the company isn’t in control, but in some extreme cases OT professionals and the general public may be put at risk. So, while IT cyber incidents may be more frequent and quicker to solve, OT incidents can cause immeasurable damage.

The starting point
The starting point for a secure OT setting is to align approaches in standards, practices, and tools. One example of this is how quickly IT systems are updated to ensure ongoing cyber security. The same cannot always be said for OT systems. This sees many OT systems remaining vulnerable for longer than they have to be. Even simple best practices such as never plugging external devices into enterprise systems or having dedicated scanning environments for removable media are often not understood to be critical to OT professionals. 

Cyber security for OT is a complex and never-ending journey, encompassing a growing list of solutions, products, and approaches. OT professionals are often over-stretched and their workload is expanding as digital transformation advances. Adding the same strain IT feels to the already full plate of OT may seem like overkill, especially when considering IT has specific training and has been in this space for all of their working lives. Finding a viable approach to cybersecurity for OT is a lot like digital transformation, it requires buy in from all levels of a business, input from multiple sources, and a collaborative approach that stays up to date with the latest products and services.

Achieving a secure OT is an almost impossible task without expert help. To alleviate the strain for the already busy OT professional often requires a partner organisation. OT professionals need to address their cyber security concerns and having a partner to remove the complexity can be helpful. The chosen partner needs to have a deep understanding of digital transformation and must work closely with your organisation to navigate the products in this crowded market, and create an approach to cyber security that aligns with the busy schedule of OT professionals.

There is no one-size-fits all approach to cyber security for OT, it’s about working closely with partners to meet industrial regulatory and compliance requirements and to achieve peace-of-mind.

Lee Carter is Cyber Security Product Manager at SolutionsPT

Contact Details and Archive...

Print this page | E-mail this page