Operational Technology (OT) and manufacturing businesses are prime targets for cybercriminals. Why? Because OT security is lacking behind theIT sector, such asbanking and retail.
For example, ransomware attacks on OT systems are on the rise with twice as many attacks in 2022 than the previous year. And the estimates are that more than half of OT and manufacturing businesses were hit by ransomware in 2023, with more than a third of them losing business and revenue as a result (according to the State of Ransomware 2023 report).
The message from OT security experts is clear: Don’t wait to modernize and renew your systems – adapt and bypass your system limitations now.
Here are three key tips on how you can secure your OT environment for the digital age.
1. Utilize the strengths of your IT and OT together
Businesses often think about their OT security and IT security as two separate issues. And traditionally, they are separate.
But digital transformation is all about collaboration, and your OT systems can highly benefit from their IT counterparts. Especially when it comes to security as OT security is lacking far behind where IT security is today.
The best way for your OT business to move forward is to start by understanding your environment – without knowing what you want to secure, you cannot secure it. Then, enforce ownership of your IT and OT assets to the right persons, teams, or third-party organizations.
You should also consider your OT needs, which are different from the typical IT needs.
For example, OT environments are designed for maximum productivity, and at the same time they need to consider physical safety – any malfunction may cause physical harm to employees on-site and cost the business valuable production time as well as related profit.
Only then, you can embrace the IT/OT convergence and utilize the opportunities it offers, such as using big data or AI models to optimize your OT processes, making them more efficient and profitable. As Jouni Hiltunen, Lead Technology Advisor, Enterprise & Cyber Security at Fujitsu Finland, points out: “OT cannot be separated from IT and IT risk management, because the data flow from the factory floor to the enterprise management systems is global and real-time. […] Confidentiality, integrity, and availability – they have real euro and dollar costs if they are interrupted.”
2. Employ a modern secure access and access control solution
To keep access to your OT (and IT) systems secure, you need an access gatekeeper – a centralized access management solution that helps you control IT as well as OT access, for internal users as well as third-party vendors. This is typically achieved with PAM solutions.
Your next-generation PAM solution for OT should have these features:
Zero Trust architecture to limit user access with just-in-time and just-enough access principles and role-based access control that allows granular access.
It should be a software-based, agentless solution that easily integrates with other components of your environment, like AD, SOC, and SIEM, with no impact on the hardware infrastructure
Flexibility of deployment in the cloud, on-premises, or in a hybrid environment as well as flexibility of access through web or client software.
Support for a variety of industrial protocols without forcing the use of an application server
Auditing of all connections (full audit logs) with session recording and real-time monitoring
Easy-scalablefor multi-site applications
Fast deployment – microservices architecture
When it comes to OT security, keep in mind what Jouni Hiltunen mentions: “Unfortunately, you cannot prevent all security incidents, so you must ensure that they are contained to the minimum effect that they are having.”
3. Comply with industry standards (but keep in mind your OT security setup)
Industry standards, like ISO27001, IEC62443-3, or NIS2, should be the building blocks for your OT security strategy, but they are not step-by-step manuals. You can be compliant and still have a high rate of security incidents and, in the worst-case scenario, fall victim to a cyberattack.
Standards are tools to ensure interoperability and compatibility and, in some cases, compliance with regulations. But first, you need to understand what you need to be doing security-wise, and then you can do it according to the standards.
Watch our expert webinar on “Securing your OT in the age of digital transformation”
Dive deep into the topic of OT security in the digital age - watch the recording of our expert webinar:
Eduardo is the Channel Partner Director for OT at SSH. He has been involved in the Industrial Automation arena since 1994 when he started his career as a PLC/Scada programmer at different systems integration companies. Later, he made a career shift to industrial communication network sales, specializing in providing...
We at SSH secure communications between systems, automated applications, and people. We strive to build future-proof and safe communications for businesses and organizations to grow safely in the digital world.