Operational Technology Cyber-Security

What is Operational Technology (OT) Cybersecurity?

What is an OT environment? OT, or operational technology, refers to networks which control industrial, manufacturing and infrastructure systems. OT is a separate category from traditional information technology (IT) because it involves not just computer software and hardware, but many other components as well which form a complex network of assets.

Cyber security for OT, IoT and IIoT is a relatively new field, emerging as a result of the Industry 4.0 standards over the past decade. Traditional IT cybersecurity which has been in development for over 40 years is designed to preempt and protect IT networks and utilizes methods which suit IT software, including firewalls, packet sniffers and encryption tools, but was never intended to protect cyber-physical systems.

One of the main advantages that IT cybersecurity has over OT is the ability to be taken temporarily offline in order to perform a patch, bringing the security level up-to-date without endangering the network. Industrial networks, OT infrastructure networks in particular, rely on being continuously online, and cannot depend on patching as a security method.

The convergence of IT and OT systems has created the need for a different type of cybersecurity which is able to perform the job of securing both the software system AND the industrial assets which are part of the OT network. This is the role fulfilled by OT cyber security.

What are the Top OT Cybersecurity Frameworks?

• Operational technology security standards require the entire network to be protected from all types of threat attack. To achieve this, it is first necessary to have a clear understanding of exactly what is included within the network and how industrial assets interact with the IT system, which can be done by creating a virtual map of the OT/IT system.
• Constant monitoring of the network will clarify if there is an attempted breach, and will also pinpoint any potential weak spots which could act as an entry point for an attack.
• Working from a base-line of system-data acts as an early detection alarm for OT systems, as any unexpected changes will be highlighted.
• IT/OT convergence enables automation and streamlining of systems, but it also endangers the CPS as it offers attackers many more entry points. This can be counterbalanced by the use of segmentation, “air-gapping” and one-way traffic, which are methods of separating different elements of the network where possible.

What are OT Cybersecurity Best Practices?

Despite the fact that OT and IoT cybersecurity is a relatively new field, it is considered to be important because of the essential nature of the systems and infrastructure that it is designed to protect.

As such, the NIST, National Institute of Standards and Technology has issued extensive and detailed guidelines for industrial control systems security. The IEC, International Electrotechnical Commision, regularly publishes updated general guidelines for ICS security, and also has individual committees for the different sectors which fall within the OT category, such as water-treatment facilities, electricity suppliers, manufacturing, shipping and healthcare.

All OT cybersecurity providers should be following these guidelines in order to provide the best level of protection for their clients. Although the guidelines change from time-to-time as the threat landscape shifts, there are certain best-practise steps which remain constant:

• Prioritising: it is unrealistic to try and protect every part of the network all of the time, therefore it is essential to identify which assets are most important, and therefore where to invest more security resources.
• Restricting access: as remote working becomes more commonplace, more personnel, both internal and external, have access to OT systems. Limiting access includes limiting physical access as well as virtual access, ensuring that strict controls are in place for limiting data and system changes, and updating security controls to legacy equipment.
• Maintaining functionality: OT security has two main priorities, the first is safety and the second is continuity of service. It is almost impossible to prevent all breaches, therefore OT cyber security solutions must include the ability to maintain as much functionality as possible even under threat of attack.

Benefits of the Radiflow Platform

Radiflow understands the challenges of operational technology cyber security, as well as the issues faced by CISOs who are under pressure to protect their network on a budget. Radiflow’s risk analysis platform offers a ROI-driven solution to this challenge.

Radiflow’s CIARA (Cyber Industrial Automated Risk Analysis Platform) employs a proprietary risk assessment algorithm to calculate the likelihood of attacks on networked assets together with their quantitative real-world impact. CIARA then generates a list of mitigation measures based on this analysis. These measures are graded according to ROI, enabling the user to assess which measures should be prioritized.

CIARA generates a virtual map of your OT system. This can be viewed, together with the digital maps of multiple facilities, on one UI in order for security and risk teams to execute Breach & Attack Simulations (BAS). Working with simulations of potential threats empowers your OT security team to anticipate any dangers and prioritize the solutions according to your business needs.

Radiflow’s newest CIARA software release was recognized as a vendor in the Cyber-Physical Systems (CPS) risk management category, which is in the Innovation Trigger of the Gartner® report titled, “Hype Cycle™ for Cyber and IT Risk Management”, 2021. Since its release, CIARA has earned acclaim for its capabilities in providing a data-driven approach to OT cyber security solutions, especially following multiple major OT attacks, such as on the Colonial Pipeline and JBS.

Industries

Electricity stations and substations

Supervisory Control and Data Acquisition (SCADA) systems which are critical to electricity supply networks, are highly vulnerable and have been the focus of many cyber attacks in recent years. Radiflow’s OT cybersecurity solutions help to protect the entire electricity ICS, including the SCADA system.

Water and Wastewater facilities

Many water facilities are spread over vast areas and are often under-protected due to the legacy nature of the systems. Radiflow’s CIARA enables you to visualize the entire network and helps you to prioritize assets which need higher levels of security.

Renewable Energy

The demand for renewable energy is on the rise, and as a critical infrastructure system, they are being targeted by cyber terrorists. Radiflow’s CIARA Breach and Attack Simulation enables you to anticipate the danger and focus your security resources where they are most needed.

Manufacturing

The increase of IoT and IIoT, as well as OT/IT convergence, has led to the problem of manufacturing systems often being convoluted. Radiflow’s virtual map of your network will straighten out the mess and enable you to get a clear picture of the whole system, including the network connections, which gives you an insight into any weak spots or hidden entry points.

Building Management Systems

Smart technology may be a business buzzword, but it is also a cybersecurity nightmare as it involves coordinating several systems on one network. Radiflow’s CIARA helps to protect the entire system, creating a virtual map and arming you with an automated alert system.

Additional Resources

White Papers

Radiflow’s CIARA platform uses several methods to ensure that your OT system has the highest possible protection. For an insight into how Radiflow’s BAS system works, read our white paper Breach & Attack Simulations (BAS) in OT environments

This white paper will bring you up-to-date with the latest information on OT security, including the steps you can take to protect your OT system: The Five Best Practices that will Protect Your OT/ICS Network in 2021

Case Studies

To find out how others have implemented Radiflow’s OT security solutions, read our 2020 Case Studies, a round-up of some interesting Radiflow case studies from around the globe

Blog Posts

For further reading about Radiflow’s innovative imaging process, read How to Perform Non-Destructive OT Security Assessments with Digital Image-Based APT Breach Simulations

This blog focuses on the important topic of water facilities security in the wake of the Oldsmar breach: How to Prevent Cyber Attacks on Water and Wastewater Facilities

To get a better understanding of the challenges created by the convergence of OT and IT, this blog explains the differences between the two in terms of cyber security IT vs OT Security – Understanding the Differences

Another angle on Breach and Attack Simulation, and how it can transform your OT cyber security: In the aftermath of the Colonial and JBS SA ransomware attacks: how to protect yourself while optimizing your ROI on Risk Reduction