IT vs OT Security – Understanding the Differences
By the Radiflow Cybersecurity team
Last month, a Russian cybercriminal group caused chaos along the US east coast by using ransomware to hack into an oil pipeline company’s IT system. The company in return took the extreme measure of proactively shutting down operations to prevent the damage from spreading to the OT system. Their CEO then made the controversial decision of paying $4M in ransom in order to get the pipeline back up and running without further risk.
This shocking yet very real story illustrates the ways in which the integration of IT and OT systems has changed the way industries operate. Cybersecurity has become essential not only in safeguarding computer systems, but more so – the very infrastructure we depend upon.
IT vs. OT security: two entities with two distinct sets of requirements
What is the difference between IT and OT security? Traditionally, IT and OT were very different in nature and required entirely separate approaches with regards to safety and security. Information technology involves computers and networks, with the primary currency being data, and the job of IT security is to protect confidentiality.
IT security tools include:
- Antivirus software
- Encryption Tools
- Malware detection
- Network Defence Wireless Tools
- Packet Sniffers
- Managed Detection Services
- Network access control
What is OT cybersecurity?
The top priority of OT security is safety, closely followed by ensuring continuity of service.
The legacy nature of OT systems has resulted in something of a convoluted network of software and hardware, industrial elements and adjunct components. Monitoring and protecting so many composite parts is complex and delicate, especially when taking into account the need to keep the system permanently online, as opposed to an IT network, which can be temporarily shut down for security updates. Case in point is the oil pipeline company example: just a few hours offline was enough to disrupt the lives of millions of people with a potential cost of hundreds of millions of dollars.
The imperative of keeping OT systems both safe and continuously operative meant that historically these networks were “air-locked” or siloed; therefore, they were essentially protected from outside threats.
Bringing cybersecurity up to date – the convergence of OT and IT
Everything changed about a decade ago with the advent of Industry 4.0, the fourth industrial revolution. Integrating machine-learning and automated processes into industrial technology meant combining both IT and OT which previously have been air-gapped for security reasons. The convergence of the two systems has become more necessary as technology improved and the need for interconnectivity increased. The convergence, however, opened OT systems to many more cyber threats, thus increasing the criticality of OT security.
As Industry 4.0 evolved, so too did the cybersecurity measures that protect OT systems. It is now essential for IT security experts to align with OT cybersecurity standards when the two converge, and similarly, those working in OT cybersecurity have to adopt IT security protocols. The convergence of IT and OT is expected to become almost universal, so it’s no longer logical to view these systems as discrete or independent.
The future of IT/OT cybersecurity – not “either/or”, but something new entirely
Historically, industrial security was reactive, which made sense when dealing with closed systems which were less vulnerable to external attacks. The first major shift that the convergence of IT/OT has highlighted was the need for proactive cybersecurity.
The most complex challenge in this respect may be the need to monitor and update OT/IT security systems while keeping them online and fully functional, since frequent updates keep IT systems less vulnerable to attack, and . Since taking an OT system offline is almost certainly going to cause major disruptions (e.g. missed fuel deliveries or water/power outages), proactive OT security specialists use attack simulations as a means of testing network resilience. . These simulation models can be anything from an open-source simulator to a physical reconstruction, with many options in-between. Once an accurate model has been created, it is possible to not only pinpoint existing network vulnerabilities, but to actually make data-based decisions regarding changes or updates to be implemented in the (live) physical system itself.
There have been major changes over the last two decades in the way industrial systems are configured, and in particular, in the convergence of IT and OT networks.
It can be overwhelming to consider the security ramifications of these changes, so it helps to bear in mind the incredible possibilities that are enabled through these developments including streamlining operations, automation, interconnectivity and especially the ways in which previously separate networks are able to interact.
Rather than trying to bring two disparate cybersecurity systems together, a third and more powerful system is emerging using artificial intelligence. Investing in these advanced technologies is likely to become the benchmark for industrial security standards over the coming years.
Radiflow specializes in cybersecurity solutions for industrial networks. With an in-depth understanding of the differences between IT and OT security needs, and the impact of IT/OT convergence, Radiflow’s team can ensure you are aware of your entire network vulnerabilities and can suggest the best measures to increase security and maximise ROI. Contact our team for more information on how our risk assessment solutions can help you to protect both your IT and your OT systems.
IT and OT systems have traditionally kept strictly separate to prevent cyber attacks from moving between the IT and the operations networks. Industry 4.0 has created the imperative to converge the two realms.