If you’ve found this article interesting, please visit and follow Radiflow on LinkedIn, where you’ll find a wealth of exclusive content.
Traditional industrial control systems (ICSs) are self-contained; communications take place over physical wires between and among system components, and the system’s operation is independent of any other systems or networks in the plant.
However, while this works well for single-plant ICS implementations, modern factories often require coordination between multiple plants that are physically separate, whether across the street or on the other side of the planet.
Even within a single facility it is often necessary for different ICSs to communicate with one another. This can be tricky for suppliers that use different (and sometimes proprietary) ICS communication protocols.
An obvious solution is for ICSs to use the standard Transfer Control Protocol and Internet Protocol (TCP/IP) data network communication protocols. This has a number of advantages, as it enables systems to:
[inject id=’code-47fd23f73a9caecab1e206306adae7f9′]
These compelling advantages resulted in the melding of operational technology (OT) systems and networks such as ICSs, with information technology (IT) systems and networks.
And that’s where the trouble began.
The main problem with OT is related to network and data security. Because traditional ICSs were isolated from data networks, there was no need to consider device or system security. When these devices and systems started communicating over TCP/IP networks, they became easy targets for hackers who could exploit their security vulnerabilities and gain access to corporate networks, causing all manner of harm. Thus the inter- and intra-connectivity of industrial networks led to a deluge of OT cyberattacks.
Here are three OT security challenges that many companies must deal with:
Because OT systems were not integrated with other data networks for so long, OT operations and maintenance have been traditionally the responsibility of operations teams, with little or no involvement from IT.
Most operations personnel have no expertise in data or network security. And these systems weren’t designed with a security-centric mindset in the first place.
As a result, OT security was not a great concern as more and more OT systems were connected to corporate data networks. IT departments could have (and should have) lent their expertise in data security, but they often weren’t consulted, and still often aren’t.
Many legacy OT systems still rely on legacy communication protocols even when operating on data networks. These protocols, some of which date back to the 1970s, were not developed with security in mind. Upgrading the protocols could cause issues with legacy hardware, so in many cases, OT systems are “stuck” with non-secure communication protocols.
3. Poor Device Security
In addition to vulnerable communications protocols, many legacy OT devices themselves were designed without any regard to data security, effectively turning them into “sitting ducks” on companies’ data networks.
Overcoming these challenges and mitigating cyber threats in OT systems, while tricky, is well within the range of feasibility.
Some approaches include:
Radiflow’s professionals are experts in keeping OT systems secure from cyberattacks. If you are concerned about the security of your OT systems – and you should be – but don’t know what to do about it, contact us today. We can help.
Harmonizing risk and consequence strategies across IT and OT environments for greater cyber resilience
Strengthening OT Resilience: Protecting Critical Systems in a Rapidly Evolving Threat Environment
Quarterly ICS Security Report 2024 Q3