Why is OT security as important as IT security?
If you have lived on the Planet Earth in recent decades, then you are probably already familiar with the abbreviation “IT,” otherwise known as information technology. Information technology is a term that encompasses the processes and methods of working with any kind of data through electronic/digital means. As such, it fittingly centers around software, networks and computer systems. A business that utilizes any type of computerized system or some form of a network in which data is shared will, undoubtedly, require at the very least a person with a basic understanding of IT to help with set-up. These days, though, “a basic understanding of IT” is just the tip of the iceberg in what is needed for a secure and successful business strategy and business continuity program.
We could dive more into the full “iceberg” that is IT and spend hours on it…but instead let’s focus on something else. Something that is equally at risk to cyber threats, just as important as IT, but is significantly lower on the public’s radar. Operational technology, otherwise known as OT. You could say that OT is the “other side of the coin” when it comes to IT.
So, what exactly is OT?
Loosely based on this definition by Gartner, operational technology is hardware or software that detects or causes a change. It does this through an installed monitoring system (usually continuously monitoring around the clock) which indicates a control process is in place. OT is centered around control and safety systems. At its core, operational technology uses information technology to control processes and devices. Originally, OT was just defined as the physical machinery or mechanisms themselves…but as the industry has evolved, so has what OT is and is ABLE to do.
A couple good examples of operational technology:
• A system that controls the flow of water into a municipal water treatment plant - both the incoming (from homes and drains) and outgoing (into a stream or water way)
• Industrial robots that are manufacturing parts for automobiles, aircrafts, plastics, etc.
• SCADA systems
• Industrial Control Systems (ICS)
• Solar panels that are remotely operated for optimization
• Weather stations
• Traffic lights and city streetlights
• Heating and cooling systems for a skyscraper
The market is awash with organizations and individuals that are experts on IT…but a deeper look at recent statistics gives evidence to the fact that OT security is a far cry from the standard that the industry needs to hold, especially for a consistent and adaptive security infrastructure. Companies looking to heighten their IT security measures unquestioningly need to adapt their requirements to incorporate strengthened operational technology security. They go hand-in-hand, and should be thought of as components of the same whole.
OT is vulnerable. The biggest thing is because it has more threat vectors. There are more entry ways to get into and hack an OT network. Whether this is due to the fact of it being a blind spot in many businesses, there being a shortage of experts on the topic, or the circumstance that even today’s OT leaders struggle with a full understanding of the intricacies of this field …remains to be seen. More than likely a sum of all these factors.
A few years back, a jeep was successfully hacked through its OT network and control was taken away from the driver while driving at high speeds on the highway. Imagine this happening to an invaluable politician, an important figure for social justice, a beloved family member.
More food for thought: The National Grid. Everything on the National Grid is OT.
Hydroelectric, gas, nuclear, electric, solar, manufacturing and more. A few years back, there was a very real and absolutely documented hack into the US power grid by Russian hackers, and they gained access to it in a demonstration of their ability to shut down the system. The repercussions of that kind of security oversight could be absolutely devastating.
And that is just one example. As you begin to wrap your mind more around operational technology and what it encompasses (whether small picture or big picture), there are seemingly infinite examples where OT comes into play in the vital components of this society and its ability to function.
The implication in sharpening a focus on these security measures cannot be overstated.
ProtectedIT dedicated the entire month of July 2020 to educating on the importance of OT Security with our partner Virsec Systems with plans for more with strong alliances Tenable and CyberSaint. Chief Executive Damian Ehrlicher will have a Forbes article published on this very topic so please check back soon. Contact us here for more information.