Cybersecurity has become essential for every modern business, but has historically focused on securing information technology (IT) used by the administrative side of the business, rather than operational technology (OT) used to manage industrial operations in manufacturing plants, mining operations, chemical plants, and the like.
However, in recent years, OT has evolved, expanded, and become more interconnected and integrated with IT than ever before. Most industrial systems now have digital controls and are connected to IT systems and networks to enable remote monitoring, data analysis, and maintenance. OT systems are also where a lot of Intellectual Property (IP) around industrial processes is found.
OT, therefore, is just as big a target as IT, and just as important to secure in the face of increasing cyber attacks by criminal, espionage, and nation state affiliated groups. Security cannot be an afterthought in the era of internet connected industrial systems as IT and OT systems increasingly merge.
Organizations that are using any form of OT need to ensure that it is covered by their cybersecurity strategy and that they have a coordinated approach to detecting, responding to, and recovering from cyber attacks and intrusions in their OT as well as their IT infrastructure.
This means that organizations need to have the ability to discover and inventory OT infrastructure assets, protect the OT environment, monitor control systems, detect cybersecurity events, and respond to any cybersecurity compromise.
Industrial control systems (ICS) represent a major portion of operational technology, comprising systems that are used to monitor and control industrial processes in manufacturing, electrical, water, oil, gas, mining, transportation, chemical, nuclear, pharmaceutical, food, and beverage industries.
Most Industrial Control Systems are either a continuous process control system, typically managed via programmable logic controllers (PLCs), or a discrete process control system (DPC), that might use a PLC or some other batch process control device.
Industrial Control Systems are typically mission-critical applications with a high-availability requirement, which makes protecting them against cyber attack crucial for any organisation that uses them. This may require dedicated security personnel, increased investment, and improved security awareness training to include OT to minimise the risks.
Every organization needs to ascertain their usage of Industrial Control Systems and other OT, understand the risks, and determine if they have the necessary skills, staffing, tools, incident response capabilities, and management and governance processes, in place to keep OT systems secure, operational, and safe from the malware like BlackEnergy, Industroyer, Stuxnet, Havex, Triton, and Pipedream.
“ For continuous process control systems, a shutdown can be catastrophic costing thousands of dollars a minute and, if the plant is damaged, significant replacement costs.”
— Graham Williamson, Senior Analyst, KuppingerCole.
Because we understand the importance of securing OT, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats.
If you are looking for an overview of securing Industrial Control Systems, an excellent place to start is this Insight on: OT, ICS, and SCADA – What Every Cybersecurity Expert Should Know.
But, to familiarize yourself with solutions that enable organizations to manage, monitor and protect their Operational Technology infrastructure and/or IoT devices, have a look at the recently published Market Compass on Cybersecurity for Industrial Control Systems, which investigates the current state of cybersecurity solutions for the OT and ICS market sectors.
As you will see from the above report, there are a variety of tools that can be useful in providing visibility into ICS environments, which is essential when it comes to improving security capabilities around these systems. Read more about one of these categories of tools in the Leadership Compass on Network Detection & Response to find out more about the market, and the related Buyer’s Compass for questions to ask vendors, criteria to select your vendor, and requirements for successful deployments.
To find out how to defend ICS environments through using decoy environments, have a look at this Leadership Compass on Distributed Deception Platforms (DDPs), which along with NDR solutions are among the main solutions for protecting OT environments that are not well covered by other types of security solutions. Find out more about NDR in this Leadership Brief entitled: Do I need Network Threat Detection & Response (NTDR)?
The convergence of IT and OT is inevitable, so it is important that organizations ensure they are paying enough attention to the security implications. For some guidance on this, have a look at these Leadership Brief entitled: How to get a Grip on OT Cybersecurity, and Join the dots: Operational Technology and Informational Technology.
The time has come for a more inclusive approach to managing industrial control systems. The divide between Information Technology and Operational Technology is fading, to the benefit of the business. To find out more, have a look at this Advisory on Industrial Control Systems: Getting a Grip on OT Cyber Security.
Understand the role and importance of IAM in controlling access to ICS environments by having a look at this Advisory on the Future of Identity Management, while for a discussion on the specific topic of securing OT systems used for automation, have a look at this Advisory on Plant Automation Security.
For an up-to-date perspective on OT security from the German BSI, have a look at this presentation from the most recent Cybersecurity Leadership Summit on Cyberattack Risks for Manufacturing Industries, Operational Technology, Industry 4.0 & Recommended Countermeasures.
Discover more about the threats and risks facing OT and what can be done to counter them by watching this panel discussion entitled: Industry 4.0 - How to Build a Dynamic Cyber Defence, and to find out why the vulnerability of communication and database servers associated with industrial systems should be given highest priority, have a look at this presentation entitled: OT Security - The Weak Point Is the Periphery.
For an overview of the status of IT and OT security, some of the main challenges and trends, and some potential solutions, have a look at his presentation on IT-OT Convergence of Security.
OT environments sometimes lack visibility of the threats they face because many OT systems and Industrial IoT (IIoT) devices can’t run endpoint security software, but all is not lost. As mentioned previously, Network Detection & Response (NDR) and Distributed Deception Platforms (DDPs) can help. To find out how, have a look at this presentation on Detection, Deception, and Response - The Role of NDR and DDP in Securing OT and ICS.
If you would prefer to read short, concise perspectives by our analysts on topics related to OT security, choose from the following list of blog posts.
- CrashOverRide or the Need for Putting OT Security at the Center of Attention.
- Smart Manufacturing: Locking the Doors You've Left Open When Connecting Your Factory Floor
- Bridging the Gap Between IT, OT and Business in the Digital Transformation Age
- Security and Operational Technology / Smart Manufacturing
- Security is part of the business. Rethink your organization for IoT and Smart Manufacturing
- OT, ICS, SCADA – What’s the difference?
Get a better understanding of the ICS threat landscape, learn how to identify your key OT assets and vulnerabilities, and find out how to do a risk analysis in this Webinar entitled: Fine-Tuning ICS Threat Models to Prioritize Mitigations of the Most Vulnerable Devices.
For an analysis of the risks of unprotected industrial networks, the impact of IIoT applications on control systems, and how organizations can successfully manage these risks through effective identity and access management, have a look at this Webinar entitled: Industrial Control Systems: Understanding the Access Risks and Security Challenges.
Effective cyber defense depends on detecting, preventing, and mitigating threats not only on desktops, laptops, and servers, but also on the network, in the cloud, and in OT, ICS and IoT, which is where Network Detection & Response (NDR) solutions come into play. To find out more, have a look at this Webinar on: Enabling Full Cybersecurity Situational Awareness With NDR.
Find out more about Industrial Control Systems in the context of Identity Fabrics for IoT use cases in this Whitepaper on: Enabling the Digital Business with Identity for the Internet of Things.
Organizations investing in technologies to secure industrial control systems, can have a look at some of the related technology solutions that we have evaluated: