Leadership Brief

Advanced IT security solutions for OT environments

Industrial Control Systems operators are increasingly targeted by Advanced Persistent Threat (APT) actors and cybercriminals as digital transformation accelerates. Many hitherto isolated systems now connected, which introduces additional risks from enterprise IT and the cloud. Although such connectivity can bring more risk, advanced enterprise IT security solutions can provide new capabilities for securing OT environments.

John Tolbert


1 Executive Summary

Operational Technology (OT) is a term that encompasses computing equipment deployed in diverse environments such as factories, warehouses, cities, power generation and distribution facilities, water treatment plants, vehicles, etc. Industrial Control Systems (ICS), a subset of OT, include sensors, Programmable Logic Controllers (PLCs), and Human-Machine Interfaces (HMIs). OT systems can include specialized equipment provided by hardware manufacturers as well as more traditional IT servers, desktops, laptops, and tablets. In this paper, we will focus mainly on ICS.

ICS environments are at risk of targeted attacks by APT actors and cybercrime groups. APT actors generally involved in espionage operations, denial of service, or campaigns to destroy data and equipment. Cybercriminals' weapon of choice is most often ransomware, and they may purposely or inadvertently infect ICS environments. Regardless of the type of actor or malicious techniques used, the consequences can be very serious for the victim organization: production outages, power outages, spoiled goods, loss of trade secrets and other critical information, and even the destruction of computing and controls equipment are a few examples.

Innovations in data analytics technologies can be harnessed in ICS environments to better understand loads and customer demands, expedite production and deliveries, speed up Just-in-Time supply chains, facilitate predictive maintenance, and more. Access to many of these tools requires communication with enterprise IT components. Opening the door between OT and IT offers the possibility of productivity gains, increased revenue, expense reduction, and better value for customers. However, such connectivity can exponentially increase risks.

On the positive side, over the last decade or so, advancements in IT security technology and tooling can be brought to bear against adversaries in the ICS realms. Network Detection & Response (NDR) and Distributed Deception Platforms (DDP) are two types of security solutions that can be used to improve the security posture in organizations with ICS technologies. Both NDR and DDP are evolving toward XDR, or eXtended Detection & Response. Many solutions in the NDR, DDP, and new XDR space understand the device types, protocols, and topologies used in the most common ICS deployments.

Full article is available for registered users with free trial access or paid subscription.

Register and read on!

Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package