OT Cybersecurity

What is Operational Technology?  

Operational Technology (OT) involves simultaneous use of hardware and software to monitor and manage physical processes, devices and infrastructure. Operational technology as a solution is typically implemented upon a broad range of sectors that require intensive asset protection. An example of a task performed by OT is examination of critical infrastructure. Industries in which OT is used includes manufacturing, oil and gas, electricity generation and distribution, aviation, maritime and utilities.  

OT Security 

As defined by Gartner, OT security can be defined as “Practices and technologies used to (a) protect people, assets and information, (b) monitor and/or control physical devices, processes and events, and (c) initiate state changes to enterprise OT systems”. Security solutions implemented can range from next generation firewalls (NGFW) to security information and event management (SIEM).  

In the past, OT cybersecurity was not regarded as an integral practice however in recent times, as a result of digital innovation, IT and OT networks have converged.  

Briefly outlined, operational technology handles equipment, informational technology (IT) and monitors data however IT provides secure confidentiality, integrity and accessibility and availability of systems and data.  

IT and OT Convergence  

Digital progress is dependent on the overlap between operational technology systems and information technology systems. OT network systems such as control systems, SCADA (collects data from sensors and transmits this data to a central computer that manages the data) and industrial networks are being integrated with IT systems such processors, storage and system management. Enabled by integration between the two, IIoT (Industrial Internet of Things) devices can be used to detect errors and improve efficiency.  

It is important to remember in addition to this that integrating an unconnected OT network to the internet through an IT network will result in the OT network and all connected devices becoming exposed to the threat landscape. OT has not been originally designed with the possibility of threat exposure in mind and furthermore, the increase of remote access to OT systems by third-party vendors generates increased vulnerabilities.  

The importance of efficient OT security  

Operational Technology, if breached can lead to interruption of crucial services including emergency services, water treatments, traffic management and other important infrastructure. In addition to this, a successful breach on OT organisations not central to highly important infrastructure can result in an alarming consequence, for example safety checks being removed by a hacker in a production facility resulting in the shipment of unsanitary products.    

Typically, cyber criminals have aimed and still currently aim to steal data however, OT networks are becoming more frequently targeted, with OT professionals stating in a survey conducted by SANS Institute that the risk level falls into critical levels.  

OT Malware  

OT malware as the term suggests, refers to malware designed to target Operational Technology. The purpose behind OT malware can range from modification of industrial operation to disrupting industrial processes using cyber-physical attacks.  

The manner in which OT malwares are executed depends upon the complexity of the control system that is being targeted.  

For systems that can be accessed and controlled remotely for example, SCADA (Supervisory Control and Data Acquisition), the aim may be to gain control of a managing work station to enforce changes upon the target system. If a threat actor aims to target individual units, they may change the control conditions of the system’s hardware for example Programmable Logic Controllers (PLCs).  

In addition to malware designed to target OT systems, threat actors may also leverage malwares capable of attacking hybrid IT OT systems, the type of malware of which may be utilised by state and non-state actors alike.  

Examples of OT malware include: 

• Stuxnet  
• Havex and BlackEnergy2 
• CrashOverride 
• TRITON 

IT malware that can impact OT systems: 

• EKANS 
• LockerGoga 
• BlackEnergy3 

Further detailed information regarding the specialised nature of these malwares and defence solutions can be found here.  

About Securiwiser  

We aim to provide our clients advice concerning implementation of various specific cyber security methods, some of which will be more suitable than others depending on the business type to help ensure the cyber health of our client’s system.  

We advise our clients (whether they are individual users or business owners) regarding various cyber threats that their businesses and operating systems may face. This includes increasing trends of certain threats and prevention methods that are cost effective and time saving.   

Furthermore, business owners, employees and general users may forget to conduct regular scans to monitor the health of their operating system, which criminals can take advantage of to gain unauthorised access by exploiting unrecognised, underlying vulnerabilities.  

Securiwiser can conduct regular scans for your system and provide a detailed cybersecurity risk assessment and a cybersecurity vulnerability assessment. We can further explain detected vulnerabilities and risks in detail to our clients and provide the best course of action that will save your business time and money.