1.OT Overview
What is operational technology (OT)?
Operational technology (OT) keeps critical infrastructure and industrial environments functioning. OT is made up of software and hardware used to manage, secure and control industrial control systems (ICS) systems, devices and processes in your OT environment. OT devices are commonly found in manufacturing, transportation, oil and gas, electricity and utilities and other similar industries.
What’s an OT device?
OT devices are devices used in industrial environments as well as within critical infrastructure. For example, you may see OT devices in a manufacturing setting, such as the pharmaceutical industry or for vehicle manufacturing, or in industrial settings, like oil production.
Here are a few examples of OT devices:
- Programmable logic controllers (PLCs)
- Remote terminal units (RTUs)
- Sistemas de control industrial (ICS)
- Distributed control systems (DCS)
- Human machine interfaces (HMIs)
- Supervisory control and data acquisition system (SCADA)
- Internet of things (IoT) devices
- Industrial internet of things (IIoT) devices, also known as Industry 4.0
OT devices are generally controlled by either distributed control systems (DCS) or programmable logic controllers (PLCs). During the more than seven decades of existence, most OT devices were protected by air-gapping — physical isolation of the device from external networks. By not connecting these devices to outside networks, the goal was to keep them safe from external risks.
That worked well for decades, but today, more industrial environments are experiencing a convergence of both IT and OT. That means there are new risks and air-gapping is no longer effective. Modern industrial and critical infrastructure environments need operational technology security that can protect both IT and OT simultaneously.
What is operational technology security?
Operational technology security consists of the processes to protect all of the hardware, software and devices within your OT infrastructure. OT security encompasses all of the steps you take to manage and monitor these devices from attacks (both internal and external) as well as other cyber risks.
During early emergence of OT devices in the 1960s through recent times, OT devices were generally closed systems — meaning they were off network and didn’t communicate with other on-network devices. This is called air-gapping because the devices were physically separated from the unsecured networks. That was the primary mode of OT security for many decades.
But today, more OT devices are coming online and even in operations where they’re not, it’s getting increasingly challenging to maintain truly sterile OT environments. Even in facilities where convergence is not a strategic imperative, there’s a chance OT devices may (accidentally) connect with devices that are (or have been) online. Whether it’s intentional or accidental, IT and OT are increasingly more converged within industrial environments. That means air-gaps are no longer sufficient for true OT security.
Modern OT environments need more comprehensive operational security. For industrial control systems, for example, if you’re just using network monitoring to discover vulnerabilities or other security issues, you’re probably only seeing about 50% of your converged IT-OT attack surface. And, the more infrequently you’re checking those devices for issues, the longer you have for a threat actor to be present in your environment for weeks — maybe even months — before you know they’re there.
Your OT security should include continuous, passive and active monitoring, IT/OT threat detection, detailed asset inventory, configuration control and risk-based vulnerability management. Used in combination, these measures help keep a pulse on your OT environment cyber risks without disrupting day-to-day operations.
How can I actively monitor my OT devices without disruptions or downtime?
With the right tools, you can continuously monitor your OT devices without disruptions.
OT device-based security is an important part of comprehensive OT security, but unfortunately some organizations are hesitant to actively monitor or patch these devices. ¿Por qué? Because traditional methods have often meant disruptions and downtime. Or, worse yet, what happens if you install a patch and one of the primary pieces of equipment you use goes down and can’t function? It could be a death-knell for business.
That’s where Tenable OT Security's active device querying comes in.
Tenable’s active querying is patented and communicates with your OT devices, such as PLCs, HMIs and DCSs, in their native language. That means you can get detailed information about your device — down to a granular level — with disrupting operations.
Tenable OT Security conducts read-only queries of your devices using native communication protocols and can’t make changes to your devices. This allows you to gather deep details about each of your assets safely and without disruption. Tenable’s active querying will not impact your controllers.
Once you’ve discovered all devices within your network, including dormant assets, you can classify each asset and then take a deep dive into device information.
Tenable’s active querying gives you insight into:
- Metadata
- Configuration information
- Hotfix insight
- Versiones del firmware.
- User information
- Back plane information
- Vulnerabilidades
- Others security issues
If Tenable OT Security detects an issue, you can set it to send an alert to the relevant responder on your team.
By understanding the full context of everything on your network, including device level information, you get a more comprehensive look into your OT infrastructure so you know where you have risks so you can make plans to remediate the most critical issues first.
Active querying also eliminates blind spots caused by passive network monitoring alone. ¿Cómo?With device querying, you can get non-disruptive, detailed device information even if a device is dormant or infrequently connects to your network. That means you know when any change that happens, even those changes that occur directly on a device, so you can respond swiftly and effectively.
How are information technology (IT) and OT different?
There are differences between IT and OT. First, let’s look at information technology (IT) and what it is.
Information technology is used to process, manage, store and protect information in what is generally a stable environment. The focus in IT is on security. IT has a short lifecycle and standard operating systems that require frequent updates.
Now, let’s explore operational technology a little more in comparison. OT is used to monitor, manage and control physical devices and related processes. Unlike IT, OT devices can be in adverse situations where the core focus is on uptime. Also different from IT, OT generally has a long lifecycle. Updates, which can cause disruptions, are infrequent, and many OT devices have proprietary operating systems, not the standard, more common ones often seen in IT.
A simple way to consider some of the key differences between the two is: IT is about data and OT is about processes.
Historically, IT and OT devices have been separated from one another in most environments. However, today, IT and OT are converging faster than ever before. This interconnectivity creates new attack surfaces. Security measures traditionally used for each independently often don’t work well for this converged environment. Instead, you need new security measures and combinations to protect both as they exist together.
What is IT-OT convergence?
IT-OT convergence happens when IT and OT devices connect or interact with one another within the same environment. This can happen intentionally, for example, when your OT device is connected to an outside network, or accidentally when someone connects a laptop (that has been connected to an outside network) to your OT device for updates.
For decades, to protect OT devices, most organizations kept them physically separated from outside networks, which is known as an air-gap. But, the increasing number of benefits for connected OT devices is moving many organizations away from that practice. For example, a converged IT/OT environment can help you get the most out of your production processes and promote sustainability, but unfortunately those benefits also bring increased cyber risks.
This convergence also creates new challenges for security professionals. Threats to OT devices are different from those for IT, and finding and remediating them is harder. While threats that begin in your IT environment can move laterally over to your OT environment, security is further complicated because many traditional IT professionals are not familiar with the complexities of OT devices. Add to that expanding attack surfaces and more potential attack points for bad actors. ¿El resultado?Increasing opportunities for your OT environment to come under attack.
A converged IT-OT environment requires enhanced visibility for complete security including passive network detection and active device querying, detailed inventory of all of your assets and real-time data about all your assets and threats. Without this, you’ll have blind spots that continually put your organization at risk.