Operational Technology (OT) Security: How to Reduce Cyber Risk When IT and OT Converge
Eliminate IT and OT Cybersecurity Silos to Find Threats and Stop Potential Attacks
Operational technology (OT) has been a part of manufacturing, utilities and other industries since the late 1960s. For much of that time, users considered the technology "safe" from attacks because most OT devices weren’t connected to outside networks.
However, in today’s modern facilities, these devices are no longer air-gapped, increasing the likelihood of an attack.
There have been documented attack cases that impact nearly every manufacturing vertical and critical infrastructure environment imaginable.- "White Paper: Prediction of an OT Attack"
In manufacturing, for example, OT devices can be used in both discrete manufacturing such as automobile production or the pharmaceutical industry, and continuous manufacturing such as water purification and oil production. In these settings, OT devices are often controlled by programmable logic controllers (PLCs) or distributed control systems (DCSs).
Historically, these devices were physically separated from networks through a process called “air-gapping.” These “gaps” were implemented as security measures to prevent OT devices from connecting to anything else or being exposed to the outside world.
But today, a convergence of OT and IT devices, along with an increasing dependency on the internet of things (IIoT), means air-gaps are no longer sufficient to keep OT environments safe.
Now, cyberattacks that begin in an IT network can easily traverse into an unsecured OT environment, pushing cybersecurity teams to give OT environments increased attention.
This knowledge base, which outlines challenges and solutions for OT cybersecurity, will help you better understand OT-related cyber risks and provide recommendations about what you can do to keep your organization safe in this ever-changing and rapidly evolving converged world of IT and OT.
Here are highlights of what you’ll discover:
Industrial Cybersecurity for Modern OT Environments
An increasing convergence between IT and OT creates new challenges and risks for industrial cybersecurity. Do you know what these challenges are and how to mitigate threats?
Más informaciónTenable Community for Operational Technology
Maintaining cybersecurity for operational technology isn't the same as traditional IT security. Need help? Tenable Community is the #1 place to talk about OT, ask questions, and share tips.
Más informaciónFrequently Asked Questions about OT
Do you have questions about industrial cybersecurity, operational technology, and how to keep your OT environment secure? Check out our frequently asked questions section to learn more.
Más informaciónTips to Choose the Right OT Security Solution
Are you considering purchasing an OT security solution? Not sure where to start or which is best for your organization? Check out these 6 core questions to consider.
Más informaciónInsider Threats for OT and Other OT Blogs
External cyberattacks are not the only risks for your OT environment. Malicious insiders and human errors create additional risks. Check out the OT security blogs to learn more about the latest industry issues.
Más informaciónOT 2-Minute Quick Tips
Got two minutes? In this video tutorial section, you can learn more about automated asset discovery for OT, industrial control planes, industrial controllers, and more, all in just two minutes!
Más informaciónTenable OT Security: Unified IT/OT Security
Protect Your Industrial Network From Cyber Threats, Malicious Insiders and Human Error
Tenable OT Security can help you identify threats and predictively prioritize threats and vulnerabilities to maximize the safety and reliability of your modern OT environment.
Tenable OT Security delivers:
- Complete visibility into your converged attack surface
- A multi-detection engine that discovers high-risk events and activities that may impact your OT environment
- Visibility into your infrastructure from network down to individual device level
- Uses Predictive Prioritization for every asset in your ICS network so you can find vulnerabilities and understand risk level
- Tracking for user-based changes or malware across your network or on a device
Ciberseguridad industrial para entornos de OT
El mundo convergente de TI/OT actual presenta más desafíos y nuevos riesgos para la ciberseguridad industrial. Atrás quedaron los días en los que solamente el aislamiento podía mantener la seguridad de su entorno. Today’s sophisticated OT environment is a target for new attacks.
The convergence of IT and OT, and rapid adoption of IoT across both, increases your overall attack surface, as well as attack vectors. Without complete coverage, the likelihood of an attack is not a matter of "if," but "when."
Los controladores industriales son un foco de atención de los ataques contra las operaciones industriales y la infraestructura crítica.Entonces, ¿cómo puede mantener segura su superficie de ataque en constante expansión?
Tenable OT Security offers a comprehensive security solution for IT and OT security personnel. It can help protect your industrial networks from threats, malicious insiders and other risks by providing capabilities such as:
- 360-degree visibility into converged IT/OT environments and industrial control systems (ICS) activity
- A multi-detection engine that discovers high-risk events and behaviors that threaten your organization
- Automated alerts for policy violations and detection of deviations from your network traffic baseline
- Signature updates that use crowd-sourced data to discover new attacks
- Passive detection and patented active querying to find threats to your network and OT devices
- Up-to-date and detailed inventory list with risk data to help you prioritize vulnerabilities and plan maintenance
- Configuration control with reports about changes to OT assets including programmable logic controllers (PLCs), distributed control systems (DCSs) and human-machine interfaces (HMIs).
Cuidado con la brecha:A Roadmap for IT/OT Alignment
In your OT environment, your OT devices are increasingly connected, thereby creating new challenges in securing your industrial network. Air-gaps alone are no longer effective. That's because today's industrial attack surface now encompasses both IT and OT, making lateral attacks a growing threat. If an attacker finds a weak link on either side, they can use it as a gateway into your entire organization, quickly gaining access to both information and operations.
Historically, IT staff and systems were independent and isolated from OT staff and systems and vice versa. However, an increasing IT/OT convergence now creates a new source of unacceptable risk for your organization. So what can you do?
An integrated IT/OT security strategy may detect an attack earlier and help your team more effectively identify, investigate and address vulnerabilities and threats across your attack surface.
In this white paper, you’ll:- Learn about how OT and IT are increasingly converging
- Get insight into your expanding attack surface and attack vectors
- Explore issues contributing to a disconnect between IT and OT security practices
- Learn about security and compliance best practices for industrial networks
- See the benefits of a converged IT/OT security strategy
Accidental Convergence: Una guía para operaciones de TI/OT seguras
Operational technology plays an important role in critical infrastructure and industrial environments. In addition to routers, servers, computers and switches used in traditional IT environments, to operate their plants and factories these industries also use OT devices such as distributed control systems (DCSs), programmable logic controllers (PLCs), and human-machine interfaces (HMIs).
For more than half a century, OT security professionals relied on physically separating these critical OT systems from outside networks to keep them safe. But today, IT and OT environments are increasingly connected. While this brings about a number of benefits for operational efficiencies, this convergence also creates new risks.
While threats that begin in IT can laterally move into your OT environment, OT threats aren’t necessarily the same as those that IT professionals are familiar with addressing. Because of this, you need different security tools and operating policies to secure your OT environment.
In this white paper, you’ll learn more about:
- What’s fueling IT/OT convergence
- Why air-gapping your OT systems is no longer effective
- What accidental convergence is and what can happen
- Threat actors looking to infiltrate your systems
- How you can plan ahead for your security including more visibility, better situational analysis, reduction of cyber risk and more.
Los tres casos de uso principales para la detección y la gestión automatizadas de activos de OT
When most industrial control systems (ICS) networks were designed and implemented decades ago, cybersecurity was not at the forefront for most organizations. As a result, most ICS networks lack basic security controls and the ability to automatically manage assets like you’d find in more traditional IT environments.
Unfortunately, attackers know this and that’s why ICS networks are increasingly under attack.
As your organization looks for ways to defend your ICS systems, automated asset discovery and automated asset management becomes critical. ¿Por qué? Because if you don’t have an up-to-date and accurate ICS asset inventory, you can’t effectively manage your risks. If you don’t know your risks, how do you secure your environment?
As your ICS network grows and your IT and OT networks continue to evolve, effective asset management will become an increasingly important component of your overall cybersecurity strategy.
Download this white paper to learn how to:
- Improve your incident response strategies
- Decrease resolution time
- Ensure operational continuity
- Efficiently comply with key industry regulations
Lista de control de consideraciones de ciberseguridad para ICS
A cybersecurity solution can help you better protect your critical infrastructure from threats by more effectively and automatically identifying all of your ICS assets and managing them, while adopting effective defense strategies.
But how do you know which OT solution is best for your organization’s unique needs? Will the solutions you’re evaluating support both your OT engineers and your IT security teams as you work to secure and control your critical infrastructure?
This ICS cybersecurity checklist was created to help you evaluate six key areas to help ensure that you’re selecting the best solution for your organization.
Download this guide to assess your status when it comes to:
- Detección y gestión de activos automatizadas.
- Detección de incidentes y respuesta.
- Monitoreo continuo de la actividad de la red.
- Validación de la integridad de los controladores.
- Evaluación de vulnerabilidades y gestión de riesgo.
- Disponibilidad de la arquitectura y preparación para uso empresarial.
Critical Infrastructure Cybersecurity: Actively Secure Your Industrial Environment in the New Era of Distrust
The operational technology environments within industrial and critical infrastructure industries today are larger than ever before. These environments have an increasing number of attack vectors meaning, in many cases, your organization should no longer ask “if” you’ll be subject to attack, but "when".
Within your industrial control system environment, if you’re using network monitoring only, you may miss an attack on a device. That's because network monitoring only gives you about 50% visibility into your converged IT/OT environment. Those blind spots could put you at risk for being infected for days—or even months—without you knowing.
Effective OT cybersecurity needs more than network monitoring. By adding device-based security measures to your program, you’ll have better situational awareness about your actual cyber risks so you can plan remediation and defense strategies accordingly.
Download this white paper to learn more about how you can:
- Improve your controller integrity by quickly discovering device changes made through physical connections
- Discover assets, even those that don’t communicate over your network
- Maintain “last known good state” data so you can enable holistic back-up and recovery strategies
- Monitor all routable components of your network
Tenable Community: Your Go-To Resource for OT
Tenable Community is a place where people with common interests in Tenable and OT security can get together and exchange ideas. Community members can share feedback, ask questions, and exchange knowledge. Tenable Community is a great resource to help you make the most of your Tenable products and access fresh ideas about how to keep your OT environment secure.
Estos son algunos ejemplos de las conversaciones que se producen ahora:
What Are Some Recommendations to Create the Best Operational Technology Rule Set?
ICS networks often lack the kinds of security protocols used in IT networks for more than two decades. Moreover, the mantra of “set it and forget it” in OT networks results in obsolete and unsupported Windows versions and more, making it infinitely easier for attackers to exploit them.
Leer másWhat are the Advantages of Integrating Your OT Security With NGFWs?
Integrating NGFWs with dedicated industrial cybersecurity solutions can provide organizations with comprehensive and effective protection across both their IT and OT networks. Let's explore some of these advantages and see how such an integrated solution works.
Leer másHow to Discover and Protect Your OT Assets?
For years now, CISOs have tried to come to grips with the convergence of two equal but distinct parts of the business — IT and Operational Technology (OT) — and what it means for the overall cybersecurity posture of industrial enterprises. The first question is: ¿Dónde empezar?
Leer más6 Questions to Ask When Choosing an OT Security Solution
When it’s time to choose an OT cybersecurity solution, you want to know if you’re choosing one that meets all of your organization’s unique and specific requirements and are also forward compatible for future requirements you may have.
To reduce cyber exposure in your OT environment, you should understand if the solution you’re considering will support your specific OT devices, if it can provide non-disruptive asset discovery (even in older network assets), if it will alert on critical vulnerabilities and if it supports secure OT/IT alignment.
Knowing the right questions to ask upfront can prevent future headaches and increase security of your OT and IT environments. Here are seven important questions to consider when evaluating OT cybersecurity solutions:
-
Is it vendor-agnostic?
The solution should support all of your protocols and specific devices.
-
Does it provide multi-detection methods?
The solution should provide coverage both to the network as well as to devices on the network.
-
Does it detect and alert on known common vulnerabilities and exposures?
A platform that incorporates known CVE discovery into your security policy will provide faster detection.
-
Does it provide IT support in addition to OT?
The solution should work in conjunction with your already deployed IT security products such as your security information event management (SIEM) tool, next-generation firewalls (NGFWs) and diode-based firewalls.
-
Does it support secure IT/OT alignment?
Each environment needs purpose-made solutions.
-
Is it designed to live in an OT environment from a hardware or operating environment perspective?
Your solution should be configurable to meet your network and physical architecture requirements.
To take a deeper dive into these questions and how they can impact your buying decisions, read more here
Las tendencias que afectan la seguridad de los activos de OT
Whether intentional or accidental, there are several trends increasing attack surfaces and vectors across OT environments. Let’s take a look at a few and how they can impact your organization:
-
Purposeful convergence of IT/OT
By uniting IT and OT, your organization may find that eliminating siloed infrastructures can reduce costs and improve operational efficiencies.
-
Accidental convergence of IT/OT
If your organization doesn’t have a convergence strategy, but your IT assets (such as laptops, thumb drives etc.) are used in OT environments, you can inadvertently create an accidental IT/OT convergence that increases organizational risks.
-
Industria 4.0
Industry 4.0 is the newest (and fourth) evolution within manufacturing. It includes the introduction of IoT tech used to monitor and/or control OT environments and/or assets.
-
Increased collaboration
With these trends, IT and OT teams are collaborating with each other more than they ever have before. Information and expertise silos are beginning to come down and in some cases IT and OT can function on the same team.
Because today's cybercriminals can attack from all sides—and attacks laterally creep across IT to OT and vice versa—these trends are important to keep an eye on for comprehensive OT security.
Unprecedented Situational Awareness for Your Entire OT Environment
With Tenable OT Security you can protect your industrial network from malicious insiders, cyber threats, and human error. Tenable OT Security gives you deep situational awareness about all the threats that put your OT network at risk so you can maximize the visibility, security and control of your operational technology environment.
Tenable OT Security Blog Bytes
3 Ways to Handle Insider Threats in Operational Technology (OT) Infrastructure
While cyberattacks dominate news and industry headlines, not all threats to your operational technology infrastructure comes from external sources. Insider threats can also put your organization at risk. While insider threats can be created from a variety of circumstances, generally they can be classified as malicious intent, human error, or account compromise. So how can you keep your OT environment safe? From risk assessments to monitoring attack vectors and unified IT/OT security, there are some best practice tips you can adopt to keep your attack surface safe.
3 Operational Technology Threats in Automotive: lo que debe saber
Cyberattacks in operational technology environments are increasing across many industries, including automotive manufacturing. In the past four years, attacks have increased more than 600%. ¿Por qué? Because changes in OT environments, including increasing convergence with IT, creates new attack vectors and new attack surfaces. For the automotive industry, most OT networks weren’t designed with cybersecurity in mind and attackers are finding ways to infiltrate devices and networks. While the industry faces a number of cybersecurity challenges, you can mitigate your core risks with full OT visibility, security and control.
Escaneo Inteligente ICS/SCADA: Descubra y evalúe sistemas basados en TI en entornos convergentes de TI/OT
Today, OT systems are exposed to IT threats, a relatively new risk vector for the industry. That’s because many industrial and critical infrastructure organizations now reap the benefits of having converged IT/OT environments, but doing so creates risks not previously understood and tackled by OT professionals. The solution is not as simple as deploying IT cybersecurity practices into your OT environment. That’s because traditional IT active scanning techniques can easily disrupt your OT environments. Using ICS/SCADA Smart Scanning and passive network monitoring, however, you can discover and assess your IT-based systems in your converged IT/OT environment while reducing the risk that active scanning may disrupt your OT devices.
The Challenges of Securing Industrial Control Systems from Cyberattacks
Industrial control networks create unique challenges for cybersecurity. Traditional IT security strategies don’t often work well in OT environments and OT’s traditional method of air-gapping is no longer an effective defense strategy. These challenges mean an increasing number and wide range of vulnerabilities now create new risks for OT networks. Lack of visibility and control for ICS networks compound the problem and a generalized fear of patching that may cause downtime or disruptions prevails throughout the industry. To overcome the challenges of unsecured OT networks, you should choose a cybersecurity solution that can help you better secure and control your ICS technology.
Cómo llevar adelante una prueba de concepto (PoC) de ciberseguridad industrial
A Proof of Concept (PoC) is an important resource that can help you determine if an operational technology solution you’re considering is the best option for your organization. In general, there are four phases for a proof of concept, beginning with preparation, then deployment, then execution, then a summary. These stages can help you do a more efficient job in evaluating a cybersecurity solution. At the end of the process you should have a better understanding of a product’s capabilities and limitations, as well as how it should function in your operating environment, and how well your vendor is prepared to work with you now and as future needs arise.
Seminarios web
The Shifting Sands Of OT Threats: lo que debe saber
The operational technology landscape for critical infrastructure and industrial operations is evolving and that creates challenges for your security teams. Today, these teams need to be flexible and adapt new ways to improve security for your converged IT and OT environments. This webinar is great for both IT and OT security professionals. In it you'll learn more about:
- The biggest threats facing critical infrastructure now
- OT trends that need your attention
- Recommendations about practices and technologies to help you mitigate OT threats
- An end-user perspective with best practices
La expansión de la superficie de ataque de los activos de OT:cinco estrategias para mantenerse seguro
Traditionally, organizations relied on air-gaps as a way to protect OT devices from potential attacks. But today, with more OT devices connected to networks, air-gapping is no longer a viable or efficient way to protect your OT environment. So what's the most effective way to achieve unified cybersecurity for your converged IT/OT environment? In this webinar, you'll learn:
- Key strategies that can help you identify, prioritize, and manage new threats and vulnerabilities
- Learn more about the Singapore Operational Technology Cybersecurity Masterplan
- See how Tenable OT Security can help you protect your network
The 5 Things You Need to Know about IT/OT Convergence
Because IT and OT environments are now converging for many enterprises, organizations are seeking a holistic approach for cybersecurity. It's driven by an increasing number of attacks that target OT networks. Not only are there more attacks today, but the attacks are also increasing in severity. In this webinar, cybersecurity professionals share best practices about some of the most effective ways you can keep your IT/OT environment safe. You'll learn more about:
- How to overcome blind spots in your attack surface
- How to uncover coverage gaps and improve visibility into your network
- How deep situational awareness helps you understand what's happening in and on your network
- Recommendations on how to identify, prioritize, and mitigate threats and vulnerabilities
- See how Tenable OT Security can protect your industrial network from threats
2-Minute Quick Tips for Operational Technology Security
The Need for Automated Asset Discovery
If you don’t know which assets you have within your OT environment, how can you protect it? This video explores how you can overcome challenges created by using a mix of manual processes and notes for asset discovery and management with Tenable OT Security's automated asset discovery tools. In just two minutes for this tutorial, you’ll learn more about how Tenable OT Security can:
- Reduces manual labor—time and expense
- Improve your incident response and recovery processes
- Increase program accuracy and efficiencies
- Address compliance requirements
- Help you implement a reliable and effective vulnerability management process
Importancia del plano de control industrial
ICS networks employ two different types of protocols: data plane protocols to manage physical parameters for ongoing processes and control plane protocols to manage engineering activities. In just two minutes for this tutorial, you’ll learn more about:
- Why your industrial control plane (ICP) is difficult to monitor
- How the lack of security controls impacts your industrial control plane
- What potential problems can arise when your ICP is not monitored
- How Tenable OT Security can help
Why Industrial Controllers are the Most Important Assets to Protect in ICS Networks
Controllers are the brains of your industrial network, but they are often surprisingly vulnerable. That’s because they were designed decades ago with either few protections or none at all, creating risks for your organization and leaving you vulnerable for attacks. In just two minutes for this tutorial, you’ll learn more about:
- Why these networks are often under-protected
- Who can make changes to their logic
- Potentially catastrophic results of continuing operations and safety of malicious or erroneous changes
- How Tenable OT Security can protect against unauthorized changes
Seguridad proactiva en ambos frentes para entornos de control industrial
¿Su solución de seguridad de los activos de OT hace una detección pasiva o realiza consultas activas?Unless you’re listening to both your network and actively querying devices, you don’t have full protection. Detailed asset inventory and real-time information are critical components of protecting your converged IT/OT environment. In just two minutes for this tutorial, you’ll learn more about:
- Why being passive and waiting for threats to appear on your network may be too late
- Where your blind spots may be
- How to safely and effectively gain a comprehensive view across your industrial environment
Amenazas principales a los sistemas de control industrial
Attacks on industrial control systems and critical infrastructure environments continue to increase. If your ICS or infrastructure is compromised, it can cause widespread damage and put lives at risk. Do you know the top threats you need to guard against? In just two minutes for this tutorial, you’ll learn:
- Why ICS systems are more vulnerable to attacks today than ever before
- How you can become collateral damage even if your company is not the target
- What kind of threats may exist inside your network
- The top obstacles for securing your controllers
Tenable OT Security: Industrial Grade Security for Your Industrial Systems
In modern industrial and critical infrastructure environments, an increasing number of devices are now connected to your networks, many of which are accessible through IIoT. This changing OT environment means traditional ways of protecting your OT devices, like air-gapping or air walls, are no longer effective.
From cyberattacks to malicious insiders and human errors, it’s getting increasingly challenging to effectively discover, investigate, and remediate all the threats lurking against industrial and critical infrastructure environments. And because of that, OT attacks are on the rise.
Effective OT security requires complete visibility, security and control over all of the threats that put you at risk. Tenable OT Security is the industry’s first unified, risk-based solution for converged IT/OT environments.
Detección y mitigación de amenazas
Tenable OT Security uses a multi-detection engine to find potential high-risk events on your network and alert your team so they can respond quickly.
Evaluación adaptativa
Discover more information than just passive monitoring and get unparalleled visibility into your infrastructure without impacting operations.
Gestión de vulnerabilidades basada en el riesgo
With Predictive Prioritization, Tenable OT Security helps you prioritize risks within your ICS network, so you can mitigate them before attackers exploit vulnerabilities.
Control de la configuración
Get a full history of device configuration changes over time, complete with a back-up snapshot of your “last known good state" for faster recovery.
Visibilidad completa
Measure and manage all your IT and OT risks in a single platform for complete visibility into your converged attack surface, supported by native integration with leading IT security tools.
Gestión empresarial
Get clear situational awareness across your distributed environment, complete with reporting, vulnerability management, and centralized security.