Four steps to securing OT environments

Read time 3min 20sec
Doros Hadjizenonos, regional sales director at Fortinet
Doros Hadjizenonos, regional sales director at Fortinet

In the industrial sector, devices, endpoints and networks across both IT and OT (operational technology) environments are more connected than ever.

A recent Forrester Consulting research report commissioned by Fortinet found that 66% of factories now run through IP-connected networks.

On-demand webinar: COVID-19 and the threat landscape

Fortinet is hosting a series of free on-demand webinars, starting with ‘How the threat landscape has changed with COVID-19’.

Click here to register.

However, IT and OT security teams still operate in silos because, historically, IT and OT had very different security concerns.

But as OT operations become increasingly digitalised, bad actors have rapidly moved to target newly vulnerable OT systems with ransomware, for cyber espionage, or to engage in acts of cyber warfare.

So says Doros Hadjizenonos, regional sales director at Fortinet, adding that the incidence of these attacks is picking up.

The Forrester research revealed that 58% of OT owners and operators have had a breach in the previous year, and a whopping 80% over the last two years.

In addition, over 60% of respondents suffered compliance, financial, operational, and even physical safety impacts due to attacks on their Industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.

“This increased risk is threatening modernisation of everything from factories to refineries, utilities and telecoms infrastructure, with the number of operators with fully converged infrastructure actually dropping from 17% in 2018 to 15% today,” says Hadjizenonos.

This, he says, is seeing OT operators unable to harness the benefits of more effective and efficient monitoring of processes, the ability to leverage data from IOT devices to inform decision-making, and significant cost savings in power consumption, reduced raw materials waste, and employee efficiency.

One major challenge for industrial firms is that many of the traditional security tools that other sectors employ do not work in the OT environments.

“Securing ICS/SCADA systems is complex, and is often approached in a fragmented manner. In addition, OT security tends to be reactive rather than proactive. OT operators are realising that they need to take a more strategic approach to tying the security of ICS and SCADA systems to the needs of the business, and for cyber security risk to be integrated into a company’s overall risk portfolio.”

Four ways to secure OT environments

Hadjizenonos offers four strategies for securing OT environments.

1. Zero trust

Firstly, he advises industrial firms to implement zero-trust network access.

“All devices and all users must be scrutinised, logged, and monitored for vulnerabilities. NAC [network access control] solutions can investigate devices for context (who, what, where, when, how), tie them to policy, control access based on role, and limit privileges to just those resources needed to do the job. Ongoing monitoring ensures devices comply with policy once they have been granted access.”

2. Segmentation

“When practising a zero-trust network access strategy, the assumption is that users, devices, and apps may have already been compromised and countermeasures must already be in place.

“Dynamically segmenting these devices, apps, and workflows acts, either at the point of access or when workflows and transactions are initiated, serves to limit the impact of a breach,” Hadjizenonos advises.

3. ICS/SCADA security

IT security teams need to pinpoint and deploy tools that were designed to meet the unique needs and demands of ICS and SCADA environments.

“They should be able to function without disrupting delicate OT systems and sensors, support common protocols, and withstand the harsh physical conditions where they are often deployed,” he says.

4. Business analytics

Finally, says Hadjizenonos, comes business analytics.

“Visibility is critical, as is a proactive security posture that can handle threats at speed. IT must be able to use advanced behavioural analytics to identify anomalous behaviours, quarantine offending devices, and safely detonate threats so attacks don’t affect live operations.”

Login with