HWG srl
  • Services
    • Cyber defense
      • Security Awareness
      • File Integrity Monitoring
      • Network Security
      • Browser Isolation
      • Email Security
      • Endpoint Security
    • Machine intelligence
      • SIEM
      • EDR
      • SOAR
      • Anomaly Behavior Analysis
      • Cyber Threat Intelligence
      • Deception
      • Threat Data Feeds
      • Vulnerability Management
      • ICS Security
    • Human expertise
      • Security Assessment
      • Incident Response
      • Security Monitoring
      • Threat Hunting
  • About us
  • Blog
  • Resource Center
  • Contacts
  • Careers
  • en
    • it
HWG Incident Response
HWG srl
  • Services
    • Cyber defense
      • Security Awareness
      • File Integrity Monitoring
      • Network Security
      • Browser Isolation
      • Email Security
      • Endpoint Security
    • Machine intelligence
      • SIEM
      • EDR
      • SOAR
      • Anomaly Behavior Analysis
      • Cyber Threat Intelligence
      • Deception
      • Threat Data Feeds
      • Vulnerability Management
      • ICS Security
    • Human expertise
      • Security Assessment
      • Incident Response
      • Security Monitoring
      • Threat Hunting
  • About us
  • Blog
  • Resource Center
  • Contacts
  • Careers
  • en
    • it
HWG srl
HWG Incident Response
  • Services
  • About us
  • Blog
  • Resource Center
  • Contacts
  • en
    • it

Operational Technology: How to Avoid Production Downtime

Published by HWG on 17 March 2022

In addition to the risk of information theft or intellectual property infringement, in the relationship between Operation Technology and cyber security, experts are focusing on the possible disruption of production. This is a far from remote possibility whose potential impact has grown exponentially due to the digitisation process in industry and production lines. But what are the most important aspects to consider and what strategies should be adopted to mitigate the risk?

A priority target of hackers

What makes the relationship between Operational Technology and cyber security particularly "fragile" is also the fact that control devices used in the industrial environment require the use of protection tools that act in an "alternative" way to what is done to protect a computer and, more generally, normal endpoints. Often OT control devices have, in fact, hardware characteristics (memory and computational capacity) and software (proprietary operating systems and extremely "light" firmware) that do not allow the use of classic antivirus. The strategy to guarantee the protection of these potential targets focuses, therefore, on the monitoring of network traffic. In other words, rather than analyzing the code installed on the devices, the control aimed at identifying the presence of risk factors (or real attacks) is carried out through an accurate analysis of the operations (through logs) and of the communications that transit in the network.

Operational Technology and cyber security: a necessary approach

What makes the relationship between Operational Technology and cyber security particularly "fragile" is also the fact that the control devices used in the industrial environment require the use of protection tools that act in an "alternative" manner to what is done to protect a computer and, more generally, normal endpoints. Often OT control devices have, in fact, hardware characteristics (memory and computational capacity) and software (proprietary operating systems and extremely "light" firmware) that do not allow the use of classic antivirus. The strategy to guarantee the protection of these potential targets focuses, therefore, on the monitoring of network traffic. In other words, rather than analyzing the code installed on the devices, the control aimed at identifying the presence of risk factors (or real attacks) is carried out through an accurate analysis of the operations (through logs) and of the communications that transit in the network.

The vulnerability of OT systems

Moreover, the technological approaches of Operation Technology and IT security have very different characteristics, particularly with regard to the obsolescence of systems. In the field of IT security, frequent updating of infrastructures is one of the keys to ensuring a better level of protection. New products are systematically more secure and suffer from fewer vulnerabilities than legacy products. But the times, between the digital and OT worlds, run in two very different dimensions. The machines (and their controls) on production lines are designed to last for decades, while the evolution of IT is much faster. From this point of view, the ability to constantly update systems at software level, applying timely patches that correct vulnerabilities that (inevitably) emerge in the IT/OT environment, has a decisive impact. Consequently, patch management is one of the priorities of IT security experts. The adoption of adequate patching tools and policies, in fact, makes it possible to reduce the attack surface and, consequently, the risk of a production stoppage resulting from the violation of OT systems.

Tags: Industry 4.0, operational technology
Back to Blog

Subscribe to our blog!

Popular post

  • 11 Apr 2022
    HWG appoints Cyber-Industry veterans to its board ...
  • 01 Mar 2022
    Investcorp acquires Italy’s leading cybersecurity ...
  • 16 Feb 2022
    OT Security: how to reconcile business continuity ...
  • 17 Mar 2022
    Security Operation Center (SOC), is it really esse...
  • 09 Feb 2022
    SOC as a service: how to choose the best one

Topics

  • CEO Fraud (1)
  • Compromise assessment (1)
  • cyber resilience (1)
  • cyber risk (1)
  • Dark Web (1)
  • Incident Response (3)
  • Industry 4.0 (3)
  • IoT (2)
  • operational technology (1)
  • security assessment (1)
  • security operation center (1)
  • SOC (3)
  • Spear Phishing (2)
  • Vulnerability Management (1)
  • Zero Trust (1)

Related Articles

Incident Response: more than just the technical aspect

"The truth is simple: when you've suffered an attack and you've been damaged, the sooner you accept...
Read More

Incident response: how to react and prepare for legal action

Incident response is the serie of procedures used to deal with a cyber attack. Indeed, responding...
Read More

CEO Fraud: what is it and how to defend yourself

In the last three years, according to the FBI, CEO Fraud attacks have caused companies $26 billion...
Read More
HWG
  • ISO certified company
  • ISO
  • clusit
  • Services
  • About us
  • Blog
  • Resource Center
  • Contacts
HWG Incident Response
2021 © HWG Srl

HWG Srl | Via Enrico Fermi, 15/E - 37135 Verona | P.IVA 03820790230

  • 231/2001 Model
  • Privacy Policy