In addition to the risk of information theft or intellectual property infringement, in the relationship between Operation Technology and cyber security, experts are focusing on the possible disruption of production. This is a far from remote possibility whose potential impact has grown exponentially due to the digitisation process in industry and production lines. But what are the most important aspects to consider and what strategies should be adopted to mitigate the risk?
A priority target of hackers
What makes the relationship between Operational Technology and cyber security particularly "fragile" is also the fact that control devices used in the industrial environment require the use of protection tools that act in an "alternative" way to what is done to protect a computer and, more generally, normal endpoints. Often OT control devices have, in fact, hardware characteristics (memory and computational capacity) and software (proprietary operating systems and extremely "light" firmware) that do not allow the use of classic antivirus. The strategy to guarantee the protection of these potential targets focuses, therefore, on the monitoring of network traffic. In other words, rather than analyzing the code installed on the devices, the control aimed at identifying the presence of risk factors (or real attacks) is carried out through an accurate analysis of the operations (through logs) and of the communications that transit in the network.
Operational Technology and cyber security: a necessary approach
What makes the relationship between Operational Technology and cyber security particularly "fragile" is also the fact that the control devices used in the industrial environment require the use of protection tools that act in an "alternative" manner to what is done to protect a computer and, more generally, normal endpoints. Often OT control devices have, in fact, hardware characteristics (memory and computational capacity) and software (proprietary operating systems and extremely "light" firmware) that do not allow the use of classic antivirus. The strategy to guarantee the protection of these potential targets focuses, therefore, on the monitoring of network traffic. In other words, rather than analyzing the code installed on the devices, the control aimed at identifying the presence of risk factors (or real attacks) is carried out through an accurate analysis of the operations (through logs) and of the communications that transit in the network.
The vulnerability of OT systems
Moreover, the technological approaches of Operation Technology and IT security have very different characteristics, particularly with regard to the obsolescence of systems. In the field of IT security, frequent updating of infrastructures is one of the keys to ensuring a better level of protection. New products are systematically more secure and suffer from fewer vulnerabilities than legacy products. But the times, between the digital and OT worlds, run in two very different dimensions. The machines (and their controls) on production lines are designed to last for decades, while the evolution of IT is much faster. From this point of view, the ability to constantly update systems at software level, applying timely patches that correct vulnerabilities that (inevitably) emerge in the IT/OT environment, has a decisive impact. Consequently, patch management is one of the priorities of IT security experts. The adoption of adequate patching tools and policies, in fact, makes it possible to reduce the attack surface and, consequently, the risk of a production stoppage resulting from the violation of OT systems.