OT Security is written, but IT security is read. This is not a stretch: in the current scenario, in fact, the distinction between Operational Technology and Information Technology has become increasingly blurred. The digitization process, which has acquired great intensity also in the industrial sector, has in fact resulted in a convergence between OT and IT that makes it impossible to distinguish clearly between the two areas. But how is this link articulated and what are the challenges that companies are facing?
From virtual to physical
The starting point in analyzing the relationship between the two sectors starts from the new relationship of interdependence that has been established between OT and IT. The introduction of digitized control systems, driven by the evolution towards the perspective of the so-called "Industry 4.0", has in fact created an overlap that operates in two senses. The first reading, perhaps the most immediate one, can be summarized in the fact that an IT attack, normally considered as a simple problem at IT level, is today able to have serious repercussions on production continuity. A block of digital services, in fact, is likely to affect also that part of the network and infrastructures dedicated to industrial controllers, logistics systems and all those components that now represent real enabling factors for the activity of production lines. From a strategic point of view, moreover, this new physiognomy linking OT and IT offers further opportunities to hackers specialized in cyber attacks against companies. For some time, in fact, the world of cybercrime has been oriented towards extortion techniques. In this dimension, in addition to the theft (and publication) of confidential data or the blocking of IT functions, pirates can also leverage on the threat of "physical" sabotage actions, which can lead to the blocking of production or even the damage of the production lines themselves.
All the risks of the IoT
The second perspective concerns the vulnerability of industrial control systems and, in particular, of those devices that fall into the Internet of Things (IoT) category and represent the node that allows the digitalization of production systems. These are extremely simple devices, which due to their characteristics (limited computing power and memory, proprietary operating systems, limited possibility of interaction at the interface level) cannot be protected from cyber attacks as happens with classic endpoints. Not only: even if a logic of "security by design" is increasingly adopted in the design of new devices, the first phase of IoT diffusion highlighted how the devices themselves had numerous cyber security flaws. A problem amplified by the fact that these are often machines that have a rather long "life expectancy", certainly longer than that of the software used to control them. The consequence of this "lag" is that the OT sector often finds itself using legacy systems, for which support and security updates are no longer available. In short: from an OT security perspective, the operations department is increasingly likely to represent the weakest link in the corporate network.
Can OT Security and production coexist?
From a technical point of view, the predisposition of an OT Security process in an industrial context can be guaranteed both through a careful planning of the network architectures (and their segmentation) and through the implementation of SIEM (Security Information and Event Management) systems for the monitoring of their functioning and of the network traffic. In the implementation of an effective cyber security plan, however, factors linked to policies and processes also come into play, especially as regards the management of updates. In this case there is a real conflict: if it is in the interest of the IT sector to proceed with the application of patches as soon as possible, in the OT the attention is more focused on the possible repercussions at the compatibility level and on the consequent necessity to carry out tests and verifications before implementing the updates themselves. A situation that risks creating a sort of "empasse" and that can only be overcome through the predisposition of rigorous policies and the adoption of countermeasures at cyber security level through the implementation of targeted tools (such as virtual patching) able to reduce the window of vulnerability of the systems.