Industrial OT Cyber Security
Beyond financial damage is a human cost. Take a people first approach.
Take the critical steps to protect your people, operation and reputation
As threat actors become more sophisticated, and motivated by factors beyond money, attacks are shifting from disrupting plants and stealing information, to causing physical harm.
Gartner forecasts that cyber attacks will have weaponised OT environments to harm or kill by 2025 and that before then 75% of CEOs will be held personally liable for incidents.
While there is no silver bullet, the good news is that developing an effective and sustainable industrial cyber security defence capability is simpler and less disruptive to deploy than you might expect.
Bridge the IT and OT divide
On top of our deep understanding across corporate IT and OT/ICS technologies, the team at Peloton knows the nuances in frameworks, industrial processes and compliance as well as the different mandates, language, and functional and business outcomes required.
With our range of flexible strategic services, we bridge the IT and OT language and knowledge gaps on every level including business, operational, functional safety, cyber security and outcomes.
Securing Operational Technology (OT) & Industrial Control Systems (ICS)
Put your infrastructure to the test before hackers do. We test, analyse and evolve your network to keep ahead of emerging threats.
“If you’re not secure, then you’re not safe. Cyber security requires a lifecycle approach, with a mixture of monitoring at all levels of the architecture. A traditional enterprise security model should have reactive and proactive measures in place on the endpoint, in the network, and up at the application or cloud.”1
Find out how Peloton can help you to embed security across your industrial operations technology.
Frequently Asked Questions
An OT cyber security strategy is a high-level plan that describes how an organisation will manage and mitigate risks associated with cyber threats to the physical processes and industrial control systems. It provides a structured approach to understanding, managing and effectively reducing cyber risk associated with operational technology. The OT cyber security strategy should align with an organisation’s business goals, technology landscape, IT security strategy and overall risk management of an organisation.
OT strategies to mitigate or reduce impact of cyber security incidents require a robust understanding of physical processes and control system environment, functional safety, reliability and availability of systems, and a comprehensive and layered approach.
It should start with top few priorities to consider:
- Risk Assessment: As Industrial control systems become more connected, they also become more exposed to cyber threats. The consequence of cyberattack could negatively impact the safety, reliability and availability of systems, operations, and value chains leading to catastrophic consequences. Addressing these risks is essential for organisations looking to protect their industrial control systems (ICS). OT Risk assessment as the starting point can provide a high-level view of what needs to be addressed at technical and governance levels by obtaining the OT security baseline.
- Defensible Architecture: network segmentation, access control (RBAC), secure remote access and secure configuration are some of the steps required for hardening the environment which removes extraneous OT network access points. Alongside this, people and processes are very important to maintain the secure architecture.
- Visibility and Monitoring: Protecting an environment needs accurate visibility into assets and inventory along with continuous monitoring of traffic for potential threats using Security Information and Event Management (SIEM) solutions and other network monitoring tools to detect and identify unusual patterns.
- Incident Response Plan: Developing a comprehensive incident response plan and regularly reviewing and testing is extremely important. The OT incident response will be distinct to the IT incident response plan taking into consideration functional safety, alarm management and hazard management and ensuring that there are clear roles defined and communication channels established. Consider tabletop simulation exercises to test and improve incident response plans.
- Vulnerability Management and Patching: Risk based approach to vulnerability management should be considered within the OT environment. Ensuring systems, software and applications are updated with the latest security patches is important, but shutting down a plant and physical process has huge costs compared to the IT system, laptop and servers. Applying risk ratings and considering alternative mitigation strategies to minimise exposure while continuing the operations is extremely important.
- Secure Remote Access and Multi-factor Authentication (MFA): Extremely critical within the OT environment for engineers and vendors to access control systems remotely considering security, visibility and control.
- OT Security Awareness Training: Bridging the IT and OT language and knowledge gaps on every level including business, operational, functional safety and cyber security should be top priority. Training for different teams (OT engineers, IT cyber security team, executive and management) is extremely important to make sure each team has a clear understanding of how precisely OT differs in comparison to IT along with the implications. Knowing how to secure and protect physical processes is important for OT engineers. The IT cyber security team should have knowledge of industrial control systems, and understand the importance of reliability and safety in operations.
- Defence in Depth: Use multiple layers of security so that if one fails, another can stop the threat. This includes perimeter defence, internal network segmentation, endpoint security and application-level security.
- Backup and Recovery: Regularly backup critical data and ensure it can be restored quickly. Keep backups in multiple locations, including offline to protect against ransomware.
- Threat Intelligence: Stay informed about the latest threats and vulnerabilities. Join industry groups or subscribe to threat intelligence feeds.
- Physical Security: Ensure plants and remote sites have appropriate physical access controls.
Implementing these strategies requires coordination between OT, cyber security and management. Always remember that security is a journey, not a destination. Peloton Cyber Security is uniquely placed to assist you on this journey.
The first step in developing an OT cyber security strategy is to understand the fundamental differences between the IT and OT risk profile. To help shape an OT cyber security roadmap start with conducting a comprehensive risk assessment, ensuring identification of assets, potential vulnerabilities, threats and consequences to operations and business.