Industrial OT Cyber Security

An OT cyber security strategy is a high-level plan that describes how an organisation will manage and mitigate risks associated with cyber threats to the physical processes and industrial control systems. It provides a structured approach to understanding, managing and effectively reducing cyber risk associated with operational technology. The OT cyber security strategy should align with an organisation’s business goals, technology landscape, IT security strategy and overall risk management of an organisation.

OT strategies to mitigate or reduce impact of cyber security incidents require a robust understanding of physical processes and control system environment, functional safety, reliability and availability of systems, and a comprehensive and layered approach.

It should start with top few priorities to consider:

• Risk Assessment: As Industrial control systems become more connected, they also become more exposed to cyber threats. The consequence of cyberattack could negatively impact the safety, reliability and availability of systems, operations, and value chains leading to catastrophic consequences. Addressing these risks is essential for organisations looking to protect their industrial control systems (ICS). OT Risk assessment as the starting point can provide a high-level view of what needs to be addressed at technical and governance levels by obtaining the OT security baseline.
• Defensible Architecture: network segmentation, access control (RBAC), secure remote access and secure configuration are some of the steps required for hardening the environment which removes extraneous OT network access points. Alongside this, people and processes are very important to maintain the secure architecture.
• Visibility and Monitoring: Protecting an environment needs accurate visibility into assets and inventory along with continuous monitoring of traffic for potential threats using Security Information and Event Management (SIEM) solutions and other network monitoring tools to detect and identify unusual patterns.
• Incident Response Plan: Developing a comprehensive incident response plan and regularly reviewing and testing is extremely important. The OT incident response will be distinct to the IT incident response plan taking into consideration functional safety, alarm management and hazard management and ensuring that there are clear roles defined and communication channels established. Consider tabletop simulation exercises to test and improve incident response plans.
• Vulnerability Management and Patching: Risk based approach to vulnerability management should be considered within the OT environment. Ensuring systems, software and applications are updated with the latest security patches is important, but shutting down a plant and physical process has huge costs compared to the IT system, laptop and servers. Applying risk ratings and considering alternative mitigation strategies to minimise exposure while continuing the operations is extremely important.
• Secure Remote Access and Multi-factor Authentication (MFA): Extremely critical within the OT environment for engineers and vendors to access control systems remotely considering security, visibility and control.
• OT Security Awareness Training: Bridging the IT and OT language and knowledge gaps on every level including business, operational, functional safety and cyber security should be top priority. Training for different teams (OT engineers, IT cyber security team, executive and management) is extremely important to make sure each team has a clear understanding of how precisely OT differs in comparison to IT along with the implications. Knowing how to secure and protect physical processes is important for OT engineers. The IT cyber security team should have knowledge of industrial control systems, and understand the importance of reliability and safety in operations.
• Defence in Depth: Use multiple layers of security so that if one fails, another can stop the threat. This includes perimeter defence, internal network segmentation, endpoint security and application-level security.
• Backup and Recovery: Regularly backup critical data and ensure it can be restored quickly. Keep backups in multiple locations, including offline to protect against ransomware.
• Threat Intelligence: Stay informed about the latest threats and vulnerabilities. Join industry groups or subscribe to threat intelligence feeds.
• Physical Security: Ensure plants and remote sites have appropriate physical access controls.
  Implementing these strategies requires coordination between OT, cyber security and management. Always remember that security is a journey, not a destination. Peloton Cyber Security is uniquely placed to assist you on this journey.

The first step in developing an OT cyber security strategy is to understand the fundamental differences between the IT and OT risk profile. To help shape an OT cyber security roadmap start with conducting a comprehensive risk assessment, ensuring identification of assets, potential vulnerabilities, threats and consequences to operations and business.