Recent trends in the adoption of automation technologies in the business landscape are witnessing significant changes, particularly in the realm of cybersecurity. As organisations strive for enhanced operational efficiency, the intersection of operational technology (OT) and information technology (IT) security has become increasingly important. Matt Smith, a network architect at E Tech Group, which is a system integrator based in West Chester Township, Ohio, highlights these developments in an article for Control Global.
Smith observes that there is a notable rise in the integration of OT security logs and tools into extended detection and response (XDR) frameworks. This integration is aimed at providing third parties or IT teams with greater risk visibility within OT environments in a consistent and adaptable manner. "This change introduces greater visibility into the OT network, and while it might feel intrusive initially, it quickly becomes a welcome development," Smith stated. He noted that the enhanced monitoring capabilities can significantly aid OT teams, who typically operate with limited resources while focusing predominantly on non-IT tasks. By merging OT security tools with broader organisational systems such as XDR, OT teams can leverage IT counterparts' expertise to manage risks effectively and secure their environments.
An important consideration in this integration process is maintaining a clear boundary between IT and OT networks. Smith reports the necessity of establishing a demilitarized zone (DMZ) that ensures uninterrupted operational access for end users while allowing IT to implement necessary changes without adversely affecting OT operations. This DMZ enables the OT team to retain control over their environment, thus ensuring both teams can collaboratively enhance security and maintain operational stability.
Smith elaborates on some challenges faced, particularly within smaller OT environments. These teams often struggle to identify the appropriate resources and methodologies required for effective risk assessment and remediation. Even larger organisations can fall prey to the same disconnect, where cybersecurity becomes a focal point yet ongoing infrastructure support lags behind. "Overcoming these challenges requires designating specific resources, such as key support engineers, who can consistently focus on maintaining both security and operational needs," explains Smith. He underscores the importance of regular communication between OT teams and internal management, noting that this ensures timely and constructive responses to risks and operational concerns.
To strategically navigate the challenges of OT cybersecurity, Smith recommends conducting comprehensive risk assessments. This process aids in identifying all assets within a network and documenting associated risks, culminating in a risk register. He provides hypothetical examples such as noting that "this asset is end of life and no longer receiving security updates" or that "this device has 10 critical vulnerabilities." These findings furnish teams with crucial insights for crafting a security improvement roadmap that prioritises actions to mitigate risks.
Smith advises against the positioning of security sensors below programmable logic controllers (PLCs) at Level 0 of the Purdue Model due to the difficulties associated with the isolated nature of downlink PLC networks. Instead, he suggests placing sensors at Level 1, just above the PLCs and below HMI/SCADA devices. This allows for valuable security insights to be gathered without interfering with critical operational processes.
Looking ahead, Smith anticipates a growing trend towards the adoption of OT security tools and sensors in the near term. He notes that IT's security information and event management (SIEM) software, security operations centres (SOCs), and XDR tools are becoming more adept at extracting logs from OT networks and accurately interpreting the data. "As these tools improve, we expect a growing trend of organisations adopting them, leading to enhanced visibility and protection across both IT and OT environments," concluded Smith.
This comprehensive perspective encapsulates the evolving dynamics between IT and OT over cybersecurity challenges while setting the stage for a future where integrated solutions may become the norm for business operations.
Source: Noah Wire Services