What is OT security and how does it differ from IT security?
Article by Gigamon country manager for A/NZ George Tsoukas.
Everyone has heard of IT, but what is OT? It stands for operational technology and plays an important role in a wide range of companies and industries worldwide.
Let’s consider what OT is, its relationship with IT, and the common problems people experience in working with it.
OT is any hardware or software used to detect or cause a change in a system via direct monitoring. This may be sensors that keep a server room at a specific temperature or some sort of filtration system that purifies water. It may even encompass the automatic regulation of electricity in a power plant or the starting and stopping sequence of traffic lights.
Essentially, operational technology is a physical device that runs on a specific kind of software handling the specific processes and events in a specific location or system.
SCADA (supervisory control and data acquisition) systems are common forms of OT used for industrial control systems. These help to manage every aspect of human life, from power usage to natural disaster monitoring and beyond.
Because operational technology systems help to control and manage many different and important elements of our personal and professional lives, it’s important to protect them from damage and tampering.
Even small alterations to the work of OT systems can create massive problems for large numbers of people. Operational tech security has evolved out of a response to past tampering and a need to stop future problems before they begin.
IT and OT often work hand-in-hand to accomplish specific tasks, but there are still differences between the two fields. Here are some of the primary distinctions between IT and OT that help demonstrate that relationship.
Enterprise vs. industry
A key difference between IT and OT is the way in which the technologies are used.
IT technologies are fairly universal from industry to industry. There are computers, printers, protocols (like HTTP, SSH, and RDP) and other elements of the network. Someone working in IT for one industry can move to another fairly easily, as the technologies they use are largely the same.
In other words, IT deals with universal enterprise software that can be used in a variety of situations, while that is not the case with OT.
In operational technology that’s not the case. OT uses processes that are very specific to an industry. For example, a lot of OT operates in specific environments under specific situations. It may not have a screen to interact with. It’s not nearly as easy to jump from one industry to another, as the technology is unique. While IT is enterprise-focused, OT is industry-specific.
IT prioritises confidentiality, OT focuses on safety. Often information technology is focused on either storing, retrieving, manipulating, or transmitting information and data in one way or another. So IT focuses on keeping that information secure enabling only the right people to access, analyse and manipulate data.
Conversely, operational technology focuses more on safety. One OT device may be tasked with maintaining an exact temperature in a server room so the servers and other tech equipment don’t overheat and break down. Because of this, people who work with OT are more concerned about whether their technology is doing its job keeping environments safe, rather than keeping data secure.
IT incidents are more frequent, while OT incidents are more destructive. Lots can go wrong when technology is involved and it is possible to break a system simply by using it incorrectly.
Maybe someone accidentally uploaded a corrupted file unknowingly. Or perhaps someone with malicious intent has tried to hack into a system to steal data or simply to see if they could.
Whatever the reason, technological problems happen, and they affect IT and OT differently. For example, IT tends to have more touchpoints with the Internet than OT does, so there is a far greater chance of an IT-related hack than an OT-related hack.
This is why many news stories discuss stolen data rather than destroyed systems. IT problems occur in far greater numbers.
However, if something goes wrong with operational technology, it’s more likely to have devastating consequences. Leaked data can be fixed partially by changing passwords, data recovery and client contact, but an OT problem can have very real consequences in the physical world.
Think about an OT system that helps purify drinking water. What are the consequences if the system doesn’t realise that the water it’s sending to people’s faucets isn’t clean? How do those consequences compare to the consequences of a password leak?
Finally, IT moves and innovates rapidly. New patches are issued almost every week, depending on the specific services being used. There’s even a name for it: Patch Tuesday. That’s fine, as most IT work can be done while the patch is being applied, but this is not the case with operational technology.
In OT, an entire system needs shutting down in order to install a patch. So out of necessity, patches are not added as frequently for OT systems as they do for IT systems. For this reason, OT processes seem to lag behind other forms of tech. They can’t just release patches as quickly or easily.
Why is operational technology security so important? Like all tech, OT continues to change. Due to its nature, OT changes more slowly, although innovation still happens constantly in the OT space.
More and more, OT systems are finding elements of the work they do online. The more they appear connected to other networks, the more risk there is that something could go wrong. There are very real challenges when working with operational technology. Some of the most commonly discussed are:
- Lack of awareness about OT security issues
- Lack of OT system visibility
- Shared network infrastructure
- Difficulty patching OT
- OT/IT convergence creating more opportunities for security risks
- Remote maintenance often happens over an internet connection
- Third-party access issues
- Not all company locations use the same OT systems.
These problems are handled differently from industry to industry. But as technology continues to change, it’s important that people working with OT should seek effective solutions to such issues.
Seek a vendor that provides complete cloud visibility, leaving no gaps. A good solution can help to simplify and secure hybrid networks, allowing users to take full advantage of their data.