Skip to content

Securing Your Plant Without Shutting It Down: Navigating the Intersection of IT and OT

If one of your organization’s goals for 2023 is to implement a robust OT/ICS cyber security solution (and here’s why it absolutely should be, even if budgets are a little tight!) you may need a little help wading through the plethora of options, making a plan, and selling it to your CISO and board. There are many solutions being marketed out there, and many organizations willing to offer advice.  SCADAfence recently published a vendor-agnostic guide to choosing an OT Cyber Security solution that details why OT cyber security differs from IT cyber security and what you need to know to choose the solution that’s best for your organization. In this post, we’ll delve deeper and explore why a complete integration is so important. The U.S. National Institute of Standards and Technology (NIST) also released a draft version of a detailed technical guide to implementing OT security, with the final edition expected later this year. We suggest you download and read that as well. One important thing to remember is that even if you don’t have a complete OT security solution at the moment, you still are probably not starting from scratch. Enter the so-called expert from IT.

Integration Between OT and IT Is Essential

As we discovered recently on reddit, every control system engineer has a horror story to share about an IT guy who showed up on the floor of the manufacturing facility with a poorly thought out plan to install or upgrade or a cyber security solution. They proceed to scan every device on the OT network with a tool not-quite designed for the job and leave a disaster in their wake. Machines shut down. Production lines halted. Productivity out the window. Fingers pointed directly at the OT engineers. We understand why most OT engineers would prefer to keep IT experts out of the factory, and back in the office, where they belong. But the fact is, OT networks require cyber security protection too. (And because a cyber attack in the OT world risks harming physical safety, not just data, the need is actually higher.) However, as the integration of IT and OT systems becomes increasingly connected in functionality, it’s important to ensure that their cyber security solutions are well-integrated as well. IT systems are usually more mature, based on common operating systems such as Windows OS or Linux, and have more options available. OT systems on the other hand, are often more fragile and built on custom software, but are more critical to an organization’s mission. Therefore, as much as the OT teams might prefer to keep the IT teams out of their workspace, it is important for them to work together. Make sure roles and responsibilities are well-defined and it’s clear who holds final accountability for making sure your facility is secure.

Identify Your Specific Use Case

Before selecting an OT cyber security vendor, it’s essential to prepare and validate a clear list of IT integration use cases, and ensure that your chosen vendor is able to meet those needs A sound and complete integration between OT and IT security solutions should accomplish several things. First, it should allow for the flow of information between the two systems. This means that the OT team can receive alerts and notifications from the IT system, and vice versa. Second, a seamless integration should allow for forensic analysis to be conducted across both systems if needed. Third, remote users that are authenticated by the IT systems, may need access to OT systems as well. Therefore, a proper solution will allow a way for users logging on remotely to get the access they need at the correct level of authorization. This means that the solution should integrate seamlessly with other tools that are already in place. For example, SCADAfence integrates with a number of different security vendors, such as Rapid7, Keysight, and Secureworks. An open API that allows for maximum flexibility is ideal, as it allows you to tailor the integration to your specific use case rather than being limited to pre-set integrations that may not meet your needs.

Increased Visibility And Other OT Needs

In addition to the OT/IT integration, there are many other things to look for in an OT solution. Including, yes, the ability to passively scan the network to create a detailed inventory of every device without causing damage and shutting down the network. Other must-haves include quick installation time, low false positive rates, and tailored risk alerts. These are all covered in detail in the guide as well.  So, when the CISO, IT person or other member of senior management tells you they want to bring in a cyber security expert, instead of tossing them out on their head and bolting the door, invite them in, be prepared, and talk about how best to work together. To get more advice and information about choosing an OT cyber security solution, download our complementary guide.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

Navigating the Changing Landscape of OT Security in the New Year

It’s become somewhat of a ritual at the beginning of every year, (almost) every company comes up with a review of the past year, and an attempt to forecast what the next 12 months will bring. This year is more challenging than ever. Not only are geopolitical tensions and conflicts at an all-time high but there’s a lot of uncertainty due to the bear markets and the almost inevitable recession that is lurking.

2022 was a year of incredible growth and evolution for OT cyber security. If there is one word that sums up the past year in my mind, it is “change.”

Continue reading

Hospitals in the Crosshairs: The Alarming Rise of Ransomware Attacks in Healthcare

On a Sunday evening in late December, 2022 The Hospital for Sick Children in Toronto was hit with a ransomware attack that took down several vital hospital network systems and caused widespread disruptions in patient care. While the hospital, the largest children’s healthcare center in Canada, said no deaths resulted from the attack and no patient information was compromised, doctors were unable to access imaging and lab results. This led to delays in diagnosis and treatment system-wide.

Continue reading

Why OT Research Is Controversial – But Necessary

I want to discuss a subject that doesn’t get enough attention in the world of OT/ICS cyber security considering how fundamental it is, and also sparks a surprising amount of controversy. The topic is the importance of conducting ongoing research into OT endpoint device vulnerabilities, particularly for legacy devices.

It should be a unanimous opinion that this research is important. The more we know about vulnerabilities and the more CVEs we generate, the better for everyone involved. However, I frequently encounter industry analysts and self-styled experts that repeatedly question the need and validity of research in the OT sector. Their argument is that legacy equipment is guaranteed to have vulnerabilities, that it is flawed by design and therefore advanced endpoint research is unnecessary. I find this argument ironic because these same experts are often involved in creating products that help detect and manage the vulnerabilities found by researchers. They state publicly that there is no point in doing research and then in the same breath talk about how their product can help mitigate the problems.

Continue reading

Asset Discovery That Improves The More You Use It

A SCADAfence New Feature report The first question we’re usually asked by any CISO who wants to increase their OT security posture is about asset visibility and management. Gathering a comprehensive and accurate inventory of all the devices attached to an OT network is often the primary need driving an organization to seek assistance, and the biggest barrier to achieving their goals for security and compliance. It’s the right question to be asking, and the best place to start.
Continue reading

This Thanksgiving, Be Thankful for OT Security | SCADAfence

Thanksgiving – when families get together and express gratitude for everything they have, accompanied by good food and hopefully great football. For most families and network security teams who just feel like family, this is a great time for looking back and evaluating the past year and giving thanks for how far we’ve come. 

Continue reading

Four reasons for CISOs to maintain (or increase!) their OT security budget during a recession

Psst….Don’t look now, but the global economy might be entering a recession. Yeah, yeah, you already know that. Everyday you’re reading about tech industry layoffs, stock market dips, and general economic belt-tightening.

What does this mean for your OT security budget? Should you consider making cuts now to save your organization money?

Continue reading

OpenSSL Vulnerability – What It Means For Your OT Network

The cyber security community was deeply engrossed this week in the news that OpenSSL, the organization responsible for the software package that encrypts and secures communications across much of the internet, was about to release a patch for a newly discovered “Critical” vulnerability.

The original announcement on October 25th was met with a cyclone of reaction and commentary from security experts. However, after a few tense days of speculation, OpenSSL downgraded the vulnerability rating to “High” before publicly releasing details of the security flaw and the patch on November 1, 2022. Despite the lowered rating, and while the issue is turning out not to be the crisis that many experts had feared, this is still considered a potentially major security issue and it is important to understand it and take remedial action where necessary.

This blog will explain what OpenSSL is used for, the commotion caused by the announcement this week, what it means for your OT network’s cyber security, and offer SCADAfence’s analysts advice for protecting your network from the vulnerabilities.

Continue reading

The Rise of Post-Exploitation Attack Frameworks

The Cyber Kill Chain is a framework that outlines the stages of common cyberattacks and the points in the process at which attacks can be detected or intercepted. Developed by Lockheed Martin, this model contains seven phases: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objective.
Continue reading

Gartner’s Advice For Choosing The Right OT Protection For Your Network

If you are the person in your  organization responsible for securing an OT network, you are probably feeling very popular these days. Your inbox is no doubt full of emails inviting you to ‘hop on a call’ or ‘download now’ or ‘schedule a demo’. Each one promising that they have the best OT cyber security solution. There’s an absolute glut of options right now, and the choices are growing at a rapid pace. What’s a CISO to do? What options are the most important? What features do you look for in a comprehensive OT solution?

Continue reading