Collaboration between Information Technology (IT) and Operation Technology (OT) requires a vast perspective to provide comprehensive security. Where OS or Antivirus updates are commonplace and have minimal obstacles in IT, they can result in critical issues that significantly hinder production KPIs if executed with the same methods in an OT environment.
Negligence in securing OT devices with legacy operational systems results in unprotected devices that are easily attacked by cyber-attacks. For this reason, convergence is needed in cybersecurity planning in a digitalized industry by first separating the IT zone from the OT.
The following are several activities to prevent cyber security in Information Technology (IT) and Operation Technology (OT) :
SEGMENTATION / ZONATION
This segmentation is called the Demilitarized Zone [DMZ] or Zone 3.5 in the Purdue model. This zone becomes a perimeter protector for the OT segment as a safety compliance tool. A capable NextGen Firewall [NGFW] is needed to filter all data packets leaving or entering the OT zone, either from IT or the internet. The selected NGFW must have a Virtual Patching feature to mitigate the need for OT devices that cannot be updated like IT devices.
VISIBILITY
The next step is to identify assets in the OT segment. This step is required to determine what digital security protocols are needed and how many assets need security. No security vendor provides this entire line of facilities. Therefore, it is necessary to implement solutions that can collaborate between principals, for example, Fortinet’s collaboration with Claroty for Asset Discovery.
SECURE REMOTE ACCESS
Remote access is now easily accessible. There are various tools available on machines in the factory to make adjustments remotely. Of course, this “direct” path also needs to be secured with an NGFW or Secure Switch.
Also read about Security Convergence between Information Technology (IT) and Operational Technology (OT) in Industry.
ROLE BASED ACCESS CONTROL
Network Access Control, Authenticator/Token can regulate the access level to OT devices for each company personnel. This solution can also set the specifications of what devices can access OT zones or devices. This assessment of the company personnel’s access level is a form of security hardening. It also can be a basis for accountability that the company entrusts to personnel who require remote access to do routine maintenance or adjust device functions.
INSIDER THREAT
What about threats from within? For example, when OT device operators unknowingly commit violations or do not realize how crucial the impact of their negligence is due to a lack of security protocol training. EDR (Endpoint Detection and Response) solutions are needed to mitigate direct human interaction aspects, such as PLC, DCS, SCADA, and HMI.
MANAGEMENT LEVEL REPORT AND SECURITY CENTRALIZATION
This comprehensive level of security certainly requires significant and sustainable investment. Therefore, there is a need for a comprehensive report that can be assessed by management. The right SIEM (Security Information and Event Management) dashboard is a solution to this problem. We also recommend SOAR (Security Orchestration, Automation, and Response) with its playbook feature to simplify security centralization and automation.
ADVANCED PERSISTENT THREAT
Even the most sophisticated security system does not escape the risk of Zero-Day Threats which requires special attention. Two mitigations for this problem are the Sandbox solution, which will quarantine unknown signatures, and the Deceptor, which will imitate the original environment but “trick” it. If a facility is attacked, it will happen in a quarantined zone and separated from the original production environment.
In implementing various security solutions, especially in the Operational Technology aspect, good integration with the Information Technology team is needed so that operational problems do not occur. If you are looking for a comprehensive solution for Security Convergence between Information Technology (IT) and Operational Technology (OT) in the industry, you can contact us at ACS Group. You can call us at +6221 4208221, chat via WhatsApp at +62 811-1944-534, email sales.admin@acsgroup.co.id, or you can visit our website at www.acsgroup.co.id.
ACS GROUP (PT AUTOJAYA IDETECH and PT SOLUSI PERIFERAL has provided appropriate solutions for thousands of enterprises throughout Indonesia since 1992 for AIDC solutions, IT Infrastructure, Enterprise Security Systems, and Enterprise Business Solutions. Our company has four branches, namely in Cikarang, Semarang, Surabaya, and Denpasar.