Security Convergence between Information Technology (IT) and Operational Technology (OT) in Industry

In this digital industrial development era, manufacturing companies can use various connected devices to monitor and remotely control or change devices (machines/tools) such as conveyor belts, valves, fans, pumps, and others.

However, this also increases the potential consequential threats or disruptions to the sustainability of the factory supply chain.

Every device connected to TCP/IP gives irresponsible parties the opportunity to intrude and jeopardize production activities and factory KPIs. Understanding and cooperation between IT and OT elements are needed to mitigate this threat.

 

For details on OT Security Please Read on The Importance of Cybersecurity in the OT Sector

 

The main concern of this IT-OT convergence is visibility. Hundreds of PLC-DCS sensors should be able to be monitored not only via HMI/SCADA, but also can be securely monitored remotely. The database must be able to create Big Data for follow-up actions. For this reason, security solutions are needed to keep them running normally. These preventive solutions are required in order to identify & counteract these risks.

 

NGFW (New Generation Firewall)

The primary security measure for this convergence is a powerful Next Gen Firewall toolkit.

This device that also functions as a gateway will monitor network traffic, perform filtration, and allow only safe traffic.

NGFW will constantly update you when something interferes with network performance and the number of individuals accessing the network and give you a comprehensive assessment needed to select sufficient capacity devices.

No matter how sophisticated your security devices are in protecting lanes, internal threats also need to be anticipated. We can approach it from the end-user side that performs on-site maintenance by connecting the laptop to the HMI directly for configuration. In general, these machines still use the old Operating System which is known to be stable. This is a risky move if it is connected anywhere because there is no security update available for that version. This is where the Endpoint Detection & Response agent needs to be installed on the HMI.

 

EDR (Endpoint Detection & Response)

EDR functions as a protective barrier, where the maintenance staff can safely configure/maintain machines. For devices that are connected to the local wifi, the security measure on the access point device can be a barrier.

 

Sandboxing

Sandboxing is required because the development of malware and viruses, like Zero-Day attacks, are increasingly frequent and common. For optimal prevention, Sandboxing technology can be used for early testing in a self-contained environment, as a filter for files, attachments, URLs, and programs from incoming/outgoing traffic.

In implementing these various security solutions, especially in the Operational Technology aspect, good integration is needed in terms of the specific environment per factory and the technology used so your investment can be optimal.

You can contact us ACS Group, to discuss what solutions are suitable for your business organization.

The importance of cyber security in OT sector

The development of digitalization on the OT aspect often doesn’t go as smoothly as on the IT side. Unlike IT, which priority is to update system and security to the latest version, system updates in the OT area can put critical activities at risk at the plant. Nevertheless, adopting various devices as a way to digitalization is inevitable to keep up with the trend and staying relevant.

From this, risks associated with OT arise. Listed below are some examples of conditions that are common on the production floor:

  • Variations of DCS, PLC, and HMI (Human Machine Interface) from various brands.
  • Serial Type PLC configured via PC/laptop plug-in directly into the HMI.
  • The displays of the machines have adapted to digital, but the OS is rarely / never updated to prevent hampered operations in the downtime. OS in the OT area usually still uses an outdated system like WinCE/Win7.
  • Automatic Updates disabled.
  • The OT (factory) will only operate with systems that have been proven stable. Usually, these systems are not the latest and have outdated in-house security standards that require a lot of retrofits (added features).
  • OT control is decentralized and unique per location. Therefore, remote access is impossible when an issue arises.
  • Staff / System Integrators who perform maintenance on OT devices generally do direct plug-ins on-site.

Various international cases emphasize the importance of securing OT along with developing working methods and data exchange. Production shutdown that starts from Ransomware will threaten KPI significantly.

In following the INDI 4.0 standardization and the development of data protection regulations and cloud computing (public) trends, we need to consider that OT area security ideally can provide:

  • Visibility
  • Distinct segmentation: what is accessible to certain staff.
  • Remote secure access for efficiency.

The solution that can be implemented is placing the NGFW appliance at the right point in the OT environment. The type of NGFW must be suitable so as not to hamper the ongoing operational and routine maintenance processes. Protection of production lines from various intrusions can be done in several approaches, either from regular maintenance executioners or from machines that need to be secured.

References:
1) https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-secure-access-ot.pdf
2) https://www.fortinet.com/solutions/industries/scada-industrial-control-systems/what-is-ot-security