Fortinet: OT Network Security Success Starts with Visibility
For those in the industrial sectors - energy, utilities, manufacturing, communications, transportation and defence - operational technology (OT) systems control both the industrial and critical infrastructure.
As OT networks increasingly converge with internet-connected information technology (IT), the overlap results in an expanding potential for cybercriminals to attack. Previously isolated OT systems are now exposed to the full spectrum of IT-based threats.
“Because traditional security strategies were not designed for the unique and sensitive needs of OT, network operations analysts must seek out protection that provides visibility, control, and situational awareness across these environments,” says Fortinet.
1. Defending an Expanding OT Network Attack
In the past, the best way to protect OT networks was to isolate them from IT networks, known as air gapping.
However, with 75% of organisations reporting at least some form of basic connection between IT and OT, the convergence voids the security of air gapping, which is resulting in 97% of organisations acknowledging security challenges because of this convergence.
2. Finding a New Solution for OT Security
“In light of OT and IT convergence, an evolved and effective OT security posture requires some specialised considerations.,” says Fortinet, who adds that “attempts to address risk by simply deploying off-the-shelf firewalls, sandboxes, and intrusion prevention systems into OT environments present unacceptable, disruptive, and uncertain outcomes.”
Instead of taking a bolt-on approach to network security solutions, organisations need to design security into even the most basic levels of OT environments in order to address the bigger picture.
3. Visibility Across the Attack Surface
“You cannot protect what you cannot see,” says Fortinet, who reports that “82% of organisations are not able to identify all the devices connected to their network.”
In today’s digitally-driven environment, it is important to have continuous visibility of every device (wired and wireless) in order to ensure reliable OT operations.
“Since these technologies connect to an [external] IT network for additional capabilities, they offer a potential backdoor for threats to attack vulnerable OT systems. An integrated security architecture can support transparent, centralised visibility of the entire OT environment,” says Fortinet.
4. Control Access, Security Updates, and More
Control in OT requires the need for baselining normal traffic and predefined approved functions.
“Fortunately, device behaviours within an OT environment tend to be static and within a predictable range, so anomalous behaviours are more likely to be immediately apparent and identified than in traditional IT environments,” explains Fortinet.
Also critical to control in OT is the ability to force traffic from primitive devices through a next-generation firewall solution. “Organisations must be able to apply and enforce access policies based on who and what is connected to the network,” adds Fortinet.
5. Situational Awareness
Operational downtime for a single hour can cost organisations more than US$100,000 (reports 98% of manufacturers in a PwC study).
With this in mind, “when an individual device in an OT environment is attacked, organisations need instantaneous alerts and contextual threat information in order to quickly understand what precise actions to take,” says Fortinet.
However, this is easier said than done, network operations analytics can receive thousands of security alerts a day, and it can take hours of investigation to manually track down the location of a suspicious device and all other relevant information surrounding the event to determine whether this is an actual attack.
6. Greater Transparency for Industrial and Critical Infrastructure Networks
Toeing the fine line between protecting the expanding potential for attack without disrupting sensitive systems is a core challenge for OT networks.
“While the convergence of OT and IT offers great benefits, it also introduces new risks that may be unfamiliar to network operations analysts and security teams. Organisations must be able to ensure they know everyone and everything connected to their infrastructure at all times,” concludes Fortinet.
To read the Full ‘OT Network Security Starts with Visibility: Greater Transparency for Industrial and Critical Infrastructure Networks’ report, click here.
To register for Fortinet’s ‘When, Not If: Responding when your OT network suffers a ransomware attack’ on June 24, click here.