Not too long ago, there was a clear separation between the operational technology (OT) that drives the physical functions of a company – on the factory floor, for example – and the information technology (IT) that manages a company's data to enable management and planning.
As IT assets became increasingly connected to the outside world via the internet, OT remained isolated from IT – and the rest of the world.
However, the spread of Industrial IoT (IIoT) as well as the need for constant monitoring and tracking information from manufacturing and assembly lines mean the connection between IT and OT systems has greatly expanded. OT is no longer isolated. OT is now just as exposed to the outside world as IT is.
What does this mean for OT security, where hard-to-access devices needed for 24/7 production are difficult to patch? Let's take a look.
The Air Gap Is Gone
Not so long ago, any data exchange between IT and OT operated via a "sneaker net." An operator would physically go to a terminal connected to the OT device, offload data covering a recent period, and carry the offloaded data to their workstation, where they then upload it to the organization's IT system.
It was a cumbersome and slow way to transfer data, but it did imply a valuable physical separation (air gap) between OT and IT infrastructures, shielding critical OT devices from typical IT cybersecurity risks. But, as the song goes, times, they are-a-changin. In fact, they have been for quite some time now.
Today, we're seeing OT at the forefront of cybersecurity risk. Rising ransomware incidents that cripple entire companies and take down production for long periods of time have a devastating impact on the sustainability of affected companies, and it trickles right down the whole value chain.
Case in point: formerly valued at $100m, United Structures of American Inc. filed for bankruptcy in early 2022, due in large part to the fact that the steel manufacturing company was the victim of a ransomware attack where it lost most of its data. And everyone will remember last year's attack on Colonial Pipeline.
You Must Adapt and Secure Your OT – Fast
The fast-paced nature of today's technology environment means we can't go back to the old ways of doing things and we have to assume that OT is going to stay exposed to the outside world. This implies a need for a different approach to securing OT infrastructure.
There are many proposed solutions to this challenge, but these solutions often entail completely different architectures, as some models are now no longer relevant. Replacing existing devices or changing existing processes to accommodate the new "best practices" of the day always comes with a high cost in time, resources, and training.
It impacts the bottom line, so businesses delay the transition for as long as possible. As we see repeatedly, some businesses will only find the right motivation for significant cybersecurity spending after an incident happens.
When the worst-case scenario happens, companies will immediately find the necessary funds to fix the problem, but it can be too little, too late – as United Structures found out.
Consider Taking, At Least, Some Steps
If you've not secured your OT yet, you need to get started right away. A step-by-step process can help if the wholesale changes required to fully protect your OT are simply impractical and unaffordable.
For example, if at all practical, consider segmenting the networks used by OT and apply application whitelisting to ensure that only authorized OT applications can send and receive data over that network. Keep a close eye on network traffic and analyze logs so you can catch attackers in the act – before it's too late.
Where your OT is built using Linux devices, consider live patching. Live patching continuously updates your hard-to-reach OT and doesn't conflict with uptime goals, which usually happens when you need to reboot to patch.
Whatever your strategy, there is no excuse for leaving your OT unprotected. That goes for steps like isolating OT networks, but also for other options – such as applying live patching to previously unpatched devices.
There won't be a "good time" to take the first steps. The best time to start with OT risk mitigation is right now.
This article is written and sponsored by TuxCare, the industry leader in enterprise-grade Linux automation. TuxCare offers unrivaled levels of efficiency for developers, IT security managers, and Linux server administrators seeking to affordably enhance and simplify their cybersecurity operations. TuxCare's Linux kernel live security patching and standard and enhanced support services assist in securing and supporting over one million production workloads.
To stay connected with TuxCare, follow us on LinkedIn, Twitter, Facebook, and YouTube.