All Research
Leadership Brief

Advanced IT security solutions for OT environments

John Tolbert
Industrial Control Systems operators are increasingly targeted by Advanced Persistent Threat (APT) actors and cybercriminals as digital transformation accelerates. Many hitherto isolated systems now connected, which introduces additional risks from enterprise IT and the cloud. Although such connectivity can bring more risk, advanced enterprise IT security solutions can provide new capabilities for securing OT environments.

1 Executive Summary

Operational Technology (OT) is a term that encompasses computing equipment deployed in diverse environments such as factories, warehouses, cities, power generation and distribution facilities, water treatment plants, vehicles, etc. Industrial Control Systems (ICS), a subset of OT, include sensors, Programmable Logic Controllers (PLCs), and Human-Machine Interfaces (HMIs). OT systems can include specialized equipment provided by hardware manufacturers as well as more traditional IT servers, desktops, laptops, and tablets. In this paper, we will focus mainly on ICS.

ICS environments are at risk of targeted attacks by APT actors and cybercrime groups. APT actors generally involved in espionage operations, denial of service, or campaigns to destroy data and equipment. Cybercriminals' weapon of choice is most often ransomware, and they may purposely or inadvertently infect ICS environments. Regardless of the type of actor or malicious techniques used, the consequences can be very serious for the victim organization: production outages, power outages, spoiled goods, loss of trade secrets and other critical information, and even the destruction of computing and controls equipment are a few examples.

Innovations in data analytics technologies can be harnessed in ICS environments to better understand loads and customer demands, expedite production and deliveries, speed up Just-in-Time supply chains, facilitate predictive maintenance, and more. Access to many of these tools requires communication with enterprise IT components. Opening the door between OT and IT offers the possibility of productivity gains, increased revenue, expense reduction, and better value for customers. However, such connectivity can exponentially increase risks.

On the positive side, over the last decade or so, advancements in IT security technology and tooling can be brought to bear against adversaries in the ICS realms. Network Detection & Response (NDR) and Distributed Deception Platforms (DDP) are two types of security solutions that can be used to improve the security posture in organizations with ICS technologies. Both NDR and DDP are evolving toward XDR, or eXtended Detection & Response. Many solutions in the NDR, DDP, and new XDR space understand the device types, protocols, and topologies used in the most common ICS deployments.

Full article is available for registered users with free trial access or paid subscription.
Log in
Register and read on!
Create an account and buy Professional package, to access this and 600+ other in-depth and up-to-date insights
Register your account to start 30 days of free trial access
Register
Get premium access
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the General Terms and Conditions