The importance of implementing OT security with the minimum impact

@Enigmedia Cybersecurity, DCS, ICS, IEC-62443, OT, OT Cybersecurity, OT networks, SCADA, Zero Trsut

Modernizing traditional OT systems adds a greater complexity to industrial networks, together with increased risks and threats, leading to a wider and vulnerable attack surface. There is a long list of concerns regarding cybersecurity, including legacy equipment with long life cycles and with no security-by-design mechanisms, difficulties when patching systems due to outdated or discontinued software, flat networks where segmentation is not always possible due to a poor IP address management, or the inability to deploy cybersecurity solutions because they may have an impact on operations and network performance.

The rule of don’t touch anything if it is working still prevails within OT operators. There is always some friction when implementing security mechanisms into OT as it implies downtimes and impacts in the current OT systems. Therefore, it is becoming mandatory to deploy OT security with the minimum impact on current infrastructure and operations.

Advanced detection could be a problem

The first step in the OT cybersecurity roadmap is to gain network visibility and monitor your assets in order to detect vulnerabilities and possible threats to the network, as well as getting a clear picture of your current network and identifying most valuable assets.

Detection mechanisms can be implemented without making any changes in OT systems as they are usually passive and just listen to the network through a SPAN port. However, if they are working actively to achieve more advanced information such as firmware analysis, they may disrupt real-time communication between devices and even shut down elements, for example, legacy PLCs as they usually have very limited computing power.

Inability to protect the lower levels of OT

Addressing the insecure by design problems in lower layers where ICS, SCADA and field devices coexist and interact with each other may introduce some problems. Deploying solutions requires making changes and complex configurations to the Level 1 & 2 devices and in many cases anything that communicates with them.

Adding to this, protection and prevention mechanisms such as firewalls or EDR can have a negative impact on network performance and physical processes, as latencies increase and real-time communication between devices is not always possible. Also, asset owners are reluctant to put security appliances in the communications line as it tends to bring up life cycle costs and additional potential failures.

Long downtimes and high costs

Implementing cybersecurity without any downtimes and production loss is vital to ensure operational continuity and avoid production loss. However, it is still a big challenge for most organizations as most cybersecurity solutions are based on traditional IT security and they may introduce problems when implemented in industrial environments.

Often there is no dedicated team managing the OT cybersecurity and the IT security team is involved in the task of securing it. The IT teams may not be trained to secure such systems and even OT specialists may not be familiar with cybersecurity, so it is crucial to implement plug-and-play security solutions and avoid network reengineering or complex configurations that lead to long and costly projects.

At Enigmedia, we believe that OT cybersecurity should be designed focusing on OT operators, system integrators and other groups involved, which may lack advanced cybersecurity skills. OT security solutions should provide flexible and effective protection in the simplest way, eliminating deployment complexity, impact on the current architecture and minimizing downtimes.

To address the challenges of securing OT with the minimum impact, we recommend the following best practices: