IT security and OT security are becoming allies

Supplementary report of ISW 2022
IT security and OT security are becoming allies

providers on the subject

Awareness of the risks associated with the Internet of Things and OT is high, but so is the risk of attack. The security of IoT and OT needs to change urgently so that companies can safely use OT / IoT. Conferences like HEI 2022 show that the IoT / OT security transformation is already underway. We give an overview.

Among other things, a solution like Nozomi Networks can bring transparency to the OT network, as explained by Sami Bolat, Regional Sales Director – DACH & EE, Nozomi Networks Germany.

(Photo: Oliver Schonschek)

Cyber ​​attacks lead to serious IT failures in municipalities, hospitals and companies. According to the Federal Information Security Authority (BSI), they sometimes cause significant economic damage and threaten the existence of production processes, service offerings and customers.

Cyber ​​attacks affect not only IT, but increasingly also OT (Operational Technology) and IIoT (Industrial IoT). Attacks on OT and IoT may also take place indirectly, via IT, as a consequence of the progressive convergence of IT-OT.

gallery

Photo gallery with 5 photos

While all of this is known or should be known, most of the security concepts for OT and IIoT do not reflect this. There are many reasons for this: For example, responsibilities are not clarified or are clearly segregated. IT security is then the responsibility of the CISO and the security of the OT is often the responsibility of the CTO if it has actually been assigned to someone. The goals of IT and OT protection are different, and the differences in communication between IT and OT exist not only at the technical protocol level, but also with the relevant security professionals.

However, this situation urgently needs to change, IT-OT convergence means that IT security and OT security also need to converge as far as possible.

“Smart security for a connected society” – and vice versa

Security conferences such as Information Security World (ISW) 2022 organized by NTT DATA and NTT Ltd. focus in particular on OT security, as is already clear in the motto of ISW 2022: Intelligent Security for a Connected Society. In a country like Germany, the network society includes increasingly networked production.

However, presentations and discussions with security vendors and service providers at ISW made it clear: the reverse motto must also apply and shows the path that security must take in line with IT-OT convergence: Connected Security for a Smart Society. If the industry becomes more and more digitized and Industry 4.0 becomes more and more a reality, then this can only be done by combining IT security and OT security. Many of the presented solutions showed how it works and what is already happening there.

How security solutions work together in IT-OT

The differences between IT and OT ensure that a pure IT security solution can only take over part of the security task when it comes to protecting OT. However, partial coverage of cyber threats cannot be a goal.

However, there are tons of specialized OT security solutions out there, including Nozomi Networks and Claroty. Deployed both locally and in the cloud, Nozomi Networks products automate the inventory, visualization, and monitoring of industrial control networks.

The Clarota platform identifies and protects connected resources across the Extended IoT (XIoT), including industrial (OT / ICS), enterprise (IoT), and healthcare (IoMT) environments. Additionally, the solution recognizes the indicators of possible attacks, thanks to which it is possible to react faster.

However, reacting to detected threats does not fall within the scope of OT monitoring, e.g. Fortinet solutions. Fortinet’s solutions by themselves have some OT capabilities, but they don’t go as deep as dedicated OT solutions with their asset intelligence, but Fortinet offers a range of response capabilities to counter threats. The same applies to solutions such as Akamai’s Guardicore, which then provide the necessary microsegmentation based on information from OT special solutions.

Modern OT security solutions therefore have interfaces to firewalls, network access control, SIEM and SOAR, for example to ensure security and in particular IT security combined with alerts and analytics, and provide the basis for rule alignment, segmentation or attack response.

The comprehensive IT-OT protection is also enhanced

In addition to the integrated approaches to OT-IT security, there are of course also those that secure the connection of OT and IT networks to the platform approach. This includes, for example, Check Point solutions, but also the NDR ExeonTrace platform, which enables network security in the IT and OT area.

As an NDR platform, ExeonTrace uses behavior and motion analysis to ensure early detection of attackers who have already breached the border. The platform enables the visualization of data flows in the IT and OT networks and integration with existing SIEM or EDR solutions.

Another overarching approach is to use a data repository and analysis tool like Elastic. There, OT systems can be seen as another source of data, and comprehensive analysis of log data from IT and OT also exposes attacks that start in one area and may spread to another.

Security requires specialization and partnership

The necessary convergence of IT security and OT security makes it very clear that the only way is not through comprehensive security that covers everything. The individual areas of IT and OT are too different and complex. Therefore, it also makes sense when specialized security providers are used as linked partners, when there are translators and connections between IT and OT, and when IT service companies such as NTT coordinate concepts and solutions.

The security industry is already on this path. However, utility companies, for example in industry, have to adapt to this in organizational terms, also combining responsibilities and budgets, ie CISO and CTO, for example, work together even more in partnership.

If it fails, the possible consequences for an intelligent and networked society could be dramatic as OT attacks threaten not only data but also people and the environment.

(ID: 48414373)

Leave a Comment