Historically, OT processes ran on non-routable protocols. But the so-called air gap has disappeared as industrial networks converge with the IT network. This means operations teams have had to rethink the cybersecurity protections they put in place. Joe Robertson, EMEA CISO, Fortinet, explains.
Today, almost no discussion about any subject goes on for long without the current pandemic being brought up in some way. It dominates all of our lives in many ways. Of course, life must go on, business does continue. But not in the same ways.
Companies have had to review their business models and adapt to the reality that fewer people work from an office for the near future – they have become home workers. This has put pressure on IT departments, including new security concerns. Likewise, the impact on securing Operational Technology (OT) has been enormous.
For example, under lockdowns, many production lines have had to slow or shut down completely as workers are unable to come to the plant. But unlike an IT environment, where changing a software process or powering down a device is relatively straightforward and can be done remotely, the reality of OT means it isn’t so easy to turn off a chemical process or shut down an assembly line.
Some systems, like a blast furnace or massive boiler, are designed for continuous operation, making it close to impossible to turn them off completely. In many cases, a skeleton shift of operators has to be on-site to run a plant or process just to keep the machinery from failing. In many more cases, operators are trying to run things remotely, even though the systems were not designed for this.
One of the most important lessons of COVID has been that disruptive changes can happen at any time. Even if we cannot anticipate which disruptions may hit us, we have to assume that there will be some. Or, like one CISO I know, operate as if you’ve already been breached. Which means we need to do a better job of anticipating and preparing for change, and that starts by taking nothing for granted.
OT is target
Historically, OT processes ran on non-routable protocols. This tended to make security more or less a simple matter of physical protection. The separation of the OT network from everything else, the so-called air gap, made it easy to for the operations teams to ignore the major cybersecurity headaches being faced in data centres and business networks. And the result was that, for many organisations, cybersecurity for the production environment was a low-priority item or even ignored.
We shouldn’t have needed COVID to tell us to make sure OT is protected. But that’s what it has done.
Goodbye, air gap. It was nice while it lasted
Over the last decade or so, more and more OT systems have switched to run on standard Ethernet using IP protocols. But it isn’t just the protocols that are changing. The air gap has disappeared as industrial networks converge with the IT network. For almost three decades, one of the main architectures for production and manufacturing automation has been the Purdue Model, which divides functional aspects of a process into zones.
The Process Control zone is defined by the sensors, actuators and related instrumentation implementing a process. The Operations and Control zone describes management of this process and multiple processes across a site. The Purdue model is very hierarchical, so each Process Control zone only has one point of communication with the supervising Operations and Control zone. In turn, the Operations and Control zone only has a single point of connection to the corporate IT environment, referred to as the Enterprise zone. That interconnection point is usually a demilitarised zone with a firewall to separate them. For a long time, this level of security seemed to be enough.
However, IT and OT networks are now necessarily converging as an ever-greater amount of information passes between them. Sensors and programmable logic controllers (PLCs) proliferate in the production environment, and many of them have wireless connectivity. Wireless LANs and wired LANs are shared by office workers and production machinery. OT and IT networks may still be separated logically, but they are no longer separated physically. In addition, the multitude of OT sensors in place produce a flood of data that needs to be analysed by applications in the Enterprise zone. And information and instructions flow in the other direction, as well. And where data flows, so too can threats.
This does not mean that the Purdue Model no longer applies. However, it does mean that we have to rethink the protections we put in place within and between OT zones.
The new tools of the trade
Many of the necessary tools for protecting our OT environments are already available. Fortinet has developed a wide range of cybersecurity solutions that are a perfect fit for Operational Technology environments. And they are all integrated into the Fortinet Security Fabric, providing broad visibility and control for securing both IT and OT networks.
One final point about cybersecurity for OT networks: there isn’t a single solution to make this all go away. Protecting your environment will most likely involve multiple vendors providing various types of equipment: the ICS system itself, tools for visibility into highly specialised OT devices and PLCs, probes and analysers. And no single vendor can do everything; so be sure the suppliers you choose are able to play nicely with each other.
Fortinet solutions include a large number of open APIs and connectors that allow them to interoperate with solutions from many other vendors. This include OT technology alliance vendors, control system vendors and OT systems integrators.
COVID has warned us: we all must start imagining the unimaginable. When it comes to defending our production environments, the time is now to harden the cybersecurity of our Operational Technology.