• Introduction to OT security

• Special challenges of OT security

• Create an organizational framework

• Essential technical measures

​

​

Introduction to OT security

 

OT security, or operational technology security, refers to the protection of systems used to monitor and control physical devices, processes, and infrastructure in industrial environments. These include systems such as SCADA (supervisory control and data acquisition), ICS (industrial control systems), IIoT (industrial Internet of Things), and other automation technologies.

 

Many organizations initially implement their ISMS based on ISO 27001 so that they can then manage their OT environment under the same ISMS. In doing so, they face additional challenges that require different and/or additional specific measures to be taken in order to meet the requirements of OT security.

 

In order to achieve the highest possible level of security for the respective industrial application, concrete risk management approaches are required, based on which standards can be selected and implemented in a targeted manner. Industry-specific standards are an important aid for companies in this regard.​​

​

Additional standards, such as the ISA/IEC 62443 series, NIST CSF, or SP800 series, deal explicitly with security issues in industrial manufacturing. This helps an organization maintain compliance with ISO/IEC 27001 through common approaches wherever possible and highlights the differences between IT and OT approaches where necessary.

​​​

​

SPECIAL CHALLENGES OT SECURITY

​

With the digitalization of processes and the use of new Industry 4.0 technologies, companies need seamless communication between IT, cloud, and operational networks and the Internet.

​

Comprehensively networked digital systems have led to complexity in our infrastructures, making operational and maintenance processes important components of secure system designs.

​

One example of this is the concept of predictive maintenance, which enables effective troubleshooting and optimization of maintenance via networks outside the OT environment.

​

Predictive maintenance relies on various technologies such as the Internet of Things (IoT), predictive analytics, and artificial intelligence (AI). Networked sensors collect data from systems such as machines and devices and forward it for real-time analysis to obtain a picture of the current status of the systems. If a potential defect is detected, an alert is triggered and forwarded to the maintenance team.

​​

​

1. Availability of production equipment:

​

The primary protection goal in a production environment is the availability of production equipment. This means that reboots are unacceptable and maintenance cycles have long lead times and incur high costs. Third-party software components can only be installed after approval by the manufacturer or after the manufacturer's warranty has expired.

​

A major challenge of OT security is to strike a balance between measures to protect production networks against attacks and the availability of production equipment.

​

Poorly planned measures can lead to significant disruption of production. For example, additional network traffic caused by security checks or updates can negatively impact control systems.​​​

​​​

2. Long life cycles of production equipment and legacy components:

​​

Individual components in industrial production typically have a service life of 20 to 25 years. This presents a further challenge in that industrial control systems and equipment are subject to long product life cycles, resulting in a certain degree of heterogeneity with legacy components, which includes a wide range of specialized devices, protocols, and in some cases outdated software, each with different operational requirements and security vulnerabilities. There is also often a lack of documentation for IT components and production facilities, and responsibilities are unclear.

​

This complexity makes it difficult to apply uniform security measures and increases the complexity of managing and securing these systems against cyber threats.

​

To integrate legacy systems into security measures, special Industrial Internet of Things gateways (IIoT gateways) are a modern and widely used concept for bridging technology gaps.

However, IIoT gateways are also a potential entry point for cyberattacks. Securing IIoT gateways therefore plays a particularly important role in protecting critical networks from unauthorized access and safeguarding IoT devices.

​

3. Cultural differences: operational technology (OT) and traditional information technology (IT):

 

Conventional IT service providers generally have little experience with industrial systems and IT security solutions. On the OT side, the lack of IT expertise also creates a certain resistance to potential new security solutions. Since Industry 4.0 is opening up previously strictly isolated industrial control systems to the Internet, it is advisable for IT and OT managers to work closely together to harmonize security goals and develop a common understanding of a secure architecture for industrial control systems.

 

​​

CREATE AN ORGANIZATIONAL FRAMEWORK

​​​

​

In order to successfully implement complex IT security requirements, a clear organizational structure with clear governance is needed to enable close cooperation between IT and OT. To this end, roles and areas of responsibility must be defined and assigned to qualified individuals with sufficient resources. Training courses impart the necessary know-how and a common understanding of tasks and processes.

​

The NIS2 Directive is a legal requirement that can be met by setting up an information security management system (ISMS). Best practices for establishing an ISMS are described in the gold standard international standard ISO 27001. In industrial manufacturing, this standard can be adapted and tailored to the specific conditions of industrial manufacturing with the help of additional standards such as the ISA/IEC 62443 series, NIST CSF, or SP800 series.

​

The introduction of standardized management processes is essential to ensure effective and sustainable security for industrial processes and to achieve compliance.

​

One way to establish these management processes is to use standardized ITIL practices that can be adapted to production environments.

 

Some of these ITIL practices provide a structured approach to managing

• incidents and problems and analyzing their causes,

• changes in the production environment,

• and tracking assets and their configuration,

which is crucial for optimizing production processes and minimizing disruptions.

​

Important ITIL practices include:

​

1. Asset management:

 

Manage and control changes to production systems and processes in a structured and controlled manner.​

• Identification and inventory of all OT systems and components, as far as possible.

• Lifecycle management: Assets and configurations must be managed correctly from acquisition to disposal.

​

2. Incident management:​

​

Rapid restoration of production after incidents and prevention of recurrences. Service desk and ticketing system.

• Central recording of incidents

• Analysis of the incident and assessment of the impact.

• Implementation of measures to eliminate the incident and restore the original function.

• Analysis of the incident and derivation of improvements for future incidents.

​

3. Problem management:​

​

Identification and elimination of the underlying causes of recurring incidents (= problem).

In-depth analysis of the incident and development of solutions based on a process by an interdisciplinary task force involving IT and OT security specialists, among others.

​

4. Change Management:​

​

​Managing and controlling changes to production systems and processes in a structured and controlled manner.

• Clarification of all possible dependencies and effects

• Definition of a rollback in case of unforeseen effects

 

A critical scenario here is the management of security-related patches, which are often rolled out under time pressure. In this case, guidelines must be defined that balance the conflicting goals of responsiveness and quality assurance.

​

​​

ESSENTIAL TECHNICAL MEASURES

​​

1. Defense-in-depth as a strategy:

​

Defense-in-depth is a central security concept in cybersecurity. In Industry 4.0, it is of crucial importance due to increasing networking and the associated new areas of attack. The aim is to implement several independent security levels. If one layer fails, the next layer should intercept the attack. The coordinated use of various technical measures results in a complete security solution that offers a high level of protection.

​

The individual components of the defense-in-depth strategy for industrial manufacturing include:

​

Physical security: This is the outermost layer and includes measures to protect the physical infrastructure, such as factory buildings, server rooms, and production facilities. These include access controls (e.g., biometric systems, card readers), surveillance cameras, alarm systems, and securing buildings against unauthorized access.

​

2. Network security:​

​

This layer focuses on protecting the flow of communication. Important elements are:

• Firewalls: Control data traffic between different network segments and block unauthorized access.

• Network zoning: Divides the industrial network into smaller, isolated zones (e.g., separation of IT and OT networks) to limit the spread of attacks (see below).

• Intrusion detection/prevention systems (IDS/IPS): Monitor network traffic for suspicious activity and can detect and block attacks.

• VPNs (virtual private networks): Secure communication over unsecure networks, e.g., for remote access or connections to cloud services.

 

3. System integrity:

 

This layer protects the individual systems and end devices in the network, such as PLCs (programmable logic controllers), industrial PCs, sensors, and actuators. Measures include:

• Patch management: Regular installation of security updates for operating systems and applications to close known vulnerabilities.

• Antivirus and malware protection: Detection and removal of malicious software.

• System hardening: Deactivation of unnecessary services, configuration of security settings according to best practices.

• Endpoint detection and response (EDR): Monitoring of end devices for suspicious behavior and response to attacks.

​

4. Application security:​

​

This layer deals with the security of software applications used in production, such as SCADA systems, MES (manufacturing execution systems), and ERP systems. Important aspects include:

• Secure software development lifecycle (SDLC): Integration of security aspects into the development process from the outset.

• Regular security audits and penetration tests of applications.

• Access controls and authentication at the application level.

​

5. Data security:

 

The protection of the data itself is of utmost importance. This includes:

• Encryption: Protection of data during transmission and storage.

• Data backup and recovery: Regular backups and tested recovery plans to prevent data loss and ensure rapid recovery in the event of an attack.

Data integrity: Ensuring that data is not altered or manipulated without authorization.

​

​6. Network zoning as the basis for OT security:

​​

Significant risk minimization will be achieved by zoning the network.

IEC 62443 is based on the Purdue model, which is part of the PERA methodology (Purdue Enterprise Reference Architecture). It is a reference model for automation and industrial networks. The model can be used to structure complex automation and industrial networks in accordance with defense in depth. The networks are divided into different levels and the systems are assigned to these levels.

​

By abstracting and assigning devices and systems to different zones, the model helps to gain an overview of the networks. This facilitates the planning and implementation of protective measures. Technical protective measures can be implemented at the transitions between the areas in accordance with the existing protection requirements. The exchange of information (conduit) between the zones can be controlled and monitored. IT and OT systems are logically and physically isolated.

​

The digitalization of processes and the use of new Industry 4.0 technologies require companies to have seamless networking between IT, cloud, and OT networks.

 

IoT gateways play a key role in ensuring this smooth networking. They connect IT and OT while protecting systems from cyberattacks. IoT gateways convert protocols from a wide variety of machines into a uniform protocol for transmission to an IoT platform. A wide range of IT security features are integrated into gateways to ensure the security of the production system.

​

One of the most important steps in OT security is the strict separation of the production network from corporate networks by communicating via a dedicated DMZ (demilitarized zone). Direct communication is blocked by firewalls. Data and information can only be exchanged indirectly via servers in the DMZ. This prevents unauthorized access from outside and enforces data exchange regulations.

​

7. Network Access Control (NAC)

​

NAC enables detailed control over network access. Only devices that comply with the defined security policies (e.g., current patches, virus scanners) are granted access.

Careful implementation and continuous management of the NAC solution is necessary to ensure that security policies are effectively enforced and that system availability is not compromised.

​

8. Monitoring: Deep Packet Inspection (DPI)

​

Deep packet inspection (DPI) is a technique for analyzing the content of data packets and is used to monitor, optimize, and secure networks that connect IoT devices and production processes. DPI can help analyze network load, determine application functionality, detect potential threats (intrusion detection system, IDS) and prevent them (intrusion prevention system, IPS), and ensure data integrity.