Have you ever been driving along, pulled up to a stop light, and wondered why that stop light was put there in the first place? Or wondered about all other rules we follow on the road, like obeying yield signs or the single and double yellow lines on the road?
Have you ever stopped to wonder why that is? In most cases, it’s to eliminate accidents and improve safety. These are all rules we agree to – along with adding protections like blinkers, sensors on bumpers to deploy airbags, anti-lock brakes, etc. – that keep each other safer.
We see the same things happening in Operational Technology (OT) security. Physical safety is the FIRST priority for OT. All OT equipment goes through rigorous safety tests prior to or during deployment, whether it is a sensor, a motor turning, pumps pushing fluid, or a robotic arm. Even a simple software change usually requires verification and multi-group support to ensure that updates don’t lead to unexpected safety concerns.
But the world of OT is evolving. OT systems are connecting to the network, looking to gain the clear benefits of interconnectivity of systems. It also opens the door to a whole new area of security concerns – networks and data. This means you can’t take your metaphorical foot off the brake and neglect the safety-first principles that have been in place for so long.
This is where we can leverage some of the tried-and-true basics from securing traditional IT operations. We know these things work, they just need to be adapted to this newly connected environment so we can securely realize the benefits of interconnectivity. So, how do we do that?
The short answer is network segmentation! When it comes to OT security 4.0, network segmentation can not only improve security, but also help maintain safety in the process. Even better, it can cut short planned outages needed for updates – saving 2, 3 or even 5 years of downtime in some cases.
The most effective segmentation starts with a foundation of strong network visibility, which lets you understand the devices on the network (what you have to segment) and how they are interacting with each other (network traffic). That gives you the context you need to segment effectively and prevent downtime or safety concerns – both things that OT operators care a lot about.
Here are some basic principles to set your foundation for OT security 4.0:
- Know the state of the environment compared to a baseline:
- What devices are talking to what? What protocols are used?
- Does every device need to be on the same network?
- What is the current software version compared to what you have deployed?
- If there are changes/updates to be made, what will this change to any of the above? (Making sure to still ALWAYS understand the impact to safety)
- Disable or block access to services/software not needed. This could be local to the endpoint or upstream by using network segmentation.
Additional benefits with this type of visibility-segmentation combo include better incident response and cross-functional team interaction. Simple operations incidents like a malfunctioned sensor or responding to a security incident can be sped up significantly when organizations have full visibility into their environments, and the ability to isolate faulty or compromised devices. It also bridges the gap between the OT and IT teams so everyone is speaking the same language.
Doing these basics will dramatically improve your over-arching security awareness and postures while also providing positive impacts to safety. Just like when operating a moving vehicle or a conveyor belt, safety should always be the first priority.