ULTIME NEWS: Gyala riconosciuta Sample Vendor nel documento “Emerging Tech: AI in CPS Security” di Gartner Leggi

Integration and Resilience

Strengths of integration, critical elements, and maximization of infrastructure resilience.

There are many studies currently focusing on cybersecurity and IT/OT, partly due to the criticality of infrastructures, but mainly due to the historical separation of governance areas within companies.

The OT (Operational Technology) environment is responsible for managing and controlling physical devices involved in the production or provision of critical goods and services. Sectors such as manufacturing, electricity, oil and gas, healthcare, and many others rely on OT to ensure the proper functioning of their operations, and it is precisely the OT infrastructures that have changed in recent years, undergoing a process of convergence with information technology (IT) to achieve greater connectivity between these two environments. However, this opening towards the network, integrations, and third-party systems has often arisen within legacy systems that have been in place for years and with interfaces that are no longer updatable, exposing the entire hosting reality to significant risks.

Differences in security management between IT and OT infrastructures

To fully understand the challenges of OT security, it is important to understand the differences in responsibilities and management between IT and OT systems. The primary goal of an IT environment is to manage and process data and information through various systems such as servers, computers, software applications, and databases. IT environments focus on managing the data and information used to support business operations.

On the other hand, the OT environment deals with the management and control of physical devices involved in the production or provision of critical goods and services. These devices include industrial control systems (ICS), sensors, electromedical equipment, and more. The primary goal of OT systems is to manage the control and automation of critical physical processes for business operations.

In short, while IT focuses on data and information management, OT focuses on physical behaviors and outcomes. These fundamental differences result in different security requirements for the two environments.

IT/OT Convergence

IT/OT convergence has allowed organizations to accelerate their digital transformation initiatives: by connecting IT and OT systems, organizations can further automate processes to reduce human errors, increase productivity, and optimize operations. Aligning operational processes with digital capabilities can drastically change how companies deliver value.

Implications of IT/OT Convergence on Cybersecurity

IT and OT Systems have very different security requirements and face unique cyber threats. One reason why IT environments are protected differently from OT environments lies in the type of assets that need to be protected. IT environments are primarily used for storing and processing data, and attacks on these systems often aim to exfiltrate information, sensitive data, and business know-how.

On the other hand, OT focuses on the security and reliability of infrastructures: OT devices that deliver these critical functions can have a long lifespan of several decades and may be widely distributed across physical sites or facilities. They often use proprietary protocols, making it very complex to obtain full visibility into the OT network.

An attack on an OT network can lead to very serious damages: service downtime (which is often critical), harm to people working on that network, or the use of the network itself as a “weak link” to reach the company’s IT core.

Protection of OT Vulnerabilities

OT vulnerabilities can be defined as CVEs (Common Vulnerabilities and Exposures). Misconfigurations or other security flaws in an OT system that can be exploited by a hacker to gain unauthorized access or control over such systems.

They may stem from some of the following issues:

  • Inability to perform security updates due to outdated software.
  • Lack of secure access for maintenance.
  • Shortage of specialized cybersecurity personnel along the OT line.
  • Difficulty in actively monitoring OT devices.

Finally, the peculiarity of OT infrastructures is that they cannot be defended with the same criteria as IT endpoints, because each OT endpoint has not only software but also mechanical peculiarities that must be safeguarded: each OT system is unique and presents specific vulnerabilities that require identification and correction, protection, and assurance of resilience.

Where to begin

You could start your IT/OT security journey by considering a solution with the capability to analyze the state and configuration of every client, server and OT device n the infrastructure, designed to apply customizable detection and reaction rules, even at the individual agent level

We’re talking about Agger:

our platform meets all these characteristics and allows you to create the behavior model that the IT/OT infrastructure should assume in case of an attack, ensuring its resilience. We support all legacy systems and are able to reconcile the security needs of the OT world with the flexibility required by such a diversified environment.

Discover Agger