Skip to content

IT Sec for OT: Why is it problematic?

Malicious external actors were previously not a problem for the operators. These dangers were not relevant. In addition, direct physical access was usually required to manipulate the system.

OT operators are familiar with the production process. Cybersecurity is a new field in which there is little knowledge.

Problems with security

Many cyber security measures make it difficult to analyze errors if there is a problem with the machine or system. For example, an encrypted transmission of data cannot easily be analyzed to determine whether the data is correct.

Another example is the use of certificates for authentication. If these expire and are not replaced in time, this can lead to the system coming to a standstill. This leads to a reduction in the availability of the system.

There are therefore some concerns regarding the use of cyber security measures.

Security personnel does not have the insight

Security personnel is dependent on operators for deeper information about the network, processes and what is "normal" inside the network. Therefore OT-personnel are integral part of the securityt process. Especially, when it comes to remediation and rebuilding after an incident.

Advantages of cyber security

cyber security is not just a hindrance. Remote access is not feasible in today's world without it. (link to the TOP 10 item).

here are some more brief examples of why security is necessary and how it relates to the other top 10 items.

Digitization of processes

Cryptographic signatures can be used to detect changes to logs and measurement data or to prove their integrity. This makes it possible, for example, to digitize previous paper-based processes, thereby accelerating and optimizing them.

System monitoring

The number one goal for serious adversaries in an OT environment is disruption. This is why security appliances also closely monitor the functionality and critical operational functions in the system. Additionally, security appliances show alsmost instantly if unknown devices have connected. This can also be problematic if it is not an attacker, but devices that should not be able to connect to the OT-domain.

Compliance

Security is part of most of the common standards nowadays. May it be critical infrastructure or "just" some risk management procedure like IEC 62443, security is part of the process and can not be ignored when wanting to be compliant.