The Impact of IT-OT Convergence on ICS Security
Most people are familiar with the term “Information Technology” and commonly understand it in reference to computer information systems – particularly in terms of the storage, recovery, transmission and protection of data within software applications and computer hardware. OT, or “Operational Technology”, on the other hand, is a relatively uncommon term and less understood by anyone not directly familiar with operating or managing it.
What Is OT?
OT refers to hardware and software systems that monitor and control industrial equipment and processes that run critical infrastructure, utilities, electric grids, manufacturing plants and traffic control systems – to name just a few. The umbrella term comprises many specialized frameworks, such as process control domains, programmable logic controllers, distributed control systems, supervisory control and data acquisition (SCADA) systems, safety instrumented systems, and building management/automation systems that are often collectively referred to as Industrial Control Systems (ICS).
The Convergence of IT and OT
Historically, IT and OT were managed by separate organizational silos without any interdependence on one another. However, over the past decade, a slow yet steady paradigm shift has taken place.
OT systems are increasingly being provisioned with networking and computational technologies. The two worlds of IT and OT are converging, with groundwork being laid for Industrial IoT, or IIoT – a matrix of interconnected sensors, instruments and devices that collect and share data for use across many industries, such as manufacturing, oil and gas, transportation, energy/utilities, and others.
IIoT is set to play a key role in the fourth Industrial Revolution, with converged IT/OT ecosystems serving as conduits that will deploy IIoT into the 4IR ecosystem.
The merger of IT with OT is driven by the need to optimize the collection and exchange of data between machines, infrastructure assets and applications while interoperably scaling processes across physical and virtual systems. The integration promises numerous benefits: improved flow of information, process automation, advances in the management of distributed operations and better adherence to regulatory compliance.
Impact of Convergence on ICS Security
However, as the lines of distinction between IT and OT continue to fade, the attack surface of interconnected IT/OT systems continues to widen. The most common attack vector for hackers to infiltrate these systems is via the internet.
With the arrival of IIoT, every ICS sensor, instrument and device accessible over an IT/OT network is susceptible to intense weaponization with botnets that are used to launch targeted attacks on critical infrastructure, such as energy grids, power plants, water and waste management systems, food processing plants, and transportation networks.
The human-machine interface, or HMI, that connect human operators to industrial control systems are also typically networked to various IT infrastructures. The accessibility to HMIs from internet-facing business networks poses a grave risk to ICS security, making HMIs susceptible to IP-based vulnerabilities, such as authentication bypass, weak session management, unsecured ICS communication protocoling and insufficient control traffic encryption.
Attackers typically infiltrate ICS systems with both generic malware and malware designed specifically to target and attack critical infrastructure. These infiltrations often result in denial-of-service, or DoS, attacks that paralyze or entirely halt industrial operations. ICS and connected IIoT devices are also high-value targets for hackers looking to collect ransoms or sabotage rival nations by gaining access to confidential data.
The following table provides a basic comparison between IT and OT systems from the point of view of connectivity and security requirements.
IT |
OT |
|
Connectivity Mechanisms |
Via Telco, Wi-Fi |
Via Telco, Radio, Satellite, Powerline Carrier, Wi-Fi |
Security Priority |
Data security with high confidentiality |
Operational uptime with high availability, safety, and integrity |
Security Standards |
ISO-17799, 27001, NIST SP 800-53 |
ISA99, NERC CIP 002-009, NIST SP 800-53, NIST SP 800-82 |
Security Patching |
Frequent |
Slow to impossible |
Cyber Forensics |
Available |
Limited, if any |
Overall Impact from Security Breaches |
Business impacts |
Business impacts, process fluctuations, equipment damage, environmental release, personnel safety |
The dangerous aftereffects of security breaches on ICS are on a completely different scale from the standard breaches we are most mindful of. Think about the consequences of a cyberattack that causes the power grid of an entire city or region to go offline, or one that triggers an explosion in a nuclear power plant by disabling the safety systems designed to prevent a catastrophic accident, or another that causes sewage to route into the water distribution system of an urban area.
In summary, securing ICS is a massive priority because of the repercussions of a security breach being so potentially disastrous. To learn about how Palo Alto Networks secures infrastructure across IT and OT networks, get a copy of our Security Reference Blueprint for ICS.