Avoiding the security hazards that come with OT/IT Convergence
For decades, factories, utility operations, and healthcare centers have relied on operational technology (OT) systems for daily functionality – monitoring production processes, distributing electricity, running MRI machines, etc. These systems have largely stood apart from whatever IT structure the factory, utility, or healthcare center might have in place. (And for some, such as older utilities, IT itself has been limited or non-existent.)
Two forces are upsetting the status quo for such OT systems: 1) the drive toward digital transformation made by integrating OT and IT and 2) the ever-more-aggressive attacks on security that may bring operations to a halt, with potentially catastrophic results for the organizations and those they serve.
It’s a frightening prospect, one that requires a careful, deliberate effort to understand the nature of the dangers for an individual organization and develop an appropriate response. Fortunately, solutions exist to enable organizations to up their digital capability while safeguarding their operations. But first, let’s look at how the progress from no protection to an integrated, resilient system takes place.
Phase One: Awareness of Potential Vulnerabilities
Alert leaders of organizations relying on OT begin to realize the growing threat they may face as they read reports relevant to their sector:
- Healthcare organizations: Breaches in the U.S. rose by 55% in 2020 over 2019.
- Utilities: Blind spots in the power generation industry brought on by digital transformation makes them more vulnerable to cyberattacks.
- Manufacturing: The sector became the second most targeted industry in 2020, with a 300% increase from 2019 due in part to the shift to Industry 4.0.
The report on utilities by Yokogawa, a Japanese-based international electrical and software company, crystallizes the problem. While the shift to open systems makes a utility more adaptive to demand, enhances analytical capabilities, and facilitates interoperability, it also “has unlocked a door that was once firmly kept shut,” as hackers are well aware.
While the shift to open systems makes a utility more adaptive to demand, enhances analytical capabilities, and facilitates interoperability, it also “has unlocked a door that was once firmly kept shut,” as hackers are well aware.
Phase Two: Taking Stock of Weaknesses
Next, organizations examine their own potential points of entry for those who would do them harm. Often, they’re alarmed to recognize how many devices are unmanaged, ports are open, and functional silos are in place that keep various security measures from being integrated. The magnitude of the vulnerabilities begins to dawn on them as they see they’re exposed on several fronts: cyber, physical, supply chains, etc., with no centralized way to assess risks, let alone manage and prioritize responses to them.
Phase Three: Attacks, Firefighting and the Shift to Centralization
All the theorizing about weaknesses and vulnerabilities shifts to practicalities and urgency when an organization has a security breach. As the military axiom goes, “No plan survives contact with the enemy.” Organizations move quickly to defend themselves in an ad hoc fashion as best they can. But a rush to shut off one entry point in a network may result in halting operations on a wide scale – a consequence that might have been avoided if the network were segmented so attacks in one section could be addressed while the others were left uninterrupted.
In addition to the problems caused by an unbalanced remediation measure, organizations suddenly panic with the realization that this may be the first of many successful breaches and they have no idea what attacks might be next, nor how they can readily respond effectively and efficiently.
This leads to the conclusion that others (including vendors selling solutions to the problem) have reached: Security needs to be unified, with threats and insights gathered in one centralized location. Silos may have had their time and place in their organization as a way to ensure each function ran well. But modern manufacturers, utilities, and healthcare organizations know that information needs to be free-flowing across all departments. What’s more, external partners must be part of the data-sharing effort, with the risks they represent fully understood and managed.
Phase Four: Implementing a Centralized Security Platform
At this point, an organization may be desperate to find any tool that can help, only to be frustrated to learn from peers who’ve acquired platforms designed for the purpose that implementation is slow and cumbersome. So, while additional planning may be the furthest thing from the minds of organizational leaders who’ve recently been attacked, they eventually see the need to carefully review their options and pick the right solution.
The advantages of converging operational technology with information technology are clear: greater efficiencies, improved capabilities, and cost reduction. But the risks are real, too.
What’s needed is a product that has anticipated the implementation challenges and devised a deployment that goes quickly and painlessly. This is what Ordr was designed to do for manufacturers, utilities, and healthcare organizations – the groups most in need of such protection – as well as other organizations needed to blend OT and IT.
Within hours of deployment Ordr discovers all pertinent information about every connected device, and new devices are discovered in real-time as they connect. All devices are understood for their vulnerabilities, recalls, weak passwords or certificates. Because Ordr scans in a passive, agentless and zero-touch manner, it doesn’t affect the operation of even the most sensitive IoT device. And no matter who the operational owner of the IoT, IoMT or OT device is, the Ordr platform can manage it: automating responses, implementing role-based access controls, and providing customized views for individual stakeholders.
The advantages of converging operational technology with information technology are clear: greater efficiencies, improved capabilities, and cost reduction. But the risks are real, too: unlocking that door that was once firmly shut. Organizations that fully embrace the promise of digital transformation while safeguarding themselves against its security vulnerabilities are in the best position to achieve their organizational objectives and serve their customers safely and effectively.
To see how Ordr can help your organization, one of our industry experts would be happy to give you a personalized demonstration. Use this request form to do so.
Brad LaPorte is a former Gartner analyst and is now a partner in the consulting firm, High Tide Advisors.