Page 31 - Cyber Defense eMagazine January 2024
P. 31

The Distinct OT Cybersecurity Environment

            OT  cybersecurity  is  not  IT  cybersecurity  applied  in  a  plant-floor  setting.  The  protocols  and  network
            languages  that  drive  operational  automation  are  totally  different  than  what  are  common  in  IT
            environments. OT protocols are highly specialized, and there are hundreds of them.

            Many  of  the  technologies  are  several  decades  old.  The  electric  grid,  for  example,  is  driven  by
            technologies  that  were invented  in the late  1940s  and ‘50s.  Modbus  is  a client/server  protocol  that is
            commonly relied upon for communication  among industrial electronic devices in a tremendous range of
            domains,  and  it was  originally  published  in  1979.  These  protocols  were  conceived  and  grew  up  in a
            climate without IT concepts of, for example, encryption and cybersecurity.

            Plus, because today’s high-speed manufacturing environment is so hypersensitive to networking latency,
            OT protocols cannot have the tremendous  number of lines of code that are often found in sophisticated
            IT protocols.



            The Distinct OT Needs in Discrete Manufacturing

            Discrete manufacturers produce distinct unit volumes that can be disassembled, such as a car, a bicycle
            or a piece of furniture. Asset owners in this manufacturing sector are very focused on production volume,
            product  quality,  production  uptime  (availability)  and,  most importantly,  human  and asset safety.  In the
            context of cybersecurity,  the challenge for the asset operator is to implement  solutions that impair none
            of these sometimes-competing  priorities.

            It’s not  uncommon  for  security  solutions  to be implemented  in the  OT space  which  err on the  side of
            caution.  The  problem  with  such  an  approach  is  expensive  overkill—they  kick  up  alerts  for  relatively
            innocuous network events, and, in some cases, shut down production (and revenue streams) based on
            false positives.



            The Growing Issue of OT Cyber Threats

            Because  adopting  protective  capabilities  without  jeopardizing  revenues,  operations  and  quality  has
            proven so challenging, many discrete manufacturers  have chosen and continue to simply “roll the dice”
            and do nothing to safeguard their OT environments. Or they might have a false belief that plants are “air
            gapped” from the threats found in IT and the internet. Or they rely on upstream IT security solutions with
            the false hope that threats will be blocked from reaching their production lines.

            Until  recently,  they  might’ve  gotten  by  because  the  threat  probability  in OT  historically  has  been  low.
            There's very little debate, however, that the OT cyber threat landscape today is growing substantially—a
            fact borne  out by the skyrocketing  cyber  insurance  rates that many  companies  are confronting.  In the
            wake  of  high-profile  incidents  like  the  May  2021  ransomware  attack  on  the  Colonial  Pipeline,  the
            cybersecurity  insurance  industry is increasingly  asking  very specific  and tough questions  around  what
            cybersecurity mechanisms that a company has put into place in the OT space.






            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          31
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   26   27   28   29   30   31   32   33   34   35   36