Page 31 - Cyber Defense eMagazine January 2024
P. 31
The Distinct OT Cybersecurity Environment
OT cybersecurity is not IT cybersecurity applied in a plant-floor setting. The protocols and network
languages that drive operational automation are totally different than what are common in IT
environments. OT protocols are highly specialized, and there are hundreds of them.
Many of the technologies are several decades old. The electric grid, for example, is driven by
technologies that were invented in the late 1940s and ‘50s. Modbus is a client/server protocol that is
commonly relied upon for communication among industrial electronic devices in a tremendous range of
domains, and it was originally published in 1979. These protocols were conceived and grew up in a
climate without IT concepts of, for example, encryption and cybersecurity.
Plus, because today’s high-speed manufacturing environment is so hypersensitive to networking latency,
OT protocols cannot have the tremendous number of lines of code that are often found in sophisticated
IT protocols.
The Distinct OT Needs in Discrete Manufacturing
Discrete manufacturers produce distinct unit volumes that can be disassembled, such as a car, a bicycle
or a piece of furniture. Asset owners in this manufacturing sector are very focused on production volume,
product quality, production uptime (availability) and, most importantly, human and asset safety. In the
context of cybersecurity, the challenge for the asset operator is to implement solutions that impair none
of these sometimes-competing priorities.
It’s not uncommon for security solutions to be implemented in the OT space which err on the side of
caution. The problem with such an approach is expensive overkill—they kick up alerts for relatively
innocuous network events, and, in some cases, shut down production (and revenue streams) based on
false positives.
The Growing Issue of OT Cyber Threats
Because adopting protective capabilities without jeopardizing revenues, operations and quality has
proven so challenging, many discrete manufacturers have chosen and continue to simply “roll the dice”
and do nothing to safeguard their OT environments. Or they might have a false belief that plants are “air
gapped” from the threats found in IT and the internet. Or they rely on upstream IT security solutions with
the false hope that threats will be blocked from reaching their production lines.
Until recently, they might’ve gotten by because the threat probability in OT historically has been low.
There's very little debate, however, that the OT cyber threat landscape today is growing substantially—a
fact borne out by the skyrocketing cyber insurance rates that many companies are confronting. In the
wake of high-profile incidents like the May 2021 ransomware attack on the Colonial Pipeline, the
cybersecurity insurance industry is increasingly asking very specific and tough questions around what
cybersecurity mechanisms that a company has put into place in the OT space.
Cyber Defense eMagazine – January 2024 Edition 31
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.