Operational technology (OT) Cybersecurity Standards

What is an OT network?

Operational technology (OT) is a software and hardware combination used to monitor and control various devices, physical structures, and infrastructure. Operational technology is used to monitor numerous activities in a business, ranging from vital infrastructure to robot management.

OT is commonly utilised in industrial control systems like SCADA. As this technology advances and converges with networked technologies, the necessity for OT security grows dramatically.

What are the major Cyber-attacks on various Programmable Logic Controllers Manufacturers?

OT technology is frequently utilised in factories, oil and gas sectors, aviation, and railways, among other places.

What is OT Security?

OT cyber security was traditionally unnecessary because OT systems were not connected to the internet. As a result, they were not vulnerable to outside threats. Organizations tended to bolt on specialised point solutions to address specific difficulties as digital innovation (DI) programs developed and IT OT networks converged. These approaches to OT security resulted in a convoluted network in which solutions were unable to share information and provide complete visibility.

What are the operational technology security standards?

It is never easy to create OT cybersecurity plans. Fortunately, you don’t have to create OT security plans from scratch in the real world.

OT cyber security frameworks and standards allow you to do a better job in less time (although a two-week deadline might still qualify as a nightmare). It also has the potential to save money (up to 30%, according to the ISA).

Some OT cyber security frameworks are generic, while others are industry-specific, some are proposed by public-sector agencies, others are proposed by private-sector organisations, some are mandated by the government or industry, and others are merely suggestions.

In this article, we are going to discuss which framework would be the most effective for your organization. Here we are going to examine seven of the widely used OT security frameworks

  • ISA/IEC 62443
  • CISA Cybersecurity for Industrial Control Systems
  • NCSC Cyber Security Design Principles
  • ENISA for Security of Internet of Things (IoT)
  • NIST for Industrial Control System (ICS) Security
  • Industrial Internet Security Framework
  • Critical Security Controls ICS Companion

What is the difference between OT & IT networks?

ISA/IEC 62443

The ISA/IEC 62443 set of standards recognises the variety of tasks that go into the planning, implementation, and maintenance of industrial automation and control systems. The security of an OT system is ultimately the asset owners’ responsibility, but they also need the support of their product suppliers, system integrators, and maintenance providers.

ISA/IEC 62443 was developed by the International Society of Automation (ISA) and the International Electro-technical Commission (IEC).

The main intention of ISA/IEC 62443 is for IACS asset owners, automation product suppliers, system integrators, and maintenance providers

CISA Cybersecurity for Industrial Control Systems

CISA security standards are developed by the US government’s Cybersecurity and Infrastructure Security Agency. It is intended for the ICS owners and operators, especially those that support US critical infrastructure

It’s simple to read the two-page Cybersecurity Best Practices for ICS document, which covers 8 sections. It includes:

  • Governance of risk and cybersecurity
  • Physical Protection
  • ICS Network Architecture and Perimeter Security
  • Host Security and Monitoring
  • Human Factor

On their list of recommendations, the following stand out:

  • Examine, rank, test, and apply ICS security updates.
  • Backups of system settings and data
  • Identify, scale back, and protect all ICS network connections.
  • Maintain ongoing ICS, network, and interconnection security monitoring and evaluation
  • Disable unused ports, services, and protocols
  • Enable the security features that are available and use effective configuration management techniques.
  • Train all ICS administrators and operators in cybersecurity.
  • Keep and test your incident response strategy.
  • Implement a defense-in-depth strategy based on risk to protect ICS hosts and networks.

NCSC Cyber Security Design Principles

NCSC is developed by the National Cyber Security Centre, Government of UK (NCSC).

In an arc that moves from prevention through remediation, NCSC outlines five key cybersecurity design principles:

  • Before developing a system, establish the context. Make concessions challenging.
  • Make disruptions challenging
  • Make it simpler to identify compromise
  • Minimise the consequences of a compromise

ENISA for Security of Internet of Things (IoT)

ENISA was developed by the European Union Agency for Cybersecurity (ENISA).

“Good Practices for IoT Security in the Context of Smart Manufacturing,” published by ENISA, offers best practices in 20 categories within the Industry 4.0 environment, organised into three major groups: policies, organizational practices, and technical practices.

ENISA’s key policies are These are policies and procedures that should be implemented in all enterprises that employ IIoT and address the following topics:

  • Creating security mechanisms
  • System design for privacy
  • Asset detection, administration, monitoring, and maintain security measures
  • In Industry 4.0 environments, intelligent risk and threat management are required.

NIST for Industrial Control System (ICS) Security

NIST is developed by the US Government’s National Institute of Standards and Technology (NIST)

The NIST guide is a comprehensive framework that gives information on how to secure Industrial Control Systems (ICSs) while taking the particular functionality and requirements of industrial OT into account.

The handbook covers Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as PLCs (PLC).

The NIST guide’s primary body consists of the following sections:

  • How to Conduct an ICS Risk Assessment Effectively
  • Creating and implementing an ICS security approach to reduce risk
  • Recommendations for integrating security into ICS network topologies, with a focus on network segmentation techniques

The appendices are an essential element of the value of the guide, containing lists of:

  • Threats, vulnerabilities, and events in the ICS
  • ICS security operations
  • ICS security tools and capabilities

The main intention of these OT standards are

  • Control engineers, integrators, and architects responsible for the design and implementation of secure ICSs.
  • System administrators, engineers, and other information technology workers who manage, patch, or safeguard ICS
  • Facility management is directly accountable for ICSs.
  • Senior management is interested in learning about the commercial implications and consequences of ICS security.
  • Vendors developing products for use as part of an ICS Security consultancy

Industrial Internet Security Framework

The Industrial IoT Consortium created this security standard.

It is intended for: IIoT system owners, operators, integrators, and architects, as well as business decision-makers and other stakeholders concerned with the security and trustworthiness of IIoT systems.

This guide discusses IIoT security from both a business and functional standpoint, focusing on risk management and the permeation of trust throughout the IIoT system life cycle. The latter constitutes the majority of the framework and includes:

CIS Critical Security Controls ICS Companion Guide

The Center for Internet Security created it (CIS)

The CIS Critical Security Controls (CIS Controls) is a prioritised set of actions that create a set of defense-in-depth best practices for mitigating the most prevalent assaults on systems and networks.

Because some sectors have unique needs that make it difficult to apply the CIS Controls as-is, CIS may occasionally produce a companion guide for their Controls that explains how to apply and implement the Controls for a specific industry.

Why is OT Security Important?

As industrial systems become more interconnected, they become more vulnerable. The tremendous cost of industrial equipment, as well as the damage that an assault could cause to communities and economies, are critical issues for businesses wanting to defend their industrial networks. Add outdated equipment, safety restrictions that may ban any equipment upgrades, and compliance regulations that require sensitive data to be made available to third parties, and you’ve got yourself a dilemma.

The good news is that industrial networks may be secured without affecting operations or risking non-compliance. You may implement an effective OT strategy that protects your processes, people, and profit while drastically reducing security risks and incidents by using solutions that offer total visibility of network control traffic and creating the appropriate security policies.

Why OT Security is Critical?

Using a security fabric to secure integrated OT-IT networks allows security directors to get the visibility, control, and behavioral analytics they want. Because OT and IIOT devices rely on traditional security, the network must be secured in such a way that cyber threats do not obtain access to these devices. A security fabric provides the following features to enable consistent, effective IT and OT security:

  • Visibility
  • Control
  • Continuous Monitoring

Visibility

Discover any device connected anywhere on the IT-OT network, assess trust, and actively watch activity to preserve trust. Define the attack surface and make sure that active device and traffic profiling are in place. Visibility of traffic ensures actionable intelligence, and OT security teams can specify permitted traffic, ports, protocols, apps, and services. Environmental enforcement points ensure north-south and east-west protection.

Control

Count on each OT system and subsystem to do only what it is supposed to do. Multifactor authentication guarantees that the right persons have the right permissions and access. Network segmentation and micro-segmentation offer a layered and leveled approach with control zones. Sandboxing detects dangers on the OT network and stops them from causing damage.

Continuous Monitoring

Continuous behavior analysis in OT networks assists teams in learning what, where, when, who, and how threats are known and unknown. A centralised security solution assists with logging, reporting, and analytics, as well as evaluating system activities. It also offers security event and information management, as well as security orchestration automation and response capabilities. User and device activity analysis provides OT security insights, while threat assessments assure continuous protection.

Click here to know more about cyber security