Targeted attacks on operational technology
In an increasingly digitalized industrial landscape, the challenges for optimal cyber security have grown considerably. Of particular concern is the rise in targeted cyberattacks on operational technology (OT), i.e. control systems, devices and components in production facilities.
Are you prepared for cyber attacks?
With the DEFENDERBOX you are one step ahead of cyber threats: Strengthen your company’s resistance to hacker attacks — especially in your own environment!
Would you like to know how secure your company is? Find out with a test setup! Book now:
Cooperation between OT and IT
OT and IT should work closely together to ensure effective cyber security. Both pursue similar cybersecurity goals: The protection and efficient operation of the respective systems. However, they differ significantly in important aspects. One major difference lies in the systems and components used. While a high degree of heterogeneity prevails in OT environments and the systems used often remain in operation for many years, the opposite is true for IT, where there is usually a high degree of homogeneity. However, the lifecycles of IT components are significantly shorter. Network traffic also differs considerably. In OT environments, proprietary protocols are often used that are designed to meet real-time requirements. Minimal latency is crucial here to ensure the smooth operation of production systems. IT systems, on the other hand, use a large number of standardized protocols. Latency times are less critical here.
Differences
What about vulnerability and patch management? In OT systems, patches are usually carefully planned and often applied outside of operating hours, as the systems are often in use around the clock and any downtime can lead to significant production losses. Regular patching in IT environments, on the other hand, is standard practice. Short downtimes during an update are usually problematic.
However, there is a significant difference in the protection goals and priorities. For OT systems, the focus is on the availability of the systems, followed by the integrity and confidentiality of the data. With IT, on the other hand, data confidentiality is the highest priority, followed by integrity and availability.
Multi-layered security concept
A successful attack on OT systems can not only cause production downtime, but also result in significant financial losses and long-term damage for companies. In order to protect OT systems, special strategies and techniques are required that go beyond the usual IT security measures.
A proven approach to cyber security for OT systems is the so-called “defense-in-depth”. This multi-layered security approach creates several levels of defense in the production environment and is based on the international industry standard series IEC 62443, which is considered the leading standard for industrial cybersecurity.
Defense-in-Depth
“Defense-in-Depth” refers to a strategy that provides for multiple security measures to protect the integrity of information. This concept covers all aspects of corporate security — intentionally redundant if necessary.
The guiding principle of a defense in depth strategy is the assumption that a single security product cannot fully protect a network from all possible attacks. Implementing multiple security products and practices can help detect and prevent attacks as they occur, allowing organizations to effectively combat a wide range of threats. This approach will become increasingly important as organizations scale their networks, systems and users.
It takes into account all key cybersecurity factors, including physical access protection to systems, organizational and technical measures to protect production networks and control systems against unauthorized access, espionage and manipulation.
This concept is usually supported by zero-trust principles that focus on the verification and authorization of communicating units. Plant operators should first carry out a comprehensive security assessment of their production environment. Such regular assessments help to identify potential vulnerabilities. Through these assessments, critical components and devices in plants that are particularly worthy of protection can be recognized and targeted measures can be taken to ensure their security.
To implement a defense-in-depth concept, various technologies and tools are used on the basis of assessment results. In the area of network security, these include industrial firewalls that have been specially developed for use in production environments, as well as network segmentation systems that control data traffic between different areas of the production environment and minimize potential attack surfaces, such as our DEFENDERBOX. In addition, intrusion detection systems (IDS) and intrusion prevention systems (IPS) are used to detect and block unauthorized access at an early stage.
EN 
DE