What keeps OT security specialists up at night? It’s mostly problems from the IT world, says Andy Norton, European Cyber Risk Officer at Armis.
Operational technology (OT) used to be the specialist networks nobody in IT bothered with, or perhaps thought they didn’t need to. For a while, that seemed reasonable; OT networks were usually isolated from IT operations, sat behind air gaps, and ran on obscure operating systems.
Then organisations across every sector of energy and critical infrastructure started connecting to IT networks due to performance efficiencies, production boost and, ultimately, monetary gain. Networking, remote management, and wireless connectivity were all the rage and it made sense for IT and OT to be one from an admin point of view. Pretty soon OT stopped being the safe backwater everybody had assumed it was.
Organisations, and increasingly regulators, must now live with the implications of this for cybersecurity. Although examples of severe compromise remain largely hypothetical, there have been several real-world attacks from energy infrastructure in Ukraine to water plants in Florida to underline that if things went south, it could happen very suddenly.
At the same time, the number of OT connected systems and devices is surging, covering everything from supervisory control and data acquisition (SCADA), manufacturing execution systems (MES), discrete process control (DPS), programmable logic controllers (PLCs), telematics, robotics, and even personal technologies such as the Internet of Medical Things (IoMT).
With isolation disappearing as these systems are connected to mainstream IT networks, the question is how organisations should approach the security problem anew when doing noth ..
Support the originator by clicking the read the rest link below.
