Situational Awareness in OT

Share

Summary

Understanding situational awareness in Operational Technology (OT) environments is crucial for cybersecurity. This presentation highlights the significant differences between IT and OT security priorities, the challenges of implementing security measures in OT, and the importance of comprehensive asset visibility for NIS 2 compliance and overall risk management.

Highlights

Introduction to Situational Awareness in OT
00:01:10

The speaker introduces the concept of situational awareness in OT, emphasizing the need to know 'everything about everything' within an OT environment. Unlike IT, where data protection is paramount, OT security prioritizes safety, uptime, and production continuity. OT encompasses various sectors like healthcare, manufacturing, and critical infrastructure, where systems often operate for 15-20 years, making them inherently different from typical IT environments.

Key Challenges and Risks in OT Security
00:02:35

OT environments face several security challenges due to their relative immaturity in cyber security. These include a lack of visibility, which hinders risk assessment, segmentation design, and incident response. The traditional CIA triad (Confidentiality, Integrity, Availability) is reversed in OT, with Availability (preventing downtime) being the top priority, followed by Integrity (ensuring processes operate as designed) and then Confidentiality. Safety is paramount, and production managers prioritize output, safety, and reliability over addressing CVEs. Other major risks include obsolescence, uncontrolled remote access, internet exposures, and the exposure of OT assets to IT systems.

Understanding Different Tiers of OT Systems
00:13:42

OT systems are categorized into three tiers, each requiring a different approach to security: safety-critical, production-critical, and OT support systems. Safety-critical systems, such as those monitoring pressure or temperature, are designed to prevent human injury or catastrophes, and patching them often requires regulatory approval. Production-critical systems generate revenue, and any change or downtime leads to financial loss. OT support systems are more akin to IT systems within the OT environment, controlling configurations and being primary targets for attacks.

OT Vulnerability Prioritization and Patching Reality
00:20:21

Unlike IT, where vulnerabilities are patched quickly, OT patching is a complex process. Every change is a significant operational risk, potentially affecting safety certifications or requiring costly re-certification. Downtime is not an option for many OT systems, which lack the redundancy common in IT. Vulnerability prioritization in OT considers factors like network exposure, asset criticality, exploitability, patch availability, regulatory approval, vendor re-certification, blast radius, operational sensitivity, and asset lifecycle.

The Importance of Segmentation and NIS 2 Compliance
00:26:21

Segmentation is identified as the highest impact control in OT cybersecurity, as 60-75% of vulnerabilities require network access to exploit. Proper segmentation limits lateral movement, reduces the attack surface, and enables proportionate monitoring. The NIS 2 directive and Cyber Fundamentals highlight the mandatory requirements for asset inventory, classification, and understanding the significance of assets to an entity's operations. This detailed visibility is crucial for compliance and effective risk management.

Building a Robust OT Cybersecurity Program
00:33:42

An effective OT cybersecurity program involves a project kickoff to define critical services and strategy, anchored in frameworks like NIS 2.0 or IEC 62443. It requires comprehensive understanding of all assets, risks, threats, and vulnerabilities, followed by threat and risk assessment. Key remediations include network segmentation, secure remote access, and life cycle management. This is a continuous improvement process, with significant maturity jumps possible in areas like network segmentation.

Q&A: EU Focus on Digital Sovereignty and AI in OT
00:37:20

In response to a question about EU focus on digital sovereignty, the speaker recommends familiarizing oneself with the Critical Entities Resilience Act (CER) and Dora (Digital Operational Resilience Act), particularly regarding dependency mapping and supply chain understanding. When asked about AI in OT, the speaker expresses caution, especially concerning autonomous decision-making in safety-critical systems, preferring AI's use for gap analysis in policy alignment rather than direct operational control due to potential risks to human life.

Q&A: Impact of High-Profile Attacks on OT Security
00:41:28

Addressing the impact of incidents like the Colonial Pipeline and Jaguar Land Rover attacks, the speaker clarifies that these were primarily IT incidents that cascaded into OT, causing operational disruption due to dependencies. This highlights that OT is often a casualty of IT attacks, underscoring the critical need to understand and manage IT-OT dependencies and possibly even consider separating IT and OT systems to protect operational resilience from IT-borne threats.

Recently Summarized Articles

Loading...