What is OT Security?

-

A non-theoretical explanation of OT Security.

In our normal Cyber Security practices, OT Security is an unusual keyword. Be it LinkedIn or Job portals the search results fetched using OT Security are mere small compared to other Cyber Security keywords.
But in the practical world, OT is the most important term and line of service for any industry.

If you look at the image the orange portion is the IT network. This IT network grabs most of the cybersecurity budget of an organization. We design secure networks, deploy firewalls, write ACL rules, and implement SIEM solutions to protect the IT infrastructure. Why?

Because of inherent ideas, we assume systems that are connected to the internet and visible as a desktop or laptop are the attack surface of a cyber adversary. But if the revenue generation is taken under consideration then it can be observed that these systems are only supporting elements of operations, finance, sales, etc. Obviously, these are very important components of an organization but the real revenue generator is the product that the organization makes. So production is the key area of that organization. Which is marked in green and resides in the right.
Technically this part is called Industrial Control System Network (ICS Network).  
ICS network comprises of control stations, DCS, HMI, PLCs, sensors, and end mechanics which directly control production procedure and heavy machinery work. 
These components are connected in a separate network which is often called the OT network or ICS Network. 
This OT network is usually connected to the IT network through firewall for analytics or monitoring purposes. Usually, the OT network is an isolated network and has no connectivity to the internet but sometimes it requires the internet to upgrade the firmware of control systems and end devices. 
So attack surface in the OT network is unusual and threats are also different from IT networks. Securing OT network is a tough job due to unknown characteristics of threats and dusky attack surfaces. Advanced Persistent Threats are also a big headache in this environment. 
Implementing SIEM solutions in the OT environment is also a cumbersome task as many plant systems found to be isolated and use obsolete software components. 

Now if the network components are looked closely it can be found that between OT and IT there lies Scada or control network.SCADA is nothing but a way to control all OT components from a central area. This consists of MTUs, workstations, historian servers, application servers, human-machine interfaces, etc.  As SCADA operates closely to ensure central controlling purpose it is an important factor while securing the OT environment. 
As a whole OT Security comprises of both IT and OT security with an added entry of SCADA security.

This post can be confusing if you are stumbling upon suddenly but it went complex due to the practical approach. I would appreciate the improvement points.







Comments

Post a Comment

Popular posts from this blog

Demystifying SCADA Testing - P1

-
Image
There is a big difference between doing pen-tests in IT and doing it in SCADA. Tools and methodology outlines will be almost the same but the main concern is availability. You need to know certain things before attempting to find flaws in industrial networks. Else, you won't realize why shift managers were rushing here and there while you were sitting in their control room with your test laptop. Approach: Always remember we are not trying to prove anything by breaking stuff ruthlessly. A PLC or RTU, stuck in a loop, can delay production for several hours, creating not-so-funny consequences. While trying to assess cyber risk in plants our aim should be clear. Here are few points to keep in mind. Find out unnecessary hosts in the network. These hosts can be legitimate, else they are leaking into the plant network by a badly configured switch or the plant team was badly stuck with finance and they have used a generic switch (those household tp-link/d-link devices).  Try to impersonate...
Read more
-
Image
  M ongoDB is a popular NoSQL database that has been widely adopted by many organizations for its scalability and flexibility. However, with the increase in cyber attacks, it is important to ensure that MongoDB databases are secure to prevent data breaches. As a security engineer, I had to face challenges while creating security checks and security plans on MongoDB. I am trying to collate the sweeter grapes of that journey in this write-up. Some resources might seem a bit high-level, but these can be utilized to come down to a granular level as per your org setup or requirements. Let’s begin :) Authentication MongoDB provides authentication features that allow users to access the database only after providing valid credentials. MongoDB supports several authentication mechanisms, including LDAP, Kerberos, and x.509 certificates. However, SSO integrations for authentication have been the best approach so far. There are various SSO providers, as an example you may use OKTA as SSO inte...
Read more