What is OT security? Explaining the difference and importance of IT security

0
50
In recent years, we have begun to hear the term ” OT security ” in place of “IT security.” OT refers to control technology for industrial control systems, but OT security is similar to IT security.

In this article, we will introduce the characteristics and differences between OT security and IT security, as well as key points for OT security measures.

What is OT security?  Explaining the difference and importance of IT security

table of contents

  1. Different security measures for OT and IT
  2. OT security
  3. IT security
  4. The need for OT security
  5. Key points for OT security measures
  6. summary

Different security measures for OT and IT

In contrast to “IT (Information Technology),” which means “information technology,” “OT (Operational Technology)” refers to technology for controlling and operating factory hardware in the manufacturing industry . Both require security measures in common, but specifically for OT, it would be unprofitable to shut down the factory every time security measures are implemented, so the impact on system operation is important. Measures must be taken to minimize this.

Let’s compare the differences between the two in terms of their features and security measures.

OT security

OT (Operational Technology) literally translates to “operational technology,” but in a broader sense, it refers to control technology and systems that optimally operate the equipment and systems necessary to function social infrastructure such as transportation, electricity, and water. It is an operational technology. This OT refers to the control technology that operates industrial control systems called “ICS (Industrial Control Systems)” in the manufacturing industry .

Industrial control systems remotely control machine tools and control equipment in manufacturing plants, but traditionally they have been configured as closed networks that are basically separated from the Internet or in-house LAN and use only proprietary protocols. I did.

In recent years, machine tool operating data is often uploaded to the cloud and used for maintenance parts management and overall factory performance management, and the number of industrial control systems that are connected to in-house LANs or the Internet is increasing.

The major difference from IT security is that OT security does not perform vulnerability scans (active scans) while the system is running because there is a possibility of system outage. Also, regular patching and OS updates are not recommended as they may cause system outages.

IT security

IT (Information Technology) is literally translated as “information technology” and is a general term for computer and information communication technology. The scope of IT is wide, but specifically it refers to technology that utilizes computers and Internet networks to aid corporate activities and personal lives.

In other words, IT security means taking the necessary measures to ensure that you can continue to use the Internet, computers, and information with peace of mind. Specifically, measures are required to prevent important information from leaking outside and to prevent malware infection.

The characteristics of IT security are that vulnerability scanning (active scanning) is possible while the system is running, and that regular patching and OS updates are recommended. These characteristics are the exact opposite of the OT security described above, so it can be seen that conventional IT security common sense does not apply to OT security.

The need for OT security

Traditionally, industrial networks connected control devices to controlled machines and exchanged data via the devices, but there were a limited number of access points that could be connected to the company’s LAN. Furthermore, because industrial networks are often configured with proprietary operating systems and communication protocols, it has been thought that the risk of cyber attacks is low.

On the other hand, in December 2015, there was news for a time that a Ukrainian power company’s industrial control system was attacked by a cyberattack, causing a large-scale power outage. This case proves that if an industrial control system is attacked even once, not only the companies and organizations that have installed the system, but the entire social infrastructure and corporate foundations will suffer a major blow.

This attack on a Ukrainian power company has brought increased attention to OT security.

At the time, industrial networks were often configured as closed networks and were even considered unrelated to security measures. Of course, there was no concept of OT security, and the company did not even have a security officer.

In recent years, industrial networks have undergone major changes in order to improve the efficiency of the entire factory.

For example, industrial control systems now use standard protocols such as TCP/IP instead of traditional proprietary protocols. By using standard protocols, access to the company’s LAN became easier.

Additionally, one of the things that becomes possible when an industrial control system is connected to an in-house LAN is the ability to collect information from the control system, collaborate with external parties, and analyze the information. The analysis results are fed back to the control system via the company LAN.

In this way, as systems that link industrial control systems and external networks are increasing in order to analyze and improve overall factory operations, companies that have not taken this approach seriously are starting to implement OT security. I can no longer avoid it.

Cyber ​​attacks on industrial control systems are increasing year by year, and if they are targeted, the damage can be widespread, so OT security measures are essential.

Key points for OT security measures

Industrial control systems have different characteristics from IT systems, so countermeasures tailored to these characteristics are required. The characteristics of industrial control systems and the points of corresponding OT security measures can be summarized as follows.

  • While IT security protects information, OT security is performed to maintain the continuous operation of equipment, products, and other things and services.
  • Industrial control systems support social and industrial infrastructure, so if they stop operating, the impact is immeasurable. Therefore, OT security takes measures with an emphasis on continuous operation.
  • Industrial control systems are also infrastructure infrastructure, and the leakage of confidential information would have a major impact, so confidentiality is important.

In addition, the causes of security damage in industrial control systems in the past have been classified into the following four categories, and measures must be taken to focus on these points.

  1. Intrusion of threats from USB memory
    In industrial systems such as machine tools, there are frequent opportunities to exchange data via USB memory. As a result, there have been many cases of malware intruding via USB memory.
  2. Threat intrusion through maintenance lines
    When performing remote maintenance on industrial machinery, there have been many cases where security has been infiltrated through maintenance lines.
  3. Threat Intrusion from Operation and Maintenance Terminals
    There have been cases where malware has infiltrated control systems from operation and maintenance terminals that have been infected with malware.
  4. Threat infiltration by insiders
    There have also been confirmed cases where insiders within organizations intentionally leaked information. Physical security can easily be breached if someone inside the organization is involved.

For IT equipment used by general users, there is no concept of using an operation terminal or maintenance terminal. Additionally, the use of USB has been on the decline in recent years, and OT security tends to be viewed as something difficult to consider from an IT security perspective.

In OT security, it is important to recognize that conventional IT security common sense does not apply, and to take countermeasures. However, in recent years, the technologies used for both IT and OT have become more common, so it is expected that the barriers between the two will soon disappear. Regardless of which security measures are taken, there will likely be more situations in the future where knowledge of both IT and OT will be required.

summary

Basically, OT security requires countermeasures based on concepts that are not found in IT security. However, in recent years, these barriers are disappearing, partly because the technologies used in IT and OT have overlapped.

When introducing OT security in the future, it is important to acquire knowledge of both IT and OT, rather than focusing solely on OT.

LEAVE A REPLY

Please enter your comment!
Please enter your name here