Securing industrial operations is a unique challenge. The same approach used to secure information technology (IT) networks can’t effectively secure plant floors.
That’s because operational technology (OT) has evolved tremendously over the years, creating very complex environments consisting of a dizzying variety of devices from different makes, models and generations communicating through different protocols.
To begin securing a plant environment, operators need visibility into all the devices and software on the network. To gain that visibility, operators need to speak all these devices’ different languages. This is easy in a corporate IT environment were devices are all IP-based. The same cannot be said of OT environments, however, as devices generally use numerous protocols and languages.
What language a device speaks oftentimes depends on the device’s type, age and manufacturer, along with other factors. Programmable logic controllers (PLCs), for example, communicate over Ethernet/IP, Modbus and Simple Network Management Protocol (SNMP). This gets even more complex given the different variations of remote terminal units (RTUs) and distributed control systems (DCSs).
Ultimately, if operators can’t talk to all the network devices, it’s difficult to know what needs to be secured. Even if the team can send signals to their devices, incorrect communication could possibly cause a shutdown and disrupt operations.
How can operators learn to converse with OT devices?
Plant operators should start by understanding what languages their devices are speaking and learn to speak them. This involves taking an inventory of the critical assets and choosing a solution that can both speak natively to these devices and monitor a wide variety of systems not typically monitored, including routers, switches, gateways, and firewalls.
They should also identify which of those devices are highly sensitive and, therefore, critical to operations.
In this case, plant operators should use a “no touch” approach with these (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Gabe Authier. Read the original post at: The State of Security