In the world of IT systems, for years we have been used to taking good security measures. After all, companies and organisations are aware of the extremely important place of computers and servers within their organisation. In many cases, without a properly functioning server park or fast and available network, the daily operation will be completely blocked. In addition, legislation and regulations ensure that more and more attention is given to data security. Whether we want it or not: the legislator or branch organisation sets requirements for the way in which we deal with data and – above all – how we should protect it.
This is not all that strange: we generally divide information security into measures with regard to confidentiality (keeping data secret), integrity (being able to rely on data and servers) and availability. Each security standard focuses on a series of measures that can be classified into one of these three categories.
Why aren’t OT systems better protected from cyber attacks?
Whereas it is common to think about information security in the traditional “IT”, we do not see that in all sectors, in particular in the so-called “OT” – Operational Technology. And it is precisely in these sectors that we are increasingly seeing dependence on computer technology: robots and sensors can no longer be ignored in a modern OT environment, but nowadays home automation and alarm systems only work with a properly functioning IT infrastructure.
It is understandable why there is less focus on information security: the underlying protocols are often decades old and have been developed in a time where encryption and authentication were still unknown concepts. In addition, it sometimes seems difficult to take suitable measures because the “OT” is often a somewhat elusive piece of technology where disruption is highly undesirable.
But this notion is not justified: our technical experts see that most technology used in OT environments is very sensitive to incorrect data entry. Even a relatively simple vulnerability scan often causes PLCs and other devices to be disrupted and no longer function correctly. The consequences can be huge. Recently, the Fortytwo team even dismantled an entire vessel due to an unexpected link between the “OT” and the “IT” part.
Security measures for the OT environment
We like to suggest that measures can indeed be taken to adequately protect an OT environment. The best first step to take in building in protection would be:
- Regular testing by performing vulnerability scans;
Such vulnerability scans are the basis of a good risk assessment and show whether there are technical risks in the area and how easily they can occur. - Firewall installation with an intrusion detection system;
the firewall ensures that the networks are adequately and logically separated and the intrusion detection functionality ensures that any failing equipment or network disruptions are discovered before a disruption of the entire environment can occur.
Do you have comments or questions regarding this article, please contact us at info@fortytwo.nl.
To read more about vulnerability scanning press here.