OT Cybersecurity FAQs

Operational technology (OT) refers to the hardware and software that controls or monitors assets used to automate physical processes. In doing so, it collects a wealth of information about the assets and processes it monitors that is useful for detecting important changes, both anomalies from the baseline and cybersecurity threats.

IT/OT convergence is the integration of information technology systems with operational technology systems, enabling physical systems to communicate with digital networks. It occurs when IT and OT devices connect or interact with one another within the same environment, sometimes unintentionally.

IT security focuses on protecting data from unauthorized access or modification. OT security involves protecting the safe and reliable operation of physical processes.

When calculating OT risk you must factor in not just vulnerabilities but vulnerability risk, alert risk, communication risk, device risk, asset criticality and compensating controls. You can then prioritize mitigation based on asset exposure, likelihood of compromise, potential impact and organization risk tolerance.

IT endpoint security agents don’t work in OT because they’re heavyweight and disruptive, can’t understand OT/IoT protocols and aren’t trained on OT environments so detect the wrong threats.

Short Description: Comprehensive risk management in OT environments requires both signature-based threat detection and AI-powered behavior-based anomaly detection techniques to uncover known cyber threats as well as operational anomalies and zero-days.

Passive network monitoring is the standard for ICS asset inventory and threat and anomaly detection, but today industrial environments can safely rely on a combination of passive network and wireless monitoring as well as active polling, remote collection and endpoint security techniques.

Because of their ability to rapidly analyze and correlate data at scale, AI and ML are accelerating nearly every aspect of cyber defense including asset inventory and intelligence, behavior baselining, anomaly and threat detection, event correlation, risk prioritization and noise reduction.

Regardless of who owns the budget, the ideal OT security team includes plant managers, engineers, operators, cybersecurity analysts, network managers and system administrators working together to purchase the right solutions, ensure successful adoption and manage ongoing maintenance.

Many basic cybersecurity practices carry over from IT to OT, with greater emphasis in areas such as segmentation and continuous monitoring to compensate for infrequent patching opportunities.