Skip to main content

Securing Operational Technology Networks: Isolating Networks and Implementing Best Practices

Key Points:

  • The main difference between operational technology networks and their IT counterparts is that the former is about processes while the latter is about data.
  • Isolated operational technology networks are vulnerable to threats even with no internet connectivity.
  • Operational technology security is crucial to meet the unique requirements of OT networks.

Operational Technology (OT) is the software and hardware that manage industrial control systems and devices. This technology is standard in various sectors, including production plants, water, and energy providers. Industrial control systems count as one of the crucial components of operational technology. They can include Supervisor Control and Data Acquisition (SCADA) systems, programmable automation controllers (PAC), and programmable logic controllers (PLC).

Examples of industries using SCADA include oil and gas refineries, telecommunications, and waste control. PLCs are common in tracking operating temperatures, starting and stopping processes, monitoring machines’ productivity, and triggering alarms. OT devices are usually highly specialized and cannot function on operating systems such as iOS and Windows.

Operational Technology Security

Operational technology networks are more complicated than information technology (IT) networks. They comprise some assets from various manufacturers unknown in the IT world. The broad range increases the attack surface, which lends cybercriminals more attack vectors. Further, operational technology systems are designed to be used in a way that sharply differs from IT systems. They mostly interact with other machines, such as sensors and industrial control systems, unlike their counterparts which operate mainly as a tool for humans.

OT’s high availability could also impact the security of the systems. For instance, taking down OT systems for malware remediation or updates is difficult. Therefore, the systems become prone to targeted attacks and malware infections.

Therefore, operational technology security is crucial to protect networks and devices in OT environments. It includes processes, organizational measures, and technologies aimed at checking and protecting the integrity of the systems. The OT environment has unique security needs, and operational technology security is designed to meet these requirements. These include protecting system availability, hindering attacks targeting the legacy systems, and understanding OT-specific protocols, thus ensuring a fault-free operation.

Is Isolating Operational Technology Networks an Adequate Security Measure?

An air gap has been the main way of securing OT devices within crucial industrial and infrastructure environments. It is a process of physically isolating OT devices and, in many cases, the entire operational network environment from external networks and the outside world.

Air gapping has worked well for operational technology security for decades. But using air-gapped systems safely is a challenge. What one can usefully achieve in an air-gapped environment where there is complete separation from all external data is limited, especially for tasks requiring frequent or live data updates. Therefore, the environment is inconvenient for computer operators.

Many computer tasks may sometime require that data be ingested. Further, data processed on an air-gapped device may require transfer to make it available or useful to others who need it. This transfer presents a significant risk since the air-gapped systems have a false sense of security that they are inherently safe due to a lack of internet connection. Maintaining the integrity of the air gap requires that data transport in and out of the OT environment be equally subjected to high levels of security. Therefore, isolating operational technology networks isn’t adequate unless additional security controls exist.

Operational Technology (OT) Security Best Practices

OT environments usually lag behind their IT ones on security. Implementing OT security best practices remains the best way to secure the operational technology environments and systems against cyber threats.

Below are the most common practices:

OT Asset Discovery

OT networks can be complicated, and many organizations lack full visibility into their operational technology resources. The problem is more complex since the operational technology network could spread over several geographic sites or factories.

Complete visibility into the devices connected to the OT networks is the first step to effectively protecting them. Therefore, OT device discovery is crucial in an operational network security strategy.

Network Segmentation

Network segmentation allows the separation of assets within the network. A firewall that understands OT-specific protocols can monitor traffic for potentially malicious commands or content and implement access controls across operational technology network segment boundaries.

Here are levels of OT network segmentation based on the classification and function of OT devices:

  • Flat Networks: The networks have no segmentation. Their control and visibility are limited, and any attack can spread in any direction (north-south and east-west) throughout the network.
  • L2 Segmentation: L2 segmentation combines VLANs and switches and limits the impact of a security-compromised device, with each zone having a VLAN. But there is no payload visibility, no east-west traffic inspection or segmentation, and inter-zone access control is limited.
  • L3 Segmentation: Assets that fall under this segmentation use VLANs and switches. However, each device has its VLAN. Determining which device can communicate to which is easy in this arrangement. However, the segmentation is brittle, with changes needing expensive planning. Also, any error can easily cause downtime.
  • L7/L3 Segmentation: When networks achieve L7/L3 segmentation, the amount of achievable granularity enables high visibility and control. It is easy to determine the devices on the OT network and the applications running. Besides, the difference between sending and reading a value is visible. This level of micro-segmentation also makes it easier to visualize the network’s physical and logical topology.

OT Threat Prevention

OT cybersecurity strategies are usually detection-focused because threat prevention tools may give false positive errors. For instance, they may block a legitimate operation as malicious, especially if it is not well labeled, thus impacting the availability and performance of the system. A threat prevention approach helps an organization better secure its OT assets when cyber threat actors are increasingly targeting operational technology systems.

Improving OT Network Security

Isolating OT networks from other enterprise systems could be deemed good for security. But even operational network systems with no internet connectivity are not fully protected against cyberattacks. Threats can come from within, e.g., when a staff plus a malware-infected USB flash drive into machinery. Therefore, isolating OT networks isn’t adequate for cybersecurity. There is a need for additional OT security cyber practices.

Envizion IT is an experienced IT solutions provider offering customized and affordable managed IT services. Our goal is to help lower your organization’s IT costs while providing high-quality support. Contact us today to learn more about our services or to request a quote.