Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Robot arm with industrial employee
  • Technical contribution
  • OT Security

OT security: why it is essential for companies and how to ensure it

According to a recent study by Sophos, OT systems were used as a gateway in almost half of all cyber attacks. Although many companies are already taking measures for OT security, most are also relying on external experts. But what exactly is OT security, why is it so important and who should be responsible for it?

What is OT security?

OT security encompasses the entirety of hardware and software used to monitor, detect and control changes to devices, processes and events. It is mainly used to protect industrial systems and networks from attacks, such as power plants, transportation networks and smart city devices. In contrast, IT security focuses on ensuring the confidentiality, integrity and availability of systems and data.

OT environments often contain a mix of older devices that are not normally found in IT environments. Since each device type has different revision numbers, maintaining an up-to-date patch management program can be difficult. As the Internet of Things (IoT) becomes more prevalent, the worlds of operational technology (OT) and information technology (IT) are growing closer together, putting them in the sights of cybercriminals.

 

Who should be responsible for OT security?

It is less about the specific structure or a specific title, but rather a clear commitment from top management and clear responsibilities. The management should appoint a person who is responsible for all security issues and who is given the necessary resources and authority. This person must set standards and rules, put them in writing, publicize them within the company and ensure that the rules are put into practice on a day-to-day basis, for example through regular staff training. In addition, this person should prepare the company for emergencies and regularly simulate worst-case scenarios - because it is only in practice that weaknesses become apparent that no one had previously thought of.

Why is OT security becoming more important? The most important developments

  • Legal changes: In 2023, the cyber security landscape underwent an upheaval, particularly in the OT and IT sectors. Governments around the world revised laws and standards to improve security in critical infrastructure areas. In the US, new regulations to strengthen cyber security through a Zero Trust Architecture and the modernization of IT and OT infrastructure.
  • Increased budgets: Budgets for OT IT security continue to increase, with the protection of critical OT assets and data security a top priority. The changing threat landscape and the impact of recent incidents have prompted companies to improve their defenses against cyber threats in the OT-ICS space.
  • Supply chain security: Cyber security risks in the supply chain and with third parties are increasingly coming into focus worldwide. In the US, Executive Order 14028 focuses on “Cybersecurity Supply Chain Risk Management”, and the NIS2 directive in Europe significantly strengthens the requirements.

Conclusion

Devices in the OT sector have a significantly longer service life than in IT. While a life expectancy of five years is already high in IT, OT devices are operated for up to 20 years or longer. This is due to the high acquisition costs and the fact that they are often individual solutions that are not freely available and are more complex to implement. The security of OT is crucial as it controls and monitors critical physical processes. Companies should develop a comprehensive security strategy based on proven standards and solutions to successfully meet the challenges.

Guest article by our content partner "Der Marktplatz IT-Sicherheit"

Written by Dunja Koelwel

close

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.