Spaghetti: great for dinner, not so tasty for OT Security

Internet of Things (IoT) is changing Operational Technology (OT) in amazing ways, taking data out of proprietary vendor silos, connecting folks that are not on the plant floor to real time operations data, and truly enabling fleet optimization in functions like maintenance, trading, and sustainability. Initiatives like smart manufacturing depend on industrial control system data being accessible at the enterprise level and industrial asset data being contextualized to create a common view of the truth.

While these changes are solving some big problems, the implementation of this technology can bring significant security risks. These IoT devices and service providers with remote access create new holes in firewalls, more software and devices to manage, and more vendors to review. 2021 was no party for OT security teams, securing more remote access and IoT devices while dealing with aging workforces and understaffed teams (there are 600,000 unfilled security roles in the US alone). One industry veteran told me that OT reference architecture is starting to look like a pile of spaghetti coming in and out of layer 3 of the Purdue model. Notorious B.I.G. said “Mo Money, Mo Problems”. These days, industrial cybersecurity teams would say “Mo IOT, Mo Problems”.

So how can we flip the script, from IoT creating more attack surface on the plant floor to IoT serving and enabling our security teams? The same OT asset contextualization and secured access that have enabled operations teams can supercharge our security analysts to understand how vulnerabilities and remediation will impact industrial processes. When security analysts have insights into potential process and operational impacts, they can take more immediate actions to respond and recover from security events.

Industrial data operations can solve some major challenges managing industrial service providers. Remote service providers can access operational data directly from the industrial data operations layer in lieu of connecting directly to control networks. The data operations layer secures data (encrypted in transit and at rest), minimizes direct connections into lower levels of industrial networks, adds highly granular access control (mesh), and facilitates monitoring at scale. Post-COVID, remote service contracts will continue to grow in the industrial space. Dragos reported that in 2021, external (remote) connections to OT more than doubled with 70% of companies allowing remote access to service providers, often providing unchecked access to automation systems.

We have to engage security teams as an integral part of digital teams, not just as a reviewer after technology has been piloted. We can challenge our digital innovation teams to leverage the same industrial data contextualization layers leveraged by operations and maintenance to address key security user stories. Let’s invite security teams to the Industry 4.0 party in 2022 and to quote Biggie again, 2022 should be the year that IoT “went from negative to positive” for security teams.

Read more on how IR 4.0 can support security teams in critical infrastructure.

See Cognite Data Fusion® in action

Get in touch with our product experts to learn more and identify quick wins