Traditionally, most manufacturing industries, whether process manufacturing or discrete manufacturing, rely on OT (Operational Technology) systems, such as Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition systems (SCADA) to ensure efficient manufacturing processes, so that the resulting end products are of the highest quality, at cheaper cost and ease of operations. OT systems by definition are the computer systems that control the physical state of a system or processes.
Threats to OT systems ranges from malware to sabotage to data theft or data manipulation, with serious consequences. Industrial Control Systems (ICS) and SCADA and such broad category of systems are generally known as OT (Operational Technology) systems and OT Security implies implementing security controls around these systems.
The impact of breaches to OT Security is felt on Personnel Safety, Availability of critical manufacturing processes, loss of data integrity, data confidentiality and data theft particularly of IP (Intellectual property).
Hence, the threats which are constantly attempting to breach these controls need to be constantly monitored and managed on a 24X7 basis from an OT-SOC (Operational Technology Security Operations Center).
Earlier, OT systems were mostly stand-alone systems, operated by trained humans to control various elements of the manufacturing processes. However the scenario is changing fast as a run up to Industry 4.0. With the proliferation of Information Technology (IT) and networked OT systems, many of these systems need to be connected online to make optimal use of the new technologies, such as Big Data, Machine learning, Artificial Intelligence and 3D printing that results in efficient productivity. Broadly categorized as Industry 4.0, these new technologies bring in added risks which were earlier associated only with IT systems. This changes the dynamics of managing cyber security risks in these industrial control systems. This becomes all the more critical because, impact of security breaches in these OT systems affects reliability and safety of both personnel, plant and material.
With the advance in OT systems and the advantage of analytics and data mining capabilities of IT, IT-OT Convergence is a natural progression. While on the one hand we need to segregate the IT-OT systems and their networks, in order to prevent the threats and malicious activities spreading from one to the other, on the other hand for the sake of taking advantage of newer capabilities of IT, such as data mining, data analytics and cloud storage, unified processing of OT and IT data at the logical layer and the need to integrate the processing of real-time threat data, the solution is to integrate OT and IT Cyber security operations.
The integration brings in its own challenges – technical, operational and cultural. Technical challenges are mostly in terms of the diversity of data formats, the communications protocols and the difficulty of parsing and normalizing diverse types of data in a unified, normalized form. The operational challenges may manifest in modifying operational processes and changes to organizational structures. The cultural challenges may come in the form of reluctance of the traditional OT personnel sharing their data with the IT teams and the results of analysis which may point out to flaws and weaknesses hitherto not known and the need for the OT personnel to learn and adapt to new technologies and processes.
Overcoming these challenges can be eased by the adoption of OT-IT integration by means of an integrated OT-IT SOC, whereby all the threats are monitored and systems are managed by single, well trained experts of the OT-IT SOC.