Navigating the Complexities of OT Cybersecurity: A Comprehensive Overview

Launching Insights into OT Cybersecurity Following the publication of my top 10 predictions for the future of Operational Technology (OT), I have received numerous requests to expand these insights into a series. This series caters to a broad audience, including IT and OT professionals, CISOs, corporate leaders, students, and recent graduates. It provides a foundational understanding of complex OT cybersecurity topics.

What Are Our Goals?

This series' main objective is to address real-world challenges, clarify misconceptions, and guide readers through the key components of an enterprise OT cybersecurity program. It aims to debunk common myths that often mislead asset owners.

Why Is OT Cybersecurity a Dilemma?

For decades, industries reliant on Operational Technology (OT) have operated their critical infrastructure within distinct physical and organizational silos managed by specialized operators. Traditionally, each vendor's control system was proprietary, featuring unique hardware, software, and operating systems. However, pressures such as cost reduction, a shortage of technical skills (especially in hardware maintenance), and the push toward digitization have driven the demand for more open and integrated systems. This shift is evident in PLCs and SCADA systems, although DCS systems have not fully transitioned to open systems due to asset owners pressing vendors to extend the lifespan of older systems.

Navigating the Complex Landscape of OT Systems

Drawing from my experience on the asset owner side, including work with enduring systems like the Honeywell TDC 3000—operational for over 25 years—I've gained deep insights into the myriad challenges faced in operational technology.

Within any given large operation, one may encounter an array of Industrial automation systems, from Experion with its various releases to TPS, Experion TPS, Emerson DeltaV, and Foxboro IA, alongside diverse types of PLCs and SIS.

Each system brings its own set of protocols, network challenges, proprietary equipment, maintenance, expansion, and upgrade difficulties.

This assortment often leads to complex, flat network architectures as new expansions—called 'brownfields'—are implemented alongside older ones without proper network integration. Over time, this results in significant gaps in network design, while there is always a gap in system patches and updates, further exposing these industrial automation systems to vulnerabilities for which they were not originally designed.

Such challenges underscore the pressing need for strategic approaches to system integration and cybersecurity to mitigate risks and enhance operational efficiency in the ever-evolving industrial landscape.

How Does IT/OT Integration Transform Security?

Integrating IT and OT environments is becoming more common, driven by digitalization inspired by the pandemic, which has led to adopting solutions not originally designed for OT, such as access management. This development is breaking down traditional barriers and expanding the attack surface of our critical infrastructures. Today, disrupting OT systems doesn't require state-sponsored actions; even simple attacks exploiting known vulnerabilities can be effective, exacerbated by a general lack of awareness.

Addressing the Skills Shortage

The convergence of IT and OT has necessitated a collaborative approach under unified leadership to tackle integration challenges effectively. Reports indicate that over 60% of industry professionals cite a "Shortfall of OT Cybersecurity skills" as a major barrier to enhancing security, with over 50% pointing to a lack of awareness about OT threats as a primary concern.

What Are Key OT Systems?

Technological evolution has significantly enhanced the control and monitoring capabilities of various systems in industrial automation. At the heart of this progression are Programmable Logic Controllers (PLCs), Distributed Control Systems (DCS), and Supervisory Control and Data Acquisition (SCADA) systems, each playing a key role in the modern industrial landscape.

Diving Deeper into Technology

PLCs are digital computers designed explicitly for automating electromechanical processes such as controlling machinery on factory assembly lines, hot oil heaters in a gas plant, or gas turbines in a power generation facility. They are programmable, allowing them to perform a wide array of functions, including logic, sequencing, timing, and counting based on inputs and outputs they receive. PLCs are known for their robustness and are predominantly used to handle discrete events. They are also more cost-effective, making them commonly used in automation discussions.

DCSs are predominantly used to manage complex operations across large industrial plants that require more processing power and distribution ability to enhance logic processing speed. A DCS is meant to be the main control system automation in a larger plant to handle the main process control tasks while integrating various subsystems (often controlled by PLCs) through a centralized control structure, providing high reliability and process integrity. DCS systems are essential for continuous processes such as those in chemical plants, power generation, and other operations requiring high precision and control. They are much more expensive than PLCs.

SCADA systems facilitate high-level process supervisory management using data acquired from remote sensors and controllers (PLCs or, in large companies, DCSs). They are crucial for monitoring and ensuring the efficient operation of distributed systems, from water supply networks to power grids and oil and gas wellheads, enabling real-time data collection and supervisory control from a central location.

Exploring Interconnectivity and Control

PLCs are always part of SCADA systems and could be part of a DCS-wide integrated industrial automation network; SCADA can also have a DCS as part of its widely covered remote industrial automation network. Each system has its communication protocols, some standard and some proprietary, as well as network architecture and programming languages.

Understanding PID Control

An integral component within these systems is PID (Proportional-Integral-Derivative) control, a feedback control system widely used in industrial control systems to maintain continuous control variables like temperature, pressure, or speed at desired setpoints.

PID control is to industrial automation engineers what Ohm’s law is to electrical engineers.

The methods used to set the parameters of a PID controller depend on the error value, which is the difference between the process output and the setpoint. Although automation has been available for years, setting the parameters for a PID controller is still manual in many cases. Also, many operators today use advanced technology not to enforce the tuning values but to use them as guidance for manual tuning. I have witnessed this happening in various industries and countries. I am wondering about the shift to autonomous and trusting the machine to define the set point value.

The Evolution of Industrial Automation

The technological evolution has significantly enhanced control and monitoring capabilities through devices like PLCs, DCSs, and SCADA systems. These systems manage everything from assembly line automation to complex operations across large industrial plants, with PLCs handling discrete event processes and DCSs managing continuous processes like those in chemical plants and power generation. SCADA systems provide high-level supervisory management and real-time data collection across distributed systems like water supply networks and power grids.

As OT becomes more complex in its journey towards autonomous operation beyond manufacturing, the interconnectivity and collaboration required between PLCs, SCADA systems, DCSs, and various sensors pose new challenges and introduce new security risks.

The security needs of various environments necessitate tailored OT cybersecurity approaches and strategies.

Looking Forward This series will continue to explore the unique aspects of OT and why traditional comparisons with IT no longer apply. Our goal is to deepen the understanding of OT’s critical role and specific security challenges, paving the way for more effective and nuanced cybersecurity strategies in industrial environments.

Previous
Previous

Top 10 OT Cybersecurity Predictions to Watch

Next
Next

Defining OT Cybersecurity Across Industries