IT OT Convergence: Operational Technology as a Gateway for Cyber Attacks

    Sarah Kolberg | May 10, 2023

    Whether it's machines that arrange their own maintenance appointments or a digital twin of a production line to simulate processes: IT OT convergence can form new potentials and value chains. However, the convergence of IT and OT also has disadvantages. OT systems were previously operated as isolated as possible to protect business-critical processes (often referred to as the "air gap"). With increasing digital interconnectivity, the boundaries between IT and OT are becoming indistinct. This way operational technology can become an easy target for cyber attacks.

    Through the convergence of IT and OT, real-time data from OT systems can be harnessed. Companies gain transparency about the processes in the OT network by evaluating this data and use it to optimize workflows as well as the operative business. New business models to increase efficiency and profit can be developed.

    What is IT and OT?

    IT (Information Technology): Hardware and software for data processing, especially for communication, administration and organization.

    OT (Operational Technology): Technology and applications for monitoring and controlling physical processes in infrastructure and manufacturing.

     

    What is IT OT convergence?

    IT OT Convergence: Process of merging Information Technology and Operational Technology to increase efficiency, decision-making and maintenance optimization in companies.

    What is an OT network?

    An OT network or an Operational Technology Network describes the interconnection of software as well as hardware components such as devices, machines and units in industrial production or infrastructure.

    These networks usually comprise specialized devices with a very long lifecycle and continuous operation such as control systems, sensors and actuators (e.g. robots, machines in a production line, emergency shutdowns, traffic management systems, valves or pumps). The state of the art and the complexity of the systems is enormously heterogenic.

    What is IoT and IIoT?

    • IoT (Internet of Things): Communication and data exchange between devices and objects without human interaction.
    • IIoT (Industrial Internet of Things): IoT in an industrial context

    New opportunities due to IT OT convergence

    • Better energy management: overview of all devices, their usage times and energy consumption, new usage models of facilities
    • Remote monitoring: External access, control and verification, fast response time in case of operational failures
    • Predictive maintenance: Machine gives signal if it needs maintenance in a timely manner, independent arrangement of maintenance appointments, automated ordering of spare parts, prevention of operational outages
    • Demand-driven manufacturing: scalable, flexible production, e.g., according to customer demand (for seasonal products, holiday-related, etc.), reaction to supply bottlenecks, save resources
    • Digital twin: Virtual model of infrastructure, production lines, etc. to simulate events or process adjustments
    • Technical assistance systems: Supporting data for decision-making, process optimization and automation
    • Machine-to-machine communication: Automated exchange of information between endpoints such as machines, units or vehicles (IoT)

    Security Concerns with IT OT Convergence

    New challenges arise from the multitude of technical possibilities. With the interconnection of IT and OT, the complexity of the systems grows. The requirements on usability, interoperability and security increase.

    The interfaces between OT and IT can become vulnerabilities and represent potential entry points for attackers. Cyber attacks can lead to operational downtimes and result in enormous monetary losses.

    Operational technology security adds another layer: operating and workplace safety. Functional security of physical systems is not exclusively necessary to avoid production downtime. Faulty behavior of machines on site can endanger the physical well-being of employees. Therefore, OT systems have conservative security measures. Cyber attacks can explicitly aim to trigger these to disrupt operations. Cyber security of OT networks should accordingly also consider system availability.

    Another issue is information and data security. OT systems often do not have the same security standards as in IT. Operating technology is usually historically grown. The systems, machines and other equipment often bring outdated security measures due to their long lifecycle, for example:

    • old software and operation systems
    • passwords are short or rarely changed
    • data communication runs on old protocols

    Data management is a major task that comes with IT OT convergence. Operational technology often does not provide data encryption. For the analysis of real-time data huge amounts of data are generated. Cyber attacks can compromise the integrity of the data - through manipulation, data theft, espionage or even data destruction. The merging of OT and IT therefore requires a comprehensive and unified cyber security strategy to address the specific needs of both systems.

    What is important for IT OT security?

    • Network access control: If OT systems are interconnected and remote access is possible, network access control is essential to ensure security. Clients and endpoints must be authenticated and authorized.
    • Network overview: To make the complex system visible, a complete network overview is needed. This must ensure continuous monitoring of the entire network with a heterogenic system landscape. It is important to clearly identify all communication participants as well as assets and to check their security status. This is the only way to achieve transparency of network traffic despite increasing complexity. All data flows should be made visible in a live view and a historical overview.
    • Network segmentation: To ensure that the failure of a machine does not affect the entire operation, virtual subsections can be formed using network segmentation (VLAN management). This security measure can isolate affected areas from the rest of the network and makes the data flow controllable.
    • Patch management: To reliably protect interconnected OT systems, regular updates of software and protocols are important. In particular, the translation of old machine protocols into secure protocol standards and industry-compatible firewalls that verify the communication protocols of operational technology are important.

    © macmon secure GmbH