We are seeing Oil, Gas and Mining clients looking to amalgamate their OT and IT frameworks. More recently, Covid 19 has delivered physical site access restrictions to both corporate and operational environments. This reduced access or reduced workforce is increasing the need for remote monitoring and management of OT environments. The benefits of IT OT convergence are significant, so long as organisations acknowledge that these environments are vastly different worlds.
In this Insight, Denver Strategic Consulting Services Manager, Keren Jenns asks two of Denver's OT SME's to consider IT and OT convergence issues on manufacturing operations and look at how organisations are securing their operations beyond guards, guns and gates.
David: OT networks by their nature operate with a high degree and expectation of implicit trust. Security for these OT environments used to be focused on ensuring only authorised personnel had access to the control environment via the 3 G’s (Guards, Guns and Gates). OT environments were built with minimal security countermeasures, and systems owners assumed that anyone with access to the control system was authorised to connect and operate it. Unauthorised access can be a grave concern as are the consequences of malicious activity on the OT environment. For OT systems that process non-finalised components/outputs the impact to an OT environment is not just to that company but also and it can also have potentially devastating downstream effects on other organisations that utilise that company’s production output. To understand the potential compromise of an OT system, organisations must consider the business risks of a production system interruption, an interruption to an input in the supply chain or failure of key plant equipment - as it can have the same consequences.
The merging of IT and OT networks along with the provisioning of remote connectivity into the OT environment can negate the physical security perimeter that OT infrastructure has traditionally relied on for its first line of security - opening up the OT system to threats across the world via the Internet. OT administrators must now treat the corporate network as a threat in the same way corporate network administrators see the Internet as a threat.
Remote access can bring cost benefits but can also introduce significant risk from the interconnect perspective. In order to address this risk, organisations need to improve their cyber-security practices. This requires a sustained effort by management and staff to diligently apply sound cyber-security practices during the entire life cycle of the OT environment. This has to occur from design, implementation, and operation, to the retirement of the OT and can’t just be considered as an item during operations. This requires organisation to establish a cyber-security culture and ensure that all levels of management understand that people are crucial in defending and protecting OT environments from a cyber security breach.
It also significantly requires organisations to shifting from a reactive mode in which is dealing with cyber-security issues once they occur to a more proactive approach where budget, resourcing and planning addresses risk to minimise the chance of a cyber security issue occurring before it happens.
Thomas: To allow remote access-based control capabilities, several elements are critical to minimise any risks introduced by providing such services:
David: OT Networks have a focus on availability rather than confidentiality. The availability of an OT network is far more important than confidentiality in terms of Cyber-Security in OT. An OT network cannot just be shutdown suddenly - especially in manufacturing and process environments - as it can leave batch or continuous manufacturing processes hung, where ‘product’ is in a dangerous state. Due to this, corporate security frameworks - when applied to OT environments- can unintentionally cause more issues than they solve.
OT systems are purpose built with the underlying “IT” systems being comprised of a highly customised architecture. This adds additional complexity to protecting OT systems and traditional IT security countermeasures (normally used to protect corporate IT environments) may negatively impact the operational requirements of plant environments. Additionally, the differences between IT and OT are not necessarily clear cut and the lines between IT/OT cyber-security have blurred with modern systems, where remote access to OT environments and the sharing of data from OT to corporate applications is occurring. Interconnections between IT and OT environments creates new cyber security risks vectors for those with malicious intent to access the OT domain. These include remote access capabilities, peer-to-peer networking, direct Internet connectivity, or network modifications that enhance business performance.
Thomas: Often roles in the process controls systems space are not as clearly defined as in the corporate space. Process controls systems resources have the skills and the need to cross traditional corporate based role boundaries. Applying the corporate roles model to process control system resources may hamper -and in extreme cases - prevent them from fulfilling their duties in maintaining process controls systems availability. The implementation of corporate IT cyber security frameworks and countermeasures required to mitigate an OT vulnerability may result in the plant control system operating in an undesirable or unintended manner. Any undesirable or unintended plant events can be significant risk and a major safety concern – particularly in instances where that plant is processing dangerous or unstable/volatile products.
David: Historically, OT systems were specialized stand-alone systems protected by a physical security perimeter (fences, gates, doors etc) and controlled by on-premise operators in control rooms. Many existing OT systems are comprised of analog/manual controls that are still in use and operating long past their initial originally intended life cycle due to cost concerns with replacement. OT system owner and operators’ function under constrained budgets and are required to reduce the costs associated with managing and maintaining the OT systems while concurrently facing the replacement of ageing plant environments. The ability to provision remote access to OT systems allows more to be done with limited budgets infrastructures and facilitates reducing the labour costs required to operate plant environments.
OT system technology has moved from using disparate manual/analog systems to interconnected digital systems and remotely controlled environments from centralised control-rooms. OT vendors are designing their solutions based on standard operating platforms and networking technology, allowing for easier integration between control system and corporate networks. The standardisation in operating systems for OT environments allows cost savings via reduced need for specialist proprietary OT skills and the ability to more easily cross skill employees between the corporate IT and OT environments.
Thomas: Logical access controls are easier to oversee and manage (If implemented correctly) than physical access controls: