Dragos is an industrial cybersecurity company leveraging software, intelligence, and professional services to safeguard civilization. The SANS Institute empowers cybersecurity professionals with high quality training, certifications, degree programs, and more to help them make the world a safer place. Together, we have created a blog series about OT cybersecurity fundamentals, crafted for practitioners and executives alike to gain a better understanding of operational environments and their unique security requirements. This is the first blog of the series.
What is OT Cybersecurity?
OT cybersecurity, or operational technology cybersecurity, is the practice of protecting the industrial assets and processes that run on OT networks from cyber threats. OT networks are the systems that control and monitor physical devices and machinery in various sectors, such as manufacturing, energy, water, transportation, and more. It is common to also hear ICS cybersecurity, or industrial control systems cybersecurity, in relation to OT cybersecurity. Industrial control systems are a major subset of operational technology.
OT security is different from IT cybersecurity, or information technology cybersecurity, which is the practice of protecting the data and systems that run on IT networks from cyber threats. IT networks are the systems that store, process, and transmit information in various domains, such as finance, healthcare, education, and more.
Key Differences Between IT and OT Cybersecurity
OT and IT cybersecurity have different goals, challenges, and requirements. Some of the main differences are:
| Goal | The primary goal of securing OT is to ensure the safety, reliability, and availability of the industrial operations and processes, while the primary goal of IT cybersecurity is to ensure the confidentiality, integrity, and availability of the information and systems. |
| Challenge | The main challenge of securing OT is to protect the legacy, proprietary, and heterogeneous OT systems that are often not designed with security in mind, while the main challenge of IT cybersecurity is to protect the modern, standardized, and homogeneous IT systems that are constantly evolving and updating. |
| Requirement | The key requirement of securing OT is to minimize the downtime and disruption of the industrial operations and processes, while the key requirement of IT cybersecurity is to maximize the performance and efficiency of the information and systems. OT-native technology, like the Dragos Platform, minimizes disruption to critical processes while continuously monitoring OT networks. |
Understanding IoT and IIoT in Industrial Cybersecurity
The Internet of Things, or IoT, describes a network of interconnected devices that can collect and exchange data, integrating the physical world more closely with computer systems. IoT devices are often found in OT environments, but they are not a direct component of an industrial process. Label printers, handheld inventory scanners, sensors, cameras, and badge readers are some examples of IoT devices commonly used in OT environments.
The Industrial Internet of Things, or IIoT, refers to the application of IoT technology in industrial settings, involving the use of connected devices and sensors to optimize manufacturing, supply chain, and operational processes. Examples include sensors for predictive maintenance, remote monitoring, autonomous robots, smart meters, asset trackers, etc. – these devices and sensors are a direct component of an industrial process.
Dragos has an enterprise OT focus, providing visibility and security across OT networks – and often, those networks include IoT and IIoT devices. We do not focus on IT or consumer devices unless they are used within the OT environment. SANS Industrial Control Systems Security courses prepare cybersecurity professionals and control system engineers to be equipped with the necessary tools, knowledge, and capabilities to protect these systems and critical environments through hands-on learning and instruction from expert practitioners in the field.
IT/OT Convergence: Integration Trends in Industrial Cybersecurity
Despite the differences, OT security and IT cybersecurity are becoming more interconnected and interdependent due to IT/OT convergence. Some of the main drivers of this are:
| Digital Transformation | The adoption of new technologies, such as cloud computing, artificial intelligence, and internet of things, to enhance the productivity, quality, and innovation of the industrial operations and processes. |
| Business Integration | The alignment of the business objectives, strategies, and processes between the OT and IT domains to optimize the resource utilization, cost reduction, and customer satisfaction. |
| Cyber Threat Landscape | The emergence of new and sophisticated cyber threats, such as ransomware, advanced persistent threats, and state-sponsored attacks, that target both the OT and IT networks to cause physical, financial, or reputational damage. |
How to Secure OT Networks: Implications for OT Cybersecurity
The integration between OT and IT cybersecurity has significant implications for your security posture. Understanding how to secure OT networks requires addressing these key implications:
| Opportunities | The integration with IT offers new opportunities for OT, such as leveraging the IT security best practices, tools, and standards, enhancing the OT security visibility, detection, and response capabilities, and benefiting from the IT security expertise, resources, and support. |
| Challenges | The integration with IT also poses new challenges for OT, such as managing the OT security risks, gaps, and conflicts, balancing the OT security trade-offs and priorities, and addressing the OT security skills, culture, and governance issues. |
| Solutions | The integration with IT requires new solutions for OT, such as adopting a holistic, proactive, and collaborative approach, developing a tailored, risk-based, and adaptive framework, and implementing a comprehensive, integrated, and scalable platform. |
OT cybersecurity is a vital and distinct aspect of industrial cybersecurity that protects the OT networks from cyber threats. OT security differs from IT cybersecurity in terms of the goals, challenges, and requirements, but also converges with IT cybersecurity due to the digital transformation, business integration, and cyber threat landscape. OT cybersecurity needs to embrace the opportunities, overcome the challenges, and seek the solutions that the integration brings, to achieve a secure and resilient OT environment.