Jun 18, 2020
By Tony Bailey

What is Operational Technology (OT) Cybersecurity?

Operational technology (OT) cybersecurity includes the processes that involve the discovery, monitoring, and remediation of network-connected OT devices affected by unusual behavior.

OT can be defined as the network-connected devices that monitor or control processes and events outside of Information Technology (IT). Some examples of OT devices are building sensors, HVAC systems, medical devices, life sciences devices, and manufacturing equipment to name a few.

Let’s take a closer look to better understand why properly securing these devices is crucial for any organization.

Why is OT Cybersecurity Important?

The increase of OT devices used in industries such as healthcare and life sciences has made OT cybersecurity more important. According to the 2019 Ponemon Cyber Security in Operational Technology Report, over 60% of respondents mention concern about an attack against operational technology (OT).

In healthcare technology management (HTM), patient outcomes rely on health monitoring that operates without disruption. And applications of OT assets in smart buildings that use wireless devices to monitor and control systems such as heating, ventilation, and air conditioning (HVAC) rely on strong OT cybersecurity to counter cyber threats.

In contrast to OT cybersecurity, IT teams focus less on device resilience and more on the integrity of information. Thus, IT teams and OT teams may have different priorities. With attackers looking at new entry points into a business, this makes for a real threat.

The problem with OT cybersecurity is that many machines are running outdated software, or they may lack after-market security patches. This gives hackers an even greater opportunity to compromise them or infect them with malware and disrupt operations. Windows vulnerabilities like BlueKeep and DejaBlue continue to be discovered in old Windows systems. In 2020, TrapX Security found a new malware campaign launching cyber attacks on devices running embedded Windows 7. According to the 2020 Global Risk Report by OT security firm CyberX, unsupported and unpatched operating systems including Windows XP, Windows 2000, and now Windows 7 account for 71% of networks they examined.

When an OT cybersecurity event occurs, the security team may have little to no context about the device. There may be some basic information available, such as IP and MAC address. But the OT device owner, location, usage, software version and latest maintenance record might be missing. When this happens, there’s a risk that the wrong remediation steps are taken, such as disconnecting a medical device. In an industry such as healthcare, it is critical that an authorized clinical engineer is dispatched to remediate the OT device. A patient’s health, patient health information, or a medical procedure might be at risk.

Addressing OT Security Challenges

To address these OT cybersecurity challenges, what’s needed is the ability to track and maintain an accurate inventory of OT assets and the details about them. When a device is purchased and provisioned, the device technician or a 3rd party field technician must be able to input the device details into the inventory when they work in-person or remotely on the device. These details should include the OT device’s make, model, serial number, location, owner name, latest software patches, and owning department. This device inventory acts as the single source of truth that gets an update when routine maintenance takes place, where personnel will enrich the device data with any new information.

But beyond OT device discovery and enriched device data, there must be security orchestration, automation, and response process and system of record where the inventory and security events data can be ingested. This system of action platform acts as a security hub, which the security, IT and clinical device engineer teams use to enable rapid remediation of security events.

When a security event takes place, the security team can see the full context of the device. They’ll know who the device owner is and what remediation process must be followed so a work order can be dispatched to the device engineer, or manufacturers or service providers field technician. And the work order process can be tracked so that security, IT, and the device engineers are kept aware of the remediation status.

Nuvolo OT Security solves the problem of quickly remediating OT cybersecurity events. That’s because Nuvolo becomes the system of record. Nuvolo will ingest security information, match up the device’s IP and MAC address, and fully contextualize it with things like the device usage, what PHI data the device is storing or accessing, and device maintenance records.

The Nuvolo OT Security platform, when integrated with real-time monitoring systems provides the security and service management teams shared visibility into OT device posture. The integrated platform also automates remediation related workflows to reduce cybersecurity risk. In pioneering the industry’s first OT cybersecurity solution built on ServiceNow, Nuvolo helps customers achieve better product, facility, and patient safety while protecting critical infrastructure against cyber threats..

View a full demo on how OT Security can help you manage your non- IT connected devices.

You may also like

Solution Overview
Sep 18, 2020

OT Security in the Connected Workplace