Jun 18, 2020
By Tony Bailey

What Is Operational Technology (OT) Security?

Operational technology (OT) security includes the processes that involve the discovery, monitoring, and remediation of network-connected OT devices affected by unusual behavior that may pose a risk.

What Is Operational Technology?

Operational technology can be defined as the network-connected devices that monitor or control processes and events outside of Information Technology (IT). Some examples of OT devices are building sensors, HVAC systems, medical devices, life sciences devices, and manufacturing equipment.

Let’s take a closer look to better understand why properly securing these devices is crucial for any organization.

Why Is OT Security Important?

The increase of OT devices used in industries such as healthcare and life sciences has made cybersecurity more important. According to the 2019 Ponemon Cyber Security in Operational Technology Report, over 60% of respondents mention concern about an attack against operational technology (OT).

In healthcare technology management (HTM), patient outcomes rely on health monitoring that operates without disruption. And applications of OT assets in smart buildings that use wireless devices to monitor and control systems such as heating, ventilation, and air conditioning (HVAC) rely heavily upon cybersecurity for operational technology to prevent and respond to cyber-attacks. 

In contrast, IT teams focus less on device resilience and more on the integrity of information. That means IT teams and OT teams may have different priorities. With attackers looking at new entry points into a business, this makes for a real threat.

The challenge with OT security is that many machines are running outdated software, or they may lack after-market security patches. This gives hackers an even greater opportunity to compromise them or infect them with malware and disrupt operations.

Windows vulnerabilities like BlueKeep and DejaBlue continue to be discovered in old Windows systems. In 2020, TrapX Security found a new malware campaign launching cyber-attacks on devices running embedded Windows 7. According to the 2020 Global Risk Report by OT security firm CyberX, unsupported and unpatched operating systems including Windows XP, Windows 2000, and now Windows 7 account for 71% of networks they examined.

When an OT security event occurs, the security team may have little to no context about the device. There may be some basic information available, such as IP and MAC address. But the OT device owner, location, usage, software version and latest maintenance record might be missing. When this happens, there’s a risk that the wrong remediation steps are taken, such as disconnecting a medical device.

In an industry such as healthcare, it is critical that an authorized clinical engineer is dispatched to remediate the OT device. A patient’s health, health information, or a medical procedure might be at risk.

Addressing OT Security Challenges

To address these challenges, organizations need the ability to track and maintain an accurate inventory of OT assets and the details about them.

When a device is purchased and provisioned, the device technician or a 3rd party field technician must be able to input the device details into the inventory when they work in-person or remotely on the device. These details should include the OT device’s make, model, serial number, location, owner name, latest software patches, and owning department.

This device inventory acts as the single source of truth that gets an update when routine maintenance takes place, allowing personnel to enrich the device data with any new information.

But beyond OT device discovery and enriched device data, there must be security orchestration, automation, and response process and system of record where the inventory and security events data can be ingested. This system of action platform acts as a security hub, which the security, IT, and clinical device engineer teams use to enable rapid remediation of security events.

This allows the security team to see the full context of the device when a security event occurs. They’ll know who the device owner is and what remediation process must be followed so a work order can be dispatched to the device engineer or manufacturer’s or service provider’s field technician. Plus, the work order process can be tracked so that security, IT, and device engineers are kept aware of the remediation status.

How Nuvolo OT Security Can Help

Nuvolo OT Security solves the problem of quickly remediating OT security events. That’s because Nuvolo becomes the system of record. Nuvolo will ingest security information, match up the device’s IP and MAC address, and fully contextualize it with things like the device usage, what PHI data the device is storing or accessing, and device maintenance records.

The Nuvolo OT Security solution, when integrated with real-time monitoring systems provides the security and service management teams shared visibility into OT device posture. The integrated platform also automates remediation-related workflows to reduce security risk. In pioneering the industry’s first OT security solution built on ServiceNow, Nuvolo helps customers achieve better product, facility, and patient safety while protecting critical infrastructure against cyber threats.

You may also like

Solution Overviews
Sep 18, 2020

OT Security in Nuvolo Connected Workplace