Until recently, your clients have kept their operational technology (OT) and IT networks separate, a practice known as air gapping. When OT networks are air-gapped, they are physically and logically disconnected from external networks. There are no cables, wireless connections or other paths in or out of it. With no external connections, air-gapped OT networks aren’t as vulnerable to remote cyberattacks since there is no path in for malware or hackers.
All of that has changed due to AI and big data analytics driving IT/OT convergence. While this practice promises to provide better operations and outcomes, it also exposes OT networks to attacks stemming from IT networks like phishing emails containing malware. Attackers can also steal IT credentials to gain unauthorized access to your clients’ OT networks. Insufficient identity and access controls further increase risks.
To thwart attacks and minimize OT risk, you should implement five best practices for your client’s OT security:
1. Increase visibility into all your clients’ assets.
You can’t protect what you can’t see. Maintain an up-to-date inventory of all devices and apps running on your clients’ OT networks. Work with a vendor to conduct non-intrusive threat assessments that profile devices and vulnerabilities. This allows you to prioritize the protection of your clients’ more valuable OT systems.
2. Segment your clients’ networks into zones with limited access between zones.
This limits lateral attacker movement and restricts access to only authorized users and devices. Define conduits that allow essential data exchange between zones. And consider deploying a next-gen firewall with specialized security processors to enforce zones and conduits and high speeds.
3. Analyze your clients’ network traffic for threats.
Inspect encrypted OT traffic for known and zero-day threats. Integrate threat intelligence feeds to stay updated on the latest OT vulnerabilities. Use AI to establish normal traffic baselines and identify abnormal behavior that may signal compromise. Finally, add a security information and event management (SIEM) solution to correlate threat data across your client’s IT/OT network.
4. Enforce strong identity and access controls.
Implement multi-factor authentication and single sign-on. Monitor high-level admin accounts. Restrict access via roles and integrate the firewall to allow access only to authorized resources. These steps reduce the risk of stolen credentials and insider threats.
5. Secure wired and wireless access points.
Centrally administer security policies on switches and wireless APs from a unified interface. Deploy ruggedized equipment designed for harsh OT environments like remote field site. This reduces exposure through network edges and endpoints.
View the video to learn how Fortinet simplifies IT/OT security with an integrated platform, automation and unified management.