When you think of Operational Technology (OT), it’s easy to envision large industrial or manufacturing environments in which OT systems performed simple yet essential tasks such as monitoring a valve and shutting it off when a certain value is triggered. Today, OT systems monitor and control increasingly sophisticated types of physical devices such as MRI machines, ATMs and traffic lights, just to name a few. As these physical devices become smarter, there is an increasing trend toward IT/OT convergence. And this requires a new approach to cybersecurity.
According to Fortinet’s 2023 State of Operational Technology and Cybersecurity Report, the infrastructures of IT and OT have almost universally been integrated, and the air gap that previously kept OT systems nearly invulnerable to cyberattacks is gone. As a result, the attack surfaces of industrial organizations have greatly expanded. The report found that 75 percent of the organizations in this year’s survey reported at least one intrusion in the past 12 months. And 11 percent of the respondents reported six or more intrusions.
So, how do you modernize your cybersecurity approach to address new OT security challenges? The Fortinet report lists four best practices to strengthen your client’s security posture.
1. Develop a vendor and OT cybersecurity platform strategy.
As the report notes, “Consolidation reduces complexity and accelerates outcomes.” Seek out and align with vendors who can help you consistently incorporate and enforce policies across IT/OT converged environments. Evaluate their solutions based on how well they can provide basic solutions of asset inventory and segmentation, as well as more advanced solutions such as an OT Security Operations Center (SOC).
2. Deploy network access control (NAC) technology.
Securing an OT/IT environment requires that you secure industrial control systems (ICS), supervisory control and data acquisition (SCADA), Internet of Things (IoT), BYOD and other endpoints. Integrating a NAC solution helps to maintain complete control of an organization’s network by managing new devices that want to connect or communicate with other parts of the organization’s infrastructure.
3. Employ a zero-trust approach.
Zero-trust access (ZTA) provides continuous verification of all users, applications and devices seeking access to critical assets, regardless of where they reside. Employing a ZTA should be done regardless of your client’s IT environment.
4. Incorporate cybersecurity awareness training and education.
Many breaches are the result of human error. Include regular, nontechnical training targeted toward anyone who uses a computer or mobile device.
Learn more about how Fortinet protects OT environments in critical infrastructure sectors such as energy, defense, manufacturing, food and transportation by designing security into complex infrastructure via the Fortinet Security Fabric. You can also download your copy of Fortinet’s 2023 State of Operational Technology and Cybersecurity Report.