5 Best Practices for OT Security

The convergence of IT and OT networks has made it easier for attackers to access OT systems through compromised home networks and remote worker devices. Here are five best practices to ensure your clients’ OT/IT environments are secure. 

  • November 11, 2022 | Author: Allison Bergamo
Learn More about this topic

Article Key

In 2022, FortiGuard Labs’ team of threat intelligence experts made several predictions about how the threat landscape would evolve, including an increasing number of attack attempts impacting operational technology (OT). And they were right. Over the past decade, we’ve seen a rise in the sophistication and volume of attempted cyberattacks against edge devices such as OT systems and satellite-based internet networks. 

The convergence of IT and OT networks has made it easier for attackers to access OT systems through compromised home networks and remote worker devices. While many attacks use purpose-built tools to target these systems, other breach attempts target IT platforms while doing damage to OT as well. Here are five best practices to ensure your clients’ OT/IT environments are secure. 

1.     Conduct a network mapping and connectivity analysis

Understand the physical and digital locations of all devices mapped within your clients’ networks.

2.     Detect suspicious activities, exposures, and malware attacks

Establish criteria for what constitutes a “suspicious event” and ensure your clients’ security teams understand it. While a security information and event management system often detects these events, you can also identify threats using next-generation firewalls (NGFWs) which can scan data packets streaming into your clients’ networks from the internet. If a threat is detected, the packet of data associated with it can be discarded, protecting your clients’ systems and assets.

3.     Implement a Zero-Trust framework

A zero-trust framework is based on the principle of “never trust, always verify.” Every person, device, application, and network is presumed to be a threat unless proven otherwise. Implementing multi-factor authentication (MFA) which requires more than one form of identity verification decreases the likelihood of an attacker finding a way to penetrate your clients’ systems.

4.     Align the right remote access tools

An OT system can differ from an IT system because it typically doesn’t have a full selection of tools that can be granularly configured to enable remote access. To account for this difference, administrators should ensure that the following activities are part of their standard security operations.

  • Managing identities and credentials
  • Controlling passwords and security
  • Multi-factor authentication
  • Making sure the right people have the access they need
  • Monitoring and managing the access privileges of current and former employees

5.     Control identity and access management

As your clients continue to implement remote, hybrid, and work-from-anywhere (WFA) policies, it can be easy for access privileges to end up in the wrong hands, whether it’s a former employee, a consultant whose contract has ended, or a “malicious insider” who wants to do damage to the organization. Therefore, it’s imperative that you implement an access management system that accomplishes the following:

  • Educates employees about how to safeguard their access credentials
  • Ensures that a least-privilege policy is maintained across your clients’ organizations, which limits access rights only to those who absolutely need them
  • Cancels the access privileges of former employees as soon as possible
  • Revokes access that was temporarily granted to visitors, consultants, and other guests

Learn about Fortinet Security Fabrics comprehensive portfolio of security tools that deliver a proactive approach to securing your clients’ OT. 

Related Content