Operation Technology Managed Services

One of the most effective solutions for protecting the security of an IT system is entrusting its management to specialized companies, or to dedicated teams highly qualified in data and systems security. This need has become particularly clear in recent years, when the number and sophistication of cyber attacks has increased exponentially.

But a new element is revolutionizing the world of IT security, represented by the rapid integration of industrial IT systems (OT, Operation Technology) with traditional IT. Is it also possible to adopt the same solution for IT systems in the industrial sector?

OT systems have always been (silently) present in the world of IT, given that microprocessors revolutionized industrial automation as far back as the 1970s. Nevertheless, the specific nature of these systems, both from a hardware and software point of view, led the OT and IT sectors down rather different paths until the start of the last decade. At that time, the progressive miniaturization of processors, and therefore the availability of low-cost (industrial) PCs, began to usher elements of similarity with the world of IT into the factory environment. The progressive assimilation of the two worlds sped up when companies began to understand the advantages of vertical integration of the OT systems with the IT component, facilitated by the universal spread of TCP/IP networks and the adoption of the MS Windows platform even for the supervision systems of industrial systems.

Unfortunately, the integration of the two worlds gradually eliminated the technical as well as physical isolation which had always protected OT systems from computer hackers (at least from external ones). This new situation began to worsen in the last decade, even though isolated incidents had been documented long before (linked primarily to ultra-sophisticated attacks carried out by government bodies on critical infrastructure of enemy nations, for example StuxNet).

Awareness of the new scenario has only come recently, and unfortunately it is only very serious attacks that have affected essential infrastructure which have finally brought a focus to the new frontiers of cyber security.

The slow response of the “defenders” against these new threats has also been due to the very specific scenario represented by the industrial sector.

For example, in the IT sector there are now relatively few platforms to protect (Microsoft, linux/Unix, Apple, a few hypervisor systems and the cloud platforms), while in the industrial sector there are dozens of proprietary systems, often developed and maintained by a myriad of specialized companies. Even the OT network systems, at the lowest levels, are completely different from Ethernet networks. Finally, we must not forget how the security paradigm of OT systems is guided above all by the need to guarantee the safety and availability of the systems and operators, rather than the data privacy which is the priority of “traditional” IT systems.

In order to protect against these new threats, companies (and governments, seeing as the OT systems now manage a large majority of critical infrastructure, such as energy, water and food distribution, transport etc.) are adopting a strategic approach featuring two lines of action.

First of all, an architectural approach: re-establishing levels of separation between the OT systems, their IT counterparts, and the Internet, creating once again multiple layers of segregation between the various zones of the factory/production system. Obviously this separation must still allow communication between the systems in order to protect the investments in vertical integration.

The second element consists of the targeted insertion of some defensive technologies modified from the world of IT security, in particular threat-monitoring systems, supplemented with machine learning-based behavioral analysis solutions and methods for early analysis of attacks.

The adoption of threat-monitoring systems for OT networks has therefore become the primary tool for defending OT systems. Nevertheless, these solutions inevitably require the use of highly trained personnel, both in terms of their knowledge of industrial protocols and of the attack methods used. Finally, monitoring of systems which are operational 24/7 obviously require the continuous presence of a human component. This also applies to incident management, which requires extremely short reaction times and awareness of the possible consequences of an attack in such delicate environments.

Currently, these characteristics are only available in the most advanced and complete Security Operation Centers (Hybrid SOCs), which can indeed offer the following features:

• Availability of teams of IT and OT analysts working side by side 24/7
• Level 2 and 3 resources with high-level vertical skillsets in industrial systems and specific defensive tools for OT systems
• Specialist training and high levels of operational readiness through a Cyber-Range with frequent attack simulations
• Combined monitoring capacity both for the systems, and the IT and OT protocols
• Mastery of technologies for the analysis, correlation and summary of data from both sectors
• Access to extensive intelligence both in terms of threats and early analysis of the offensive actions

Very few private companies can afford to make investments of this type. It is for this reason that the offering of a Managed Security Service with these characteristics can be the most effective choice in guaranteeing a high level of security in relation to this type of infrastructure.

The challenge in protecting critical infrastructure and OT systems is one of the most serious current aspects of cybersecurity.

Until there is a radical improvement “by-design” of the security of OT systems, the most modern and effective response to these threats consists of an efficient combination of trained personnel and cutting-edge technology within a Managed Security Service.