The importance of keeping OT legacy systems secure

Operational technology insights

• The OT field, encompassing critical infrastructure, demands real-time security updates to swiftly detect and respond to advanced attacks, safeguarding operational processes and minimizing potential downtime.
• A tailor-made cybersecurity platform, considering industrial protocols and network commands, is crucial in protecting critical OT systems, especially in vertical markets like energy and transportation. It offers adaptability to evolving security threats and enhances overall protection.

---

With cybersecurity threats being ever-present, information technology (IT) cybersecurity professionals are hard-pressed to find the ideal solution for the unique demands of the operational technology (OT) field.

We need to remind ourselves the OT field, which often covers production lines and critical infrastructure, employs stringent requirements. In many scenarios, the primary goal of OT is to support operational processes and ensure they run under optimal conditions. While the “zones and conduits” model may have worked well in the past, it is no longer adequate to meet the latest security standards.

When it comes to malware or advanced attacks, real-time security updates are required to detect and respond to threats as quickly as possible to protect line operations and minimize potential downtime.

Firewalls and Industry 4.0 for OT platforms

Traditional firewalls constantly monitor network packets based on firewall rules to identify malicious activity all the while making sure no valid packets are being dropped. However, this may cause latency on the network and affect performance. A robust cybersecurity solution should maintain system performance, rather than undermine it with overhead, in order to swiftly identify and prevent advanced attacks as they happen in real time.

A cybersecurity platform requires a high level of customization to be able to truly protect critical OT systems such as SCADA systems. A tailor-made platform will take into account industrial protocols, application payloads, and network commands and data. This is particularly true in vertical market applications such as energy and transportation.

In the future, as Industry 4.0 improves field manufacturing efficiency, network requirements as well as cybersecurity vulnerabilities will change. A tailor-made OT cybersecurity platform offers the flexibility to include more protection mechanisms that can be deployed at different control points, so OT systems can quickly adapt to changing security threats and improve the overall level of protection.

To adapt to changing threats, OT asset owners need to make sure network security policies are up to date. Firewall rules are an essential part of these policies. However, as the network grows in scale and complexity and firewall rules expand, maintaining and managing the network efficiently becomes a challenge. Without proper management tools, the network is more prone to human errors such as misconfigurations which can expose network vulnerabilities or even lead to breaches.

To adapt to changing threats, OT asset owners need to make sure network security policies are up to date. Firewall rules are an essential part of these policies. However, as the network grows in scale and complexity and firewall rules expand, maintaining and managing the network efficiently becomes a challenge. Without proper management tools, the network is more prone to human errors such as misconfigurations which can expose network vulnerabilities or even lead to breaches.

A centralized security management platform plays an important role in avoiding human error. As security is centrally managed, deployment complexity is reduced as a result. Moreover, it provides flexibility in authority delegation. Different management privileges can be assigned to specific zones or roles, further reducing possible human errors. A centralized security management platform also records, aggregates, and visualizes data on network traffic and security events. This provides OT managers with valuable analytical insights to monitor and manage the security network more efficiently.

On-site maintenance personnel with a tight schedule day-in day-out are bound to make firewall configuration errors from time to time. A defence-in-depth cybersecurity strategy helps on-site operators work more efficiently and helps prevent errors when configuring settings. Having a user-friendly OT-centric security platform with central control network management reduces deployment time and enhances network protection.

Virtual patching benefits for OT systems

While applying security patches is important, many older software and devices do not support new patches and quickly become cybersecurity liabilities and so patching is often delayed and only scheduled when it becomes critical for ensuring uninterrupted operations. Industrial intrusion prevention systems (IPS) employ virtual patching to act as a shield for key equipment in industrial networks that is unavailable for patching, or simply cannot be patched.

Virtual patching works by updating the IPS protecting the vulnerable asset using the latest security signatures, instead of patching the asset itself. An IPS is capable of monitoring the network environment, protecting the equipment, and delivering patches in a timely manner without interrupting operations, offering a solution that meets the needs of industrial networks.

An IPS can proactively detect suspicious activity and known attack patterns on the network. The IPS engine continuously analyses network traffic and compares bit stream and internal traffic patterns to identify potential attacks. Once a malicious activity is detected, it will discard the packet and block the traffic from the attacker’s IP address, while still allowing legitimate traffic to pass through.

To achieve around-the-clock network protection, IPS receives the signatures sent from the intelligence database to continuously monitor or block threats. It also has a set of safety management systems that learn and recognize traffic patterns, alert safety personnel, and generate safety reports.

Before cyberattacks can even reach other security devices, IPS offers comprehensive protection to prevent Distributed Denial-of-Service attacks from reaching the firewall and crashing the system. By providing a holistic, in-depth network defense perimeter, it can filter out malicious attacks so network devices can continue to operate normally.

For the best performance, the IPS should be tweaked to prioritize the following areas – the protection of essential equipment; instant warnings when a threat is detected; and performance optimization to achieve maximum operational efficiency.

Moreover, IPS settings should be in line with the company’s security policies and meet compliance and operational requirements.

While network partitioning and network security control provide customers with better control of their devices, a dedicated array of features such as virtual patching, network visibility, real-time protection, and network packet monitoring, help combat external threats and keep the network secure. These features and technologies are specifically built with the needs of OT in mind.

To effectively manage all the security policies and permissions governing access to network devices, the IPS should be paired with centralised network management software. User-friendly network security management software streamlines deployment and enables centralised management of cybersecurity assets, allowing users to easily configure firewall and IPS rules correctly. This helps reduce human error, simplifies firewall management, and provides essential network security information for decision makers.

– This originally appeared onControl Engineering Europe. Edited by Chris Vavra, web content manager, CFE Media and Technology,cvavra@cfemedia.com.

Do you have experience and expertise with the topics mentioned in this content? You should consider contributing to our CFE Media editorial team and getting the recognition you and your company deserve. Clickhereto start this process.