International. Business-oriented Information Technologies (IT) provide the organization with information systems in a digital way while OT Technology (Operational Technology) is oriented to the supervision of processes, that is, it controls and manages a production process.
The biggest difference between the two is that ot, from a digital aspect can change a physical process (stop an engine, open a valve, change a recipe, a chemical process, the assembly of a vehicle, etc.) which catalogs it within a broader criticality before an attack, since it can cause accidents, deaths, injuries, the shutdown of an organization's production. IT leverages the business while OT is the business, oversees its raison d'être.
In the field of Critical Infrastructure, which includes, for example: energy production, drinking water production, food production, transportation, oil and gas, etc., an impact on OT networks has a greater impact because it affects the way we live and the conditions around us.
According to Juan Felipe Trujillo, pre-sales engineer at Gamma Ingenieros: "Attacks on OT infrastructures are a reality, between 2010 and 2020 we began to see important commitments in the industrial sector in the face of water purification, hospitalization, electrical networks and problems about automation in large companies that force a pause in production. Every day these types of attacks increase, according to a 2019 study conducted by Fortinet, it was detected that 51% of respondents reported a breach to their networks, 15% required more than a month to detect a breach and more than 44% of respondents could never identify the source of the breach. By 2020 or so, 25% of all cybersecurity issues that are going to have a physical impact on the industrial environment come from IT."
In the Independent Study Pinpoints Significant SCADA/ICS Cybersecurity Risks of Fortinet in 2019, some figures of interest were evidenced, given that vulnerabilities can be measured in different factors with an industrial control network cybersecurity problem, high impact and critical impact. Regarding how the provision of new products and services within an organization is committed, with high impact 31% and critical impact 23%.
From employee safety, there can be injuries or deaths that translates into a high impact of 36% and a critical impact of 27%. Likewise, it can undermine the economic stability of the company with a high impact of 34% and a critical impact of 24%. In the end, regulatory compliance brings legal and reputational consequences, in which many companies must comply with a regulatory framework with a high impact of 41% and a critical impact of 24%.
The expert adds that to solve this problem the first is a matter of awareness, "there was always the conception that they are isolated networks, but we see that they are increasingly integrated with IT networks and in which the statistics increase day by day, the second is to begin to adapt to a regulatory framework for industrial control networks according to their needs and verticals and finally adopt ai-based technologies, deception, deception technologies, traffic segregation, adaptation with a connectivity standardization model, etc."
Cybersecurity trends
Manufacturers are moving towards two key elements, the first is to identify assets, know what is in the network and start looking at vulnerabilities or risks to draw a roadmap and improve processes, and the other aspect is to monitor and alert about malicious network traffic that is occurring. "Here we begin to see the adoption of technologies such as Artificial Intelligence, automated response actions that allow us to make visible what is happening in the network and take action. Attacks on industrial networks are made through ATPs, recurrent and advanced threats, with sophisticated evasion techniques, it is important that companies align themselves with a Purdue model in which the zones, conduits and channels that allow to secure the value chain of cybersecurity processes are analyzed by Identifying, detect, protect, respond and recover," Trujillo added.
Leave your comment