infographic
C
New research from Fortinet
has outlined the scale of
convergence between OT
networks and IT – and the
security problems this is causing.
Fortinet’s infographic, shown
here, outlines the study’s findings
in more detail.
22
Capitalising on the new digital
marketplace not only requires that
organisations collect and process
data but that they also use that data
to impact the bottom line. different result from one that opens a
valve on a boiler.
Much of that is achieved simply
by serving up data on demand
to consumers. But some of the
rest is achieved by leveraging
real-time data to impact things
such as the manufacturing floor,
inventory management or fine-tuning
production to meet shifts in demand.
This requires connecting traditionally
isolated operational technology (OT)
networks with IT. What organisations now understand
is that IT and OT teams speak very
different languages when it comes to
issues like security.
A new survey of ICS/SCADA
decision makers
In a commissioned study conducted
by Forrester Consulting on behalf
of Fortinet in January 2018, 429
global decision-makers across a
wide variety of industries who are
responsible for the security of their
organisation’s critical infrastructure,
IP level protection, IoT and/or
SCADA, were asked about this
convergence process and the
security challenges they are facing.
The results showed that nearly all
companies have already begun
at least a basic convergence of
OT and IT. As these organisations
begin to actively converge these
environments, however, they are
encountering issues related to
integration and security that they
may not be equipped to handle.
IT teams have a tendency to just
want to throw security technology at
the network and call it good.
But these networks can be very
different and what works well in one
environment can have devastating
consequences in the other.
For example, an error that opens
a port on a switch can have a very
Why securing OT systems can be
so difficult
An ICS or SCADA system, for example,
may have been running on ageing
hardware on top of an obsolete
operating system for a decade or more.
But that may be because it only has one
job: for example, monitoring a thermostat
and then throwing a switch when it
reaches a critical temperature. That
doesn’t require the latest technology and
if it is doing the job it was designed to
do, then there is no reason to change it.
But because so many of these systems
run on proprietary software and use
delicate instrumentation, even something
as benign as scanning a device for
malware can cause it to malfunction. u
As these
organisations begin
to actively converge
these environments,
however, they are
encountering issues
related to integration
and security that
they may not be
equipped to handle.
Issue 05
|
www.intelligentciso.com