Intelligent Tech Channels Issue 35 | Page 37

What does COVID teach us about OT cybersecurity ?

Historically , OT processes ran on non-routable protocols . But the so-called air gap has disappeared as industrial networks converge with the IT network . This means operations teams have had to rethink the cybersecurity protections they put in place . Joe Robertson , EMEA CISO , Fortinet , explains .

Today , almost no discussion about

any subject goes on for long without the current pandemic being brought up in some way . It dominates all of our lives in many ways . Of course , life must go on , business does continue . But not in the same ways .
Companies have had to review their business models and adapt to the reality that fewer people work from an office for the near future – they have become home workers . This has put pressure on IT departments , including new security concerns . Likewise , the impact on securing Operational Technology ( OT ) has been enormous .
For example , under lockdowns , many production lines have had to slow or shut down completely as workers are unable to come to the plant . But unlike an IT environment , where changing a software process or powering down a device is relatively straightforward and can be done remotely , the reality of OT means it isn ’ t so easy to turn off a chemical process or shut down an assembly line .
Some systems , like a blast furnace or massive boiler , are designed for continuous operation , making it close to impossible to turn them off completely . In many cases , a skeleton shift of operators has to be onsite to run a plant or process just to keep the machinery from failing . In many more cases , operators are trying to run things remotely , even though the systems were not designed for this .
One of the most important lessons of COVID has been that disruptive changes can happen at any time . Even if we cannot anticipate which disruptions may hit us , we have to assume that there will be some . Or , like one CISO I know , operate as if you ’ ve already been breached . Which means we need to do a better job of anticipating and preparing for change , and that starts by taking nothing for granted .
Joe Robertson , EMEA CISO , Fortinet
OT is target
Historically , OT processes ran on nonroutable protocols . This tended to make security more or less a simple matter of physical protection . The separation of the OT network from everything else , the so-called air gap , made it easy to for the operations teams to ignore the major cybersecurity headaches being faced in data centres and business networks . And the result was that ,
INTELLIGENT TECH CHANNELS
INTELLIGENT TECH CHANNELS Issue 35
37