them have wireless connectivity . Wireless LANs and wired LANs are shared by office workers and production machinery . OT and IT networks may still be separated logically , but they are no longer separated physically . In addition , the multitude of OT sensors in place produce a flood of data that needs to be analysed by applications in the Enterprise zone . And information and instructions flow in the other direction , as well . And where data flows , so too can threats .
This does not mean that the Purdue Model no longer applies . However , it does mean that we have to rethink the protections we put in place within and between OT zones . for many organisations , cybersecurity for the production environment was a low-priority item or even ignored .
We shouldn ’ t have needed COVID to tell us to make sure OT is protected . But that ’ s what it has done .
Goodbye , air gap . It was nice while it lasted
Over the last decade or so , more and more OT systems have switched to run on standard Ethernet using IP protocols . But it isn ’ t just the protocols that are changing . The air gap has disappeared as industrial networks converge with the IT network . For almost three decades , one of the main architectures for production and manufacturing automation has been the Purdue Model , which divides functional aspects of a process into zones .
The Process Control zone is defined by the sensors , actuators and related instrumentation implementing a process . The Operations and Control zone describes management of this process and multiple processes across a site . The Purdue model is very hierarchical , so each Process Control zone only has one point of communication
IT and OT networks are now necessarily converging as an evergreater amount of information passes between them .
with the supervising Operations and Control zone . In turn , the Operations and Control zone only has a single point of connection to the corporate IT environment , referred to as the Enterprise zone . That interconnection point is usually a demilitarised zone with a firewall to separate them . For a long time , this level of security seemed to be enough .
However , IT and OT networks are now necessarily converging as an ever-greater amount of information passes between them . Sensors and programmable logic controllers ( PLCs ) proliferate in the production environment , and many of
The new tools of the trade
Many of the necessary tools for protecting our OT environments are already available . Fortinet has developed a wide range of cybersecurity solutions that are a perfect fit for Operational Technology environments . And they are all integrated into the Fortinet Security Fabric , providing broad visibility and control for securing both IT and OT networks .
One final point about cybersecurity for OT networks : there isn ’ t a single solution to make this all go away . Protecting your environment will most likely involve multiple vendors providing various types of equipment : the ICS system itself , tools for visibility into highly specialised OT devices and PLCs , probes and analysers . And no single vendor can do everything ; so be sure the suppliers you choose are able to play nicely with each other .
Fortinet solutions include a large number of open APIs and connectors that allow them to interoperate with solutions from many other vendors . This include OT technology alliance vendors , control system vendors and OT systems integrators .
COVID has warned us : we all must start imagining the unimaginable . When it comes to defending our production environments , the time is now to harden the cybersecurity of our Operational Technology . •
38