23 Aug Operational Technology Security: An Overview
Operational Technology is the collective name describing the hardware, software and processes used to operate and manage complex, critical and sensitive operations in the Mining, Oil & Gas, Manufacturing, Aviation, Transport and food industries. With the birth of the Internet of Things (IoT), the world is increasingly becoming more connected and this, in turn, is increasing the surface area of attack for malicious threat actors such as hackers.
But what is the big deal with Operational Technology?
- Runs our Critical Infrastructure
- Runs sensitive and critical processes, and in a lot of cases lives are at stake
- Systems are not patched and maintained like traditional corporate IT systems (patching from Operational Technology providers occurs due to functional upgrades, enhancements and maintenance).
Due to the criticality of these systems, resilience in design and operation is essential for these types of systems and protecting these systems from any threat is necessary.
Three key threats exist against Operational Technology. These are:
- External (hackers, state sponsor, organised crime)
- Internal (malicious staff, accidental changes)
- Ransomware/Malicious code
To combat these threats, a pragmatic mix of people, process and technology is required to ensure that the Operational Technology environments are adequately protected. Governance, Risk and Compliance, how the threat is perceived, security awareness training and convergence of IT/OT systems sit amongst the top remediations necessary. Furthermore, to ensure complete end-to-end securing of Operational Technology systems, the following additional controls should be considered:
- Securing systems to a baseline standard
- Maintaining visibility of events in the Operational Technology systems
- Security in supply chain management with Operational Technology vendors
- Security threat intelligence
Thomas Jreige, Chief Information Officer of Accelerate Group, is presenting on Operational Technology Security: Current State, Threats and the Future and Engineers Australia. He will take the audience on a journey about the present state of systems in the Operational Technology space, the current vulnerabilities and threats in these environments and the future of where we need to be looking to secure these systems.