Secure Networking for Safety, Security and Operational Technology (OT) Environments

Secure Networking for Safety, Security and Operational Technology (OT) environments

Mark Nairne, Head of Networks & Cyber Security, North

Operational Technology (OT) systems which provide safety and security services such as video surveillance, building access and building control systems, alongside many other services which interface with our physical world have evolved beyond their traditional roles. They are now vital intelligence hubs, capturing real-time data to enhance operations and critical decision making.

However, OT security is often an afterthought. Historically, these systems were isolated, making them less vulnerable to cyber threats. However, with IT/OT convergence, they are now interconnected, opening new opportunities - but also new risks.

In today’s interconnected world, however, driven by IT/OT convergence and its wide-ranging benefits, a secure network with cyber threat resilience must now underpin OT systems vulnerable to a broad range of attacks, some of which are directly targeted at OT vulnerabilities.

Collaborate to Modernise

Working collaboratively with other OT decision makers, IT departments develop a better understanding of services running, sometimes prominently and sometimes less prominently, within the organisation.

IT brings a level of cyber risk maturity to the conversation; after all, IT networks have been under attack for much longer. While those responsible for OT systems may think nothing of running a camera or door access panel with outdated firmware, IT wouldn’t, as they are clear on the risk this can present in an inter-connected, internet-facing network.

As services begin to share a common network, coherent, consistent and common security policies, patch management and network management and segmentation can improve the security posture of an organisation, a big step towards a zero trust approach to network security. In doing so, they will realise the benefits of reduced network complexity, enable new features on the OT estate, and cost reductions associated with IT/OT convergence.

Regulatory Compliance

Adhering to compliance and governance is made much easier through the increased visibility common IT and OT networks deliver. Depending on the industry, securing OT and physical security infrastructure may be a legal requirement and likely something considered as part of Governance, Risk, and Compliance reviews.

Organisations must comply with data protection regulations and align with industry guidance such as the Cyber Assessment Framework (CAF) or Secure by Design, both of which require that surveillance, building systems, OT service,s and IT network data is kept secure and confidential.

Reporting on processes that are in place to manage risk, and any cyber breach must also be documented and submitted.

The Right Approach

Selecting the right approach to secure your Safety, Security, and Operational Technology is crucial. With many organisations at varying stages of maturing and lifecycle. Understanding cyber risk is the first step towards developing an appropriate plan, for example by taking an OT Assessment. Then, taking a rational, staged approach to improvements, for example, introducing Network Access Control, network segmentation or OT visibility on a firewall are all steps which will lead ultimately to a more secure, resilient environment ready to meet today’s cyber risks head on.

Contact us to discuss your IT/OT challenges and how North can support