Over the past decade, operational technology (OT) systems have become increasingly IP-connected and more vulnerable to cyber threats. As the lines between traditional IT risk management and operational risk management continue to blur, it’s critical for CISOs to incorporate OT cyber risk into their enterprise security strategy.
What Is Operational Technology (OT)?
First, let’s define what “operational technology” is. OT encompasses the hardware and/or software that controls or monitors assets operating a process in the physical world. This can include everything from traditional industrial control systems (ICS) to Internet of Things (IoT) devices that are involved in a physical process.
When most people hear the term “OT”, they associate it with factories and energy grids, and that’s true. But today, you can find operational technology in almost every industry. This concept covers anything that is controlling something in the physical world. Things like HVAC systems, escalators, elevators, physical access control mechanisms, drones, cranes, autonomous robots, and more are all considered “OT”.
Important Nuances to Consider for OT Environments
While an integrated approach delivers advantages, CISOs should be aware of key differences when managing cyber risk in OT environments:
- Legacy devices and proprietary protocols are common in OT, making asset discovery and behavior profiling more difficult. Using data collection methods that were purpose-built for OT systems is the best ways to get the asset and network information you need, while ensuring that there is no process disruption.
Many OT devices and controllers also have limited computing power and resources, so choose a lightweight endpoint security solution specifically engineered for this use case...Read More!
