Understanding the Current Operational Technology (OT) Security Landscape

February 27, 2023

There’s no two ways about it: OT is complex. That complexity can make it difficult to secure the critical technology that keeps the world moving. In this video, Optiv’s Sean Tufts breaks down the challenges facing organizations who want to secure their OT and steps they can take to get there.


Sean Tufts - Operational Technology
security is critically important. Right now across our whole ecosystem, we're exposing a bunch of places to the internet that we're never used to that before. Our factory floors, our power plants, our oil and gas operations, all those things are, by definition, critical infrastructure, and we haven't had a bunch of robust security practices around each one of those equipment. Take your power plant. If ransomware gets into that facility, it can propagate really, really quickly. And more importantly, people will pay money very, very quickly to get that ransomware taken care of. Those systems have that kind of unique pressure where ransomware is a really, really big threat to them, and that's what we're trying to secure. OT's a challenge because historically, we've counted on one line of cybersecurity, an air gap.


We just removed the internet from our power plants and called that cybersecurity, which it was, but now we want data out of these facilities. We want more modern ways to control them, and that's opening up the aperture again to the internet, and we've got to go back through and reevaluate everything we've done digitally inside those facilities and make up a ton of ground, a ton of legacy systems, and improve those all at the same time that we're improving cybersecurity. The complexity of OT systems is a big security challenge. Number one, we got a bunch of legacy old systems, and number two, a bunch of new stuff we wanna bring into this environment. Cloud technologies, identity components, data analytics, and bridging that gap between the old and the new is a huge security challenge. All of our clients are really focused on uptime, and resiliency and safety. Those are the three big items, but intermixed in all that is intellectual property. For our manufacturing clients, intellectual property is the recipes for their equipment, the recipes for their food, the thing that actually has value in their company, and they're developing that in their corporate environment with a bunch of security safeguards, and they're handing that recipe over to the manufacturing side that has a lot less.


We're losing intellectual property at a very large rate on the factory floor, and that's what we wanna secure. The best way to mature OT, take it one step at a time. There's no skipping steps here. There's no shortcuts. You take your segmentation, your protection strategies, you start to grow that up. Make sure they're good, number one. Number two, get more intelligence. We need visibility into these places. More often than not, we have around double the amount of endpoints that we thought we had, which is a big number, so get visibility. From there, we wanna refine some of the soft skills stuff, the people portion, the processes, how we build races for who's in charge of cybersecurity. All those pieces and parts are really, really important. From there, we bring in a big identity component. Identity and OT is gonna have a really big influence on how we build security going forward. Who's using these systems? How are they using them? What time are they operating them? It's all a big important cybersecurity metric, and if we can do all those things right, we can pull all these data points into an operation center, into that SOC and start really churning out highly actionable alerts with a very high rate of success that is securing the organization, and actually showing progress and metrics around how security's gone from nothing to something, and showing that process.


Optiv's OT team is built around ADO, advise, deploy, operate. On the advisory side, we have risk assessments, big focused efforts to get all the risk known. We also have small things, like a small policy build, a GRC component. All those pieces and parts are important to make sure that you've got the foundational elements for your security program. From there, we can take on some really big rocks, like a segmentation design strategy, making sure that these networks operate like they should and are also separate from each other, and building in security from the start. From there, we get to bring in a big bag of tools, and this is really fun, because we get to do malware analysis in OT. We get to do asset detection in OT. We get to bring vulnerability management here in a place and a way with context we've never done before. And the back end, if we do those first two right, we have a whole operation center that can triage these alerts, that can put context around what we're seeing in this environment so that we can make better security decisions all along that path.