OT Security Vulnerability: The Enterprise’s Achilles Heel


Operational technology (OT) is the suite of hardware and software that monitors and controls the equipment in a manufacturing environment. It is typically used with industrial control systems for heavy industries, such as manufacturing, transportation and utilities. These systems have existed for decades and traditionally have not been connected, which makes them obsolete in today’s advanced infrastructure.

Advances in machine-to-machine (M2M) technology and machine learning (ML) have led to radical changes in OT. Factories that are designed with automation are realizing benefits in the form of predictive maintenance, improved machine life and quality and volume throughput.

The reality is many enterprises depend on a complex mix of legacy OT, and connected technology that has created a gap when it comes to security. Many factories have retrofitted solutions to integrate with legacy systems. With the accelerated adoption of industrial IoT (IIoT) and connected internet of things (IoT) devices, companies are facing a growing need for security protections that ensure seamless operations and avoid the risks of cyber breaches. This means legacy OT systems must be fortified with security extensions to ensure continuity of operations and avoid downtime due to security attacks.

Healthcare, Manufacturing and Energy Verticals Lead the Pack in Adoption

Some industries have embraced OT security technology more than others and are actively working to mitigate vulnerabilities. We see Healthcare, Utilities and Manufacturing companies taking these threats most seriously. Recent attacks on COVID vaccine manufacturers in which attackers tried to fabricate the vaccine formula have prompted the Healthcare market to address vulnerabilities by setting up a dedicated security operations center (SOC) for OT.

In the past, heavy industries like automotive have stayed away from OT security implementations and, as a result, fallen prey to malicious attacks. For instance, a Japanese automotive company was attacked a few months ago, causing several of its plants to go offline and resulting in millions of dollars in losses. These attacks are compelling heavy industries to provide board-level funding for OT security across their manufacturing facilities.

United Nations Economic Commission for Europe (UNECE) has come up with the World Forum for Harmonization of Vehicle Regulation (WP.29) guideline that mandates cybersecurity for every new vehicle variant launching in 2022 and for every individual vehicle starting in 2024. It is worth noting that the messaging in the WP.29 guideline overlaps with the ISO 21434 standards. In addition to vehicle development, the standards span the entire lifecycle to include manufacturing, organizational and development processes, and the supply chain.

Key Solution Segments Build OT Security Momentum

Enterprises typically prefer security solutions than can scale up and be applied to their on-premises, cloud and specialized networks, such as the fuel sensor network in an oil refinery. We are seeing a growing interest in two main types of security solutions for OT: 1) accurate detection and proactive derailment of threats, and 2) decoy and deception of attackers.

A number of lean, niche, technology-oriented providers such as Armis and SCADAfence have evolved to  provide these solutions. While these companies are partnering with system integrators and OEMs, they also are being funded by several large industry OEMs. At the same time, some large OEMs have started developing and launching their own, vendor-agnostic OT security offerings. This means the OEMs are now competing with system integrators.

In these solutions, an agentless monitoring tool tracks the network, and in case of anomaly, quarantines the device and isolates the misbehaving device from the network. In the case of a large enterprise deployment, in which multiple devices are attacked, the conventional process of manually inspecting devices one by one is cumbersome. The new solutions can automate these functions and perform central orchestration and management for all devices.

Increasingly, OT security solutions can manage and secure all device types via an open platform, proactively addressing issues like resetting passwords, changing configuration, reverting to original setting, and upgrading firmware, etc. New deception technologies stop attacks by disrupting the discovery activity of the attacker and then giving them fake information that leads to their derailment. Finally, the alert is raised with the information required for fast remediation.

In a typical plant, these two technologies operate in parallel with comparatively limited decoy-based deployment. Most enterprises today are opting for visibility and monitoring solutions while some segments have started exploring solutions with managed deception.

System Integrators and Security Service Providers Rev Up the OT Security Engine

Cybercrime actors are rapidly targeting OT and industrial control systems (ICS). This is evident in examples such as the EKANS ransomware. Ransomware is already a significant threat in the manufacturing industry, and security service providers such as Orange Cyberdefense are reporting increasing threats to industrial components, such as intelligent sensors, programmable logic controllers and SCADA in industrial systems. A cyberattack can result in the installation of an infected application leading to systems and PLC malfunction. Such an attack could disrupt the running process of a conveyor belt. Attacks of similar nature can be perpetrated on medical scanners in Healthcare and on equipment in other industries as well.

Many vendors find it difficult to provide for all the varied components across an entire security value chain. This is the opportunity service providers are tapping into. The fragmented nature of buyer behavior across IT and OT teams creates a convoluted solution-buying scenario. Service providers are filling this space with integration offerings and managed solutions.  

Orange Cyberdefense, for instance, has created an industrial security demo center in Lyons, France, that is dedicated to OT security for customers to test and validate their security solutions in a simulated environment. It also allows organizations to raise awareness of OT cyberattacks and train both OT and IT staff. Other service providers are offering full-spectrum services to secure industrial systems. Some of these are anomaly detection solutions and response playbooks based on customer-specific asset inventory and risk analysis.  

System integrators that actively participate in engineering services, such as L&T Technology Services, are driving value with their security posture assessment tool that complies with IEC 62443 and NIST 800-53 guidelines. These service providers specialize in creating asset inventories, network topologies and asset interaction maps that evaluate their clients’ OT security postures. The security audit provides visibility into lower-level and cyber-critical devices and generates the information they need to build a security strategy. A few enterprises are taking advantage of platforms like ServiceNow to keep their OT asset inventory up to date and are leaning on service providers to help them decide appropriate parameters for that. Enterprises also are reaching out to providers for help with updating the status on ServiceNow if the asset is patched.

System integrators know how to analyze plant processes and define cybersecurity requirements. In the case of a breach, an organization depends on its system integrator to help initiate an escalation protection plan, communication protection plan and similar actions in accordance with breach protection guidelines to generate reports and provide recommendations. In addition, system integrators support their clients by creating a remediation package that addresses critical loopholes. These often are as elementary as closing open ports and adding security patches for OT assets but also include complex activities, such as detecting vulnerabilities in the network and initiating appropriate action to offset them. They also educate their clients about installing antivirus and the importance of a dedicated SOC for OT.

As service providers engage with client solution specialists, they tend to improve continuously, adapt to the technology enhancements, and introduce them to the patch releases while the enterprise business evolves. Also, as an enterprise upgrades its firmware, the system integrator comes in from a network segregation perspective.

Emergence of IT-OT Convergence as the Next Frontier

While most service providers and system integrators have been evaluating plant processes, system integrators have gone a step further by helping clients define cybersecurity for their OT connected devices. System integrators are offering robust vulnerability assessment frameworks that help identify existing vulnerabilities in the plant and achieve necessary remediation.

ISG Provider Lens gives readers a deep dive in the IT and OT security space with our annual studies focused on cybersecurity and the manufacturing industry services. Based on our research, we predict a full-swing convergence of IT and OT in the future. It will be critical to the adoption of IoT in the industrial environment and will necessitate a robust security architecture that aligns with the evolving manufacturing environment.


About the author

Kartik Subramaniam

Kartik Subramaniam

Kartik Subramaniam is a Lead Analyst with ISG Research, with a focus on application development and maintenance (ADM) and SAP domains where he covers application development, deployment, modernization, optimization, maintenance, digital transformation, managed services along with tracking the larger ecosystem of ADM service providers and partners. Kartik authors the ISG Provider Lens study for Next-Gen ADM and SAP and offers his industry expertise on custom research assignments in these areas.