New approaches to OT security: solutions for special requirements

In the OT sector, deficits in security products mean that many operators prefer not to use them. New tools tailored specifically to OT problems could change this.

The OT sector has its own protocols as well as special conditions and requirements. This results in its own security problems and attack vectors. New security products are trying to counteract this.

Digitalisation has long since reached production. Even artificial intelligence has found its way in, for example in machine maintenance using predictive maintenance. Complex systems that process large amounts of data from sensors, for example, are now standard. They control networked robots in industrial production, which in turn generate a lot of data themselves.

However, high complexity and special requirements such as uninterrupted operation make it difficult for security solutions to ensure security in Operational Technology (OT), creating a breeding ground for cyber attacks, as this article shows.

This year's IT security trade fair it-sa increasingly showcased specialised solutions for the OT sector, as two examples illustrate. These include developments from OT specialist txOne.

 

Special USB stick for analysing the safety of industrial plants

The Portable Inspector is one of the various OT solutions from txOne, such as network and end device protection. The small device looks like an oversized USB stick. "It is designed as a stand-alone device that is plugged into a system and analyses it without having to install or configure anything," explains Mirco Kloss, Business Development Director at txOne. The device is particularly suitable for plant systems that are not networked or are not intended to be networked, he explains. It has enough logic on board to work as an independent computer. "Once connected, it collects all the important data for a comprehensive analysis, including log files, reports and so on," explains Kloss. His sales manager Christina Krauß adds: "The Portable Inspector also has a secure storage area called Secure Storage, which can be used, for example, to upload software updates, which are first scanned and then installed". The particularly long support period of at least ten years is important for the OT sector.

 

OT networks are a blank spot on the map for traditional security products 

When production systems are involved, the classic monitoring of internal network traffic quickly presents a particular challenge: OT environments come up with their own protocols and many components only come into contact with other devices on an irregular basis. Forescout has adapted to such situations. The manufacturer offers a platform with several products to improve the security of OT, IOT and IT. However, the installation of third-party software is not welcomed in production environments. The software therefore works without an agent, meaning that no components need to be installed on the systems. Instead, the network is monitored from a central location. "We can recognise all devices that are in the network and differentiate between our own systems and third-party devices," explains Rik Ferguson, Vice President Security Intelligence at Forescout. Unauthorised devices connected to the network are therefore noticed immediately. Ferguson adds: "Infected devices can be identified and, if necessary, isolated based on their behaviour on the network and the data they send.

Other capabilities include analysing the status of components in the OT network. Predefined rules are also used to determine, for example, "whether two devices are allowed to communicate with each other at all," adds Eduard Serkowitsch, the systems engineer responsible at Forescout. The systems can also be classified according to risk factors. "This means we know what risk is associated with the failure of a device," explains Serkowitsch. This means, for example, that the consequences of a controller failure for production can be determined and alarms and other response measures can be customised accordingly.

More and more manufacturers of security solutions are adapting to the special requirements of the OT sector and developing customised products. This is increasingly giving rise to a separate segment in the security industry.

Author: Uwe Sievers