OT vs IT
Sure, you’ve heard of IT. But what about OT?
OT or Operational technology is hardware or software that functions in industrial machine operation processes, whereas IT is hardware or software that functions in enterprise business objectives. OTs roll up into industrial control systems (ICSs). And the ICSs are controlled by either programmable logic controllers (PLCs) or distributed control systems (DCSs).
PLCs were created to replace legacy control systems made up of contractors and relays and control industrial equipment like pumps or elevators. DCSs were created after PLCs to address needs PLCs were not meeting. They are a larger-scale, more complex system that can control more processes and machines than a PLC can. While a PLC might control the temperature of a water tank, a DCS may control an entire oil refinery or chemical plant.
The DCS is a control method that manages independent central processing units (CPUs). Each CPU performs a different function. If one CPU fails, the other CPUs can continue performing their individual processes without disruption. PLCs is a centralized control method that manages a single CPU to control the entire process.
SCADA collects, monitors, and analyzes the data from PLCs and DCSs.
Here’s a look at how OT devices roll up and contribute to these systems. Note that everything falls underneath the OT umbrella.
What is the difference between IT and OT?
The difference is rooted in how we use the technology. IT focuses on managing data for the business operations of organizations and enterprises, and OT focuses on managing data that powers the physical equipment and machinery of industries.
Another way to think of this is OT is the IT of the non-carpeted areas.
Let’s look at different elements on either side of IT or OT.
Here are some examples of OT systems you may be familiar with.
- Human-machine interfaces (HMI) like the automated temperature control of a data center
- IoT devices like smart refrigerators and insulin pumps
- Power plant management systems
- Remote terminal units (RTUs)
- Civil Service projects like tolls, sewage treatment plants, canals, and aqueducts
Challenges With OT Security
Outside of the Air Gaps
Historically OT and ICS networks were isolated from external connectivity with a firewall that created a parallel network. OT devices could communicate within the network but not with outside networks. This process is called air gapping. While this works, in theory, to stop the outside from getting in, it does not stop security lapses on the inside from getting out. The Repository of Industrial Security Incidents (RISI) attributed the source of most security breaches to inside incidents. With removable equipment and devices or USB drives, the air gapping protection becomes ineffective.
Unpatched OT Components
Because of the single-function nature of many OT machines, it’s not unusual for them to be left running for long periods of time. This means they are unable to receive timely patch updates. Additionally, OT has historically been more focused on physical safety than data security. Many legacy OT systems are not retrofitted with the necessary security components to keep these systems safe.
OT as an Easy Target
Incidents targeting outdated OT infrastructure are beginning to outpace IT attacks. Let’s consider a couple of examples from 2022 data reported in icstrive.com’s OT cyber incident database:
The world is beginning to react to these unchecked vulnerabilities. According to a recent report, 70% of OT organizations plan to roll OT security under the CISO in the next 12 months, but only 9% of CISOs currently oversee OT security. Additionally, 62% of OT security budgets have budget increases for next year to meet this growing need for attention.
What can engineers do to avoid the costly clean-up of halted supply lines caused by an OT attack?
Focus on prevention.
How ThreatEye can help
ThreatEye provides value using behavioral analysis through deep packet dynamics. The ThreatEye system inventories and baselines all OT devices communicating over the OT network. It also reports and tracks all the IT protocols crossing the boundary. ThreatEye also provides value where organizations have both an IT and OT network. IT networks can act as gateways into the OT. ThreatEye detects corruption within the IT environment before it can spread to the OT.
Want to learn more about ThreatEye’s capabilities? Continue the conversation with an expert today.