Information Technology (IT) vs. Operational Technology (OT) & Why OT Security Is So Important

IT vs. OT? What’s the difference? I’m sure you have heard about Information Technology (IT). But what about Operational Technology (OT)? I had not heard of this term until last week while being introduced to OT security. What’s the main difference between IT and OT within the scope of power and utilizes? OT devices/systems are responsible for the physical process (grid-based), whereas IT systems control the data and flow of information within an organization (admin-based).

What is Information Technology (IT)?

Information technology (IT) refers to anything dealing with computer technology and information systems, from Microsoft Exchange/ Outlook for emails to logging into the organization’s Virtual Private Network (VPN) for internal access to applications or data. In other words, IT controls the management within the context of business operations, dealing with computer hardware, software, internet, telecom equipment, or networks.

What is Operational Technology (OT)?

Operational Technology (OT) is the hardware and software utilized to regulate and control physical devices and processes within an organization containing Industrial Control Systems (ICS). OT systems, for example, are responsible for how engines and valves are processed or how different processes are regulated to prevent detrimental events within a grid substation. Supervisory Control and Data Acquisition (SCADA) is an example of an ICS system responsible for real-time management, automation, and control of industrial processes. Essentially, within the umbrella of OT, ICS is leveraged to provide OT professionals visibility and ease of management of physical systems within the environment. OT is frequently seen in various sectors like power and utilities, oil and gas, transportation, etc., and all greatly depend on SCADA systems due to the nature of their work. Additionally, OT is heavily reliant on PLCs (Programmable Logic Controllers), responsible for performing automated tasks or output based on pre-programmed parameters.

Why Is Operational Technology (OT) Security So Important?

Because many organizations are leveraging digital transformation like Internet of Things (IoT) devices to stay ahead of the competition, several risks and threats are introduced into operational technology. Traditionally, operational technology is set up in an “air gap” environment, meaning it lives within an isolated network with no interaction with the outside network. The only way to move data in and out of an air-gapped device is through physical means like a thumb drive. However, many organizations that utilize Industrial Control Systems (ICS) no longer use a truly air-gapped network, which expands the attack surface adversaries can use to exploit operational technology within the grid.

Therefore, OT security is vital to protect Industrial Systems and networks from cyber-attacks and adversaries. Because operational technology heavily supports critical infrastructure like electricity, nation-state threat actors are always on the move with the intent to cause both financial and physical harm to large amounts of people. Hardening OT devices to protect the system’s availability, eliminating downloaded software/applications not need within the device, refining OT-related protocols, and regularly upgrading from legacy software with critical vulnerabilities are best practices in ensuring confidentiality, integrity, but most importantly the availability of operational technology systems.

Have you heard of Stuxnet?

Stuxnet was first discovered in 2010, a complex computer worm that targeted several Windows zero-day vulnerabilities and centrifuges used to produce uranium. This was a cyber tool created by the United States and Israeli government intended to delay Iranian’s development of nuclear weapons. Stuxnet mainly targets SCADA systems such as computers connected to PLCs produced by Siemens, a grid security vendor that offers energy automation and smart grid. After identifying a PLC system, the worm alters the PLC programming, forcing the centrifuges to be spun too quickly and too long, which results in the damage of equipment/processes.

Ever since the Stuxnet hack and leak in 2010, operational technology security became an important focus within critical infrastructure. The physical and financial impact caused by the worm highlighted the harsh reality that vulnerabilities and legacy software within OT pose a considerable risk and threat to nations and their critical infrastructure. Therefore, securing and hardening physical devices within Industrial Control Systems (ICS) is a must to reduce the attack surface that adversaries can exploit.