The future of ICS security depends on OT-centric security solutions

New cybersecurity operational technologies are emerging to protect industrial control systems (ICS) against impending IT threats and attacks. ABI Research indicates that demand will focus on network level security in the short term but eventually shift to place the significance on embedded security and lifecycle management.

“Digital information, by its nature, can be backed up and restored, relocated and copied. Most IT security methodologies and technologies rely on this aspect of virtual assets. Operational technology (OT) processes give us a completely different set of variables. OT processes control a power plant turbine, a manufacturing plant’s assembly line, or an offshore platform pumping machinery, for example. These assets are physical, real, and cannot be ‘restored from backup’, ‘moved to run in another site’, or replaced easily when broken. Inherently, this difference dictates radically different security methodologies, technologies and practices. We have witnessed often lately that just throwing in a firewall, ‘because it works for the banks’ is not a good program,” Lior Frenkel, CEO of Waterfall Security Solutions, told Help Net Security.

Redesigning next-generation control systems

As the market adapts, ICS vendors are at risk. They will need to redesign next-generation control systems with digital security in mind. Cybersecurity vendors need to create new product solutions for OT settings, as existing IT-based cybersecurity is not easily configurable.

Yet, the market may face opposition as it migrates toward OT-centric cybersecurity solutions. There is a chance that security costs and elevated risks associated with connecting ICS are too high for some industrial operators. This may force some of them to forego connectivity within industrial settings.

“The age-old technique for protecting industrial networks from attacks, namely separating them from the rest of the world using an ‘Air Gap’ is no longer a functionally or operationally feasible option in today’s connected world. Moving from network to control layer security requires taking a comprehensive inventory of assets deployed in each environment. This includes building an asset and configuration database that is automatically updated based on network changes, and maintains a log of all changes to allow for recovery in the event of a security incident and operational disruptions,” said Mille Gandelsman, CTO of Indegy.

“ICS security monitoring solutions must be able to understand OT-specific protocols, including proprietary implementations used for critical control operations that impact PLCs and their processes,” Gandelsman concluded.