For decades, OT was divorced from the rest of the world, quietly turning things on and off; controlling speeds, rates, and pressures; monitoring for health, quality, and danger. All to ensure that industrial processes ran efficiently, effectively, and safely.
These systems and networks were the sole dominion of the operational, industrial, and electrical engineers who were focused on reliability and accuracy above all else.
They were highly proprietary to the manufacturers that built the
industrial control systems (ICS), such as
supervisory control and data acquisition (SCADA) systems,
distributed control system (DCS),
remote terminal units (RTU) and
programmable logic controllers (PLC), as well as dedicated networks and organization units.
These devices used proprietary networking and protocols that gained popularity through market-share including
DNP3,
Modbus,
Profibus,
LonWorks,
DALI,
BACnet,
KNX,
EnOcean and
OPC-UA.
And very often these devices were “air gapped” from any other networks and the rest of the world. You would have to be physically present with access to the network or devices directly in order to access and compromise them.
The infamous phrase “air gapped” in Operational Technology was only coined in 2006 by Gartner in a research paper. This was driven in part by the need to discuss Information Technology (IT) / OT convergence.
The secret garden was soon disappearing. The walls were being torn down to make way for new OT systems and devices built not on proprietary hardware, chips, networks, and protocols. Instead, using common-off-the-shelf- components (COTS) like TCP/IP networking gear, and PC based systems.
This push towards using technology, components, and tools from the IT world provided some significant advantages to the OT ecosystem including:
- Consumers of OT
- Could look forward to more open systems with potentially less vendor lock-in
- Could buy COTS network and system hardware themselves, often from IT vendors
- Manufacturers of OT
- R&D savings by depending on the vast infrastructure that IT provides
- Access to development and engineering personnel from the IT world
But it also came with a few downsides as well:
- COTS software in particular is very actively probed, assessed, and tested for vulnerabilities resulting in new 0-day vulnerabilities being found in not only the OS software but in the entire software stack
- TCP/IP is THE network protocol used by everyone, everywhere, and on everything.
- Because OT professionals and even OT vendors were less experienced with IT technology they applied the tried and trued goals of reliability and accuracy to this new technology usually at the cost of security
Over time, systems that were once inaccessible due to strictly enforced air gaps and were relatively inscrutable to outsiders due to arcane and proprietary technology were easily accessed.
IT/ OT Convergence has been one of the biggest business drivers in OT environments ultimately requiring that OT personnel take responsibility for managing all the systems.
But OT networks and systems aren’t immune to the other big trends we see across IT as well:
- Cost savings and efficiency. Do more with less.
- Become more agile and responsive to the markets and customers - “Smart” devices / systems / processes / plants / grids / cities / etc…
- Integrate into a larger, “just-in-time” supply and distribution chain with other business functions
Real-time dashboards, real-time process optimization, real-time quality control all demand the ability to have high-volume, continuous communications into and out of the OT environment. And six-sigma and detailed, granular process and financial analysis require big-data marts, pools, and lakes to be accumulated over long periods of time.
The net effect of these trends on OT is that it has been pushed to be more open in general, with an increasing amount and variety of data sent between OT and the internet. IT and cloud infrastructure is being made to provide a scaffolding for both IT and OT. And more decisions are being made not on the concept of reliability and accuracy, but on the impact to the financial bottom line.
Continue on to
part 3 of this blog series:
How to Bridge the OT/IT Knowledge Gap.
PacketViper OT360
PacketViper OT360 is a dynamic, contextual, preventative solution that can deliver OT security. It can work on the OT/ IT boundary of an organization's infrastructure, within plant facilities to provide protection internally and between the plant and distributed assets, and within remote OT locations to provide prevention and containment.