Operation Technology (OT) Security, which is occasionally
called Industrial Control Systems, or Process Control Domain (PCD) security, encompasses
defending specialized computers and networks that support environments like manufacturing,
electricity transmission and water treatment plants. These OT environments comprise the critical
infrastructure that supports the foundation of modern civilization and is today
in the cross-hairs for cyber-attacks.
PLC
Fundamental, OT environments like Information Technology
are compromised of computers, albeit it specialized with purpose-built processors,
memory, and programs executing on them to serve a specific function (Vahid, 2017). These computers called Programmable Logic
Controllers (PLC) have code written in ladder logic instead of modern programming
languages and serially execute code that moves actuators, control arms, and other
machinery (Bolton, 2009). As computers
evolved over recent decades, PLCs also evolved from vacuum tubes to
microprocessors, from being serially connected to an ethernet network.
Evolution
With the evolution of the OT environment from a disconnected to
connected, operations and management became more straightforward, but with the ease of managing
the risk of cyber-attacks increased.
These formerly disconnected environments or air-gaped networks became
connected to Information Technology networks to further ease operation and to
allow the flow of data to business decision-makers through analytics. This connectedness and the critical role they
play in production provide attackers a unique opportunity to cripple a nation
or company (Padée et. All, 2019).
Protecting
Protecting the OT environment benefits from leveraging
principles from Information Technology security. Educating the engineers and operators within the OT environment serves as the foundation for security. Also Testing
the protection capabilities. Implementing defense-in-depth protections within each layer of the OT environment
increases security by placing protection tools at various levels within the environment. Finally, deploying technologies that assist
in the detection of either persistent threats or isolated attacks allows teams
to remove threats that breach security.
With this holistic approach, it is possible to protect these critical computing systems and networks (Padée et.
All, 2019).
References
Bolton, W. (2009). Programmable logic
controllers. [electronic resource] (5th ed.). Newnes.
Padée, A., Wójcik, M., Ćwiek, A., Klimaszewski,
K., Kopka, P., Kozioł, S., Kuźmicki, K., Możdżonek, R., Wiślicki, W., &
Włodarski, T. (2019). On Preventing and Detecting Cyber Attacks in Industrial
Control System Networks. Journal of Telecommunications & Information
Technology, 2, 21.
Vahid, F., & Lysecky, S. (2017). Computing
technology for all. Retrieved from zybooks.zyante.com/