How to Implement IT Compliant OT

As manufacturing operations adopt more intelligent systems, we’ve seen control systems, equipment, and networks rebranded as Operational Technology (OT). With this has come a change in approach from IT departments, who for decades wanted nothing to do with the weird and wonderful equipment that populated the OT space. While keeping the operational world at arm’s length was possible for IT in the past, they are now converging at such a pace and in a way that is impossible, or even perilous, to ignore.

A vital convergence

Cybersecurity is a crucial concern. OT equipment has become more IT aligned by necessity through standard protocols and ethernet/IP connectivity. Like a bucket of cold water, this fact woke the IT world to the significant vulnerabilities presented by connected operational systems. Furthermore, the press has continued to fill with stories of backdoors exploited by nefarious actors and the dire consequences of which to reputations, service, and profitability.

It was time for OT to be taken seriously and become part of the IT estate with the same high standards and best practice approaches to security.

So, what does this mean for you as a manufacturer?

Firstly, you must ensure that your control systems, such as PLC, SCADA etc., are secure from threats by keeping systems up to date and only providing connectivity between systems that require it. Leaving your entire operation wide open, with everything connected to everything else, is particularly hazardous. The optimal solution is to establish communication channels secured via switches and routers, allowing protocols to be enabled and disabled as required. Through this method, you can install firewalls between departments to further mitigate the threat of a cybersecurity breach.

The second point to consider is access control. Users should only be granted permissions to systems they require within an IT-supported domain. Paired with appropriate password complexity, a policy of regularly changing those passwords can minimise a potential vector of attack.

Next is virtualisation. By abstracting OT systems from the IT hardware, you can install physical hosts in an environmentally controlled data centre; rather than the old method of putting server racks under desks in control rooms, where they were subject to dust, heat, and the occasional accidental kicking from a steel-toe-capped boot.

Rounding out this brief overview is patching and backups. Patching regularly, at the same frequency as IT systems, ensures systems are constantly kept up to date and reduces the impact of ‘timely’ vulnerabilities such as Log4j. We still visit sites where Windows XP, NT and Server 2000 are still in use. These operating systems are running long after official support has ended, meaning security patches are no longer available and the vulnerabilities are well known and widely published.

Because OT should now be firmly on your IT department’s radar, creating a thorough backup regime will mean your systems are recoverable in the event of data loss due to a ransomware attack, operator error or any other disruption.

Experience and Expertise

Novotek Solutions delivers operational technology with a methodology shaped by a deep knowledge gained in over three decades of experience in IT domains.

We’ve led the way in delivering all our projects to a high, IT-compliant standard. Our solutions are supportable, maintainable, and extensible to keep your operation fit for the future.

Read more