Blog title "IT vs OT Cybersecurity: Why IT Best Practices Often Don’t Apply"

IT vs OT Cybersecurity: Why IT Best Practices Often Don’t Apply

In today’s digital age, nearly everyone – and everything – is connected to the internet. So, it’s no surprise that cybersecurity has become a significant topic in the news and a consistent concern for organizations worldwide. But “cybersecurity” isn’t a one-size-fits-all solution, especially when it comes to the distinct differences between IT (information technology) and OT (operational technology) systems.

These differences are most notable when protecting the critical infrastructure that’s built on these OT systems. In such instances, it isn’t as simple as taking cybersecurity policies and best practices from the IT side of the house and applying them directly to an OT network. The systems and technologies are fundamentally different, and it’s important to understand these distinctions to defend both environments effectively.

Let’s talk about IT vs OT and why you shouldn’t use the same blanket strategies across both domains.

Differences Between IT vs OT in Technology and Cybersecurity

We’ve written before about the technological differences between IT and OT systems. Essentially, IT deals with data and manages the digital flow of information through businesses and other networks. OT systems monitor and control industrial equipment, assets, and processes.

The challenge many organizations face in securing OT systems comes from the rapid advances and innovations in technology. Industry 4.0 and smart devices are introducing opportunities for automation and efficiency but often involve external connections into industrial systems that weren’t designed with connectivity in mind.

OT systems are purpose-built for specific operational needs. The devices in these systems are designed to be simple and robust and operate within self-contained networks without any external connection. This means these environments could be running legacy devices that are at or near end-of-life or are no longer supported by the OEM (original equipment manufacturer).

Because of the physical nature of the operations that OT systems manage, disruptions to these systems can have huge impacts – not only on the company financially, but on the end users who depend upon their services, as well as the safety of the operators maintaining the systems. For example, imagine the direct impact you would experience as the result of an OT network outage at your local electricity provider, as compared to an email server outage at a nearby office building where you do not work. Two nearby network outages, but one would cause a more wide-reaching and physical impact than the other.

Cybersecurity Best Practices in IT vs OT

While it might seem logical to try and apply cybersecurity practices and solutions that work well in IT into an OT environment, there are a few reasons why it isn’t quite that simple:

  • Every OT Environment is Unique – OT systems can be built in a number of ways, and the devices use a wide variety of protocols, many of which vary between OEMs and even product lines. A PLC from Siemens, for example, might use a different protocol than a PLC from Honeywell. This means that an organization could be juggling as many types of software, hardware, and protocols as there are vendors in each part of their environment. IT solutions often don’t encompass OT protocols, and likely not enough of them to be effective in an OT environment.
  • OT Systems are Elegant, but Delicate – Because of the way they’re uniquely designed, OT systems can be disrupted by what may seem to be even a basic IT process. Scanning an environment, for example, even if a request or scan is done using a “safe” or “known” protocol, may delay or have other unintended effects on OT devices that could disrupt or halt operations. 
  • OT is Designed for Continuity – Devices in OT environments are designed to be available and running continuously, and maintenance windows have to be carefully planned and scheduled to minimize disruptions to service and operations. Because of this, applying patches in an OT environment isn’t as simple as taking something offline for an hour to install and configure an update. This means that managing vulnerabilities in an industrial environment often isn’t as straightforward as it might be in IT.
  • IT Security Solutions May Not Meet OT Constraints – Many IT-focused solutions require an external connection. OT systems, however, often have limits on the number and type of externally bound connections that can exist at a time to reduce exposure and access through these channels. Not all of these tools can be configured to meet those constraints.

OT Cybersecurity Solutions by OT Specialists

The key to properly protecting complex environments with IT and OT in mind is to understand how each of these systems work, how they interact, as well as the requirements and limitations of both systems.

Making informed cybersecurity decisions and building effective policies and processes starts with good data, and making that data accessible to everyone who needs it. Visibility into your assets, an established baseline of “normal” traffic, and other relevant data is critical to evaluating how best to secure an industrial environment and ensure that things are working as intended.

If you’re interested in getting started with your visibility journey, the OT PCAP Analyzer is a great way to get a quick snapshot and visibility into your network (it’s also a free tool, designed by members of the OT community for the OT community!)

For organizations that have more sites or want to address blind spots in their industrial visibility efforts, SynSaber also offers software-based sensors that can be deployed from the edge to the core, so operators, analysts, and other security-minded team members can get the visibility and data they need to protect their industrial environment.