Can IT and OT Systems use similar Cyber Defense Tools?
Author: Daniel Ehrenreich SCCE
The role of the IT team in your organization is obvious as they are around since computers are used by business organizations. You frequently need their support and they must ensure the IT network operation in terms of Confidentiality, Integrity and Availability (CIA) of the database. In recent years, their role became more complex due to the widespread use of portable devices and equipment by organizations for both private and business purposes by people who need connection anytime from everywhere (bring your own device – BYOD). But what happens in organizations managing critical infrastructure such as heavy manufacturing, power plants or water treatment plants using Supervisory Control and Data Acquisition-SCADA for controlling these operations? These systems (also called DCS, PLC, RTU, IED, etc.) must ensure reliable and absolutely Safety and Reliability of these industrial operations. In some organizations these SCADA systems are supported with cyber defense measures deployed by the IT team, while larger organization employ dedicated by the OT (Operation Technology) team who has extensive SCADA related knowledge. While both teams must and act professionally, why the same team cannot fulfill both tasks? I refer here to mid-sized organizations with up to hundreds of employees.
Although both systems mostly utilize the Microsoft WindowsTM, operating system there are significant differences between their architecture. I refer here to some of the differences between IT and OT systems:
IT systems are continuously connected to the Internet, the OT system shall be isolated from external access.
IT systems typically enable hundreds to thousands of connected computers, OT networks just a few dozens.
IT systems allow using hardware and software from different vendors, OT systems use a single provider.
IT systems use the latest version of hardware and software, OT system use legacy stuff even 10-15 years old.
IT software updates are done immediately upon availability, OT system are updated once in few months.
IT systems are built for remote access by employees, vendors, customers, etc. OT systems shall not allow that.
IT systems can be maintained by people having IT certification, handling OT systems require SCADA certification
The OT support staff handling the SCADA system, as mentioned above must ensure the safe and reliable operation of the critical infrastructure. While no one would think to wake up an IT person because he could not read an email from home…, if a problem arises in the OT network or with the SCADA system which may cause damaging the production process, the OT expert must react immediately and professionally. Another topic to consider is that many manufacturer’s warranty for heavy industrial equipment is conditional on the provision of on-line access to the SCADA system (24/7/365) and allow remote monitoring via a secure Virtual private network-VPN. Therefore, although securing procedures for SCADA systems are very much different from securing IT systems the IT teams must collaborate with the OT team to allow secure remote connection.
Summary and Conclusions
It is important to emphasize the significant technical difference between IT and OT systems and consequently ensure that each support team will get proper and focused training related to computers, operating systems, IT related Cyber defense and also SCADA security. Hacker U took this challenge very seriously, and our intention is to offer you, the IT expert to upgrade and expand your capacity towards handling Cyber defense support for SCADA systems, and we also encourage the SCADA experts to expand their knowledge with SCADA-specific Cyber Defense processes, Measures and Best Practices.