What is an OT network? A guide to the world of production networks!
OT network refers to the systems that control and monitor the operation of generation networks, such as electricity generation and distribution by electricity companies. The OT network consists of hardware, software and a network that allows communication between various devices. Among other things, this network helps to guarantee the ongoing and uninterrupted operation of the power network by monitoring and controlling the generating process.
OT network operation
OT networks are specifically designed for industry to manage and automate physical processes such as energy production, factory operations, water supply, transport systems and other critical infrastructures. In other words, OT network devices usually operate autonomously without a human operator.
OT networks are designed for high-speed real-time data transmission. The network usually involves a system that monitors and collects data, such as SCADA (Supervisory Control and Data Acquisition) and the sensors, pumps and circuit breakers in the network that generate data and can be controlled. Additional devices that supply data to the OT network are PLCs (Programmable Logic Controllers) in industry and RTUs (Remote Terminal Units), also called substations in power grids.
Operational technology in English: - definition
Operational Technology, or OT for short, is a network system used for industrial and infrastructure monitoring and control, Information is sent to this system by a device that independently identifies a change or event. One major difference between the networks is that in the OT network, most devices operate autonomously without human contact, whereas in the IT (Information Technology) network, most devices are operated daily by users.
Internet technology (IT)
The acronym "IT" stands for "Information Technology". Information technology covers a wide range of technologies and processes related to the storage, processing, transfer and use of information through computers and other digital devices. It includes, among other things, the use of computers, software development, database management, network technologies and much more.
The term "Internet technology" describes the tools and technologies associated with using the Internet. Global information networks such as the Internet link billions of devices and services globally. Network security, communication protocols, website and application development, and many other topics are covered by Internet technology.
What is the difference between IT and OT?
It is crucial to remember that OT and IT are not synonymous, they may face different security obstacles and requirements. OT networks are specialized industrial service-specific systems, while IT networks are general enterprise networks that handle IT-related functions.
The OT network also aims for a very high level of availability compared to the average IT network. This also affects the services used. For example, Intrusion Protection Systems (IPS) are not yet widely deployed in OT networks. An IPS system can be mistaken for a network event, which can then cause, even critical, production interruptions.
OT network equipment
In a traditional IT network, the lifespan of equipment is usually 3-6 years. OT network equipment is usually designed to last. Some equipment manufacturers design their equipment to have a calculated lifetime of tens of years. This means that OT equipment is often in use for more than 20 years.
OT network hardware is also often difficult to upgrade or does not release updates regularly. Some vendors release system updates to hardware once or twice a year, usually to fix security vulnerabilities. As a result, even in a customer's production environment, there may often be many critical updates that are not applied to the hardware.
OT network protocols
OT network devices have supported in the past, and to some extent still do today, so-called closed protocols. These protocols are used by certain companies and no description of how they work is available. Integration between systems can therefore be a problem.
Today, implementations of the IEC protocol family have become more common in Finland for the management and control of electricity networks. Among these, the IEC 60870-5-101 serial communication protocol and the IEC 60870-5-104 TCP/IP based communication protocol are currently used. These protocols have facilitated integration between systems and have introduced new players for the benefit of customers. Industrial protocols still in use include OPC, Modbus and Profibus.
Give us a call, then let's fix things in the production network
Cybersecurity of industrial systems is part of industrial internet security
OT data security
OT security is crucial because these networks manage and control industrial processes and critical infrastructure. The challenges associated with OT security are different from those of traditional enterprise IT networks because OT networks often use specialized systems, older hardware and specialized protocols specific to the enterprise.
A well-protected OT network ensures the reliability of production and prevents malicious elements from getting through the system. The OT network and its security are essential for the operation of companies. They support process management and increase the trust of customers and stakeholders.
Network isolation and segmentation
Isolating the OT network from IT networks and other external networks helps limit the spread of attacks, while reducing the risk that attacks on OT systems will not affect the entire organization or even the entire OT network.
Segmentation, or dividing the network into smaller parts, can be used to separate different types of equipment and services into their own OT networks or to limit the risks between different connections. For example, a customer wanted to separate networks because an external company was connecting to the networks. Network segmentation provided the third party with its own network on the existing switch network. The level of data protection for the consumer was raised as a result.
Encryption and immutability of the data transferred
The security of connections outside the system can be done by With remote VPN connections, which guarantee data integrity and prevent eavesdropping. VPN connections provide a secure connection for OT network protocols, which usually do not have built-in security.
VPN connections have been used, for example, for connections between the substation and the SCADA system. Nowadays, wireless connections are also used, where the use of VPN connections is highly recommended. Some of the devices used in processing networks directly support SSL-based VPN access. In this way, the security of the network can be increased without the need for new equipment.
Updating and vulnerability management
The OT network's systems and equipment should be kept up to date with security and firmware updates. Using old, unsupported equipment can increase security risks. Assessing vulnerabilities and security class is critical for production network operators.
Vulnerability monitoring can be easily implemented Traficom service. In this case, a point-by-point summary shows the vulnerability and exploitation threats of different vendors. In addition, devices and software should be updated. In general, the urgency is determined by the criticality of the threat. Some vulnerabilities are published with an exploitation method, in which case updates have a higher urgency rating.
User identification and access management
There should be clear authentication procedures and access control for users of the OT network. Only necessary users should be allowed access to sensitive systems and functions.
Users of OT networks should have personal IDs. Personal IDs allow for accurate tracking of changes to the company and for auditing after the fact. Master or public user IDs for equipment and services should be deactivated. When managing passwords, it should be taken into account that passwords expire through automation. This will make the password change process routine for users. Another advantage is the locking of unused passwords, which increases security.
Two-step authentication can further strengthen the OT network's security. For example, a high level of security for critical systems can be achieved by using an unencrypted username and password and an ID from a separate program or device.
Physical safety
Physical security of OT equipment and systems is important to prevent unauthorized access to equipment and systems. The security of equipment and facilities at the edges of the process is often the most important.
Physical security is not only limited to rooms and buildings, but also the physical security of servers and field devices. This can mean, for example, disabling USB ports. When deploying new equipment, these issues should be taken into account.
Safety training
Regular security training should be provided to users of the OT network, so that they are all aware of potential threats and know how to react in case of an emergency. In particular, the criticality of production networks and potential threats should be emphasized to users during training.
In general, malware can be spread via email, for example, Users can unintentionally click on an email link that appears to be authentic, such as one from a transportation firm. This could lead to the infection of the entire device via the email program. Infecting one device may not be a problem, but if the malware is allowed to spread, it can bring the whole production process to a standstill.
Anti-malware
Appropriate anti-malware solutions, such as antivirus software for workstations, should always be installed on OT network devices and systems. Other ways to limit malware include network segmentation and attack detection systems, or IDS systems. The service may therefore cover only detection or may also include response.
IDS can be used, for example, to detect the spread of malicious software on the network. On the other hand, if IDS detects the spread of malware on the network, it may already be too late to save the network devices. Malware can spread across the entire network in a matter of seconds or minutes.
Monitoring and logging
The devices and systems in the OT network should store a comprehensive set of data, i.e. logs, in memory. This will assist in the subsequent investigation and fault diagnosis. Logs can be stored locally, but the modern way is to export them over the network to a dedicated system.
Preparation and recovery
The OT network should have a plan in place for potential disruptions and attacks, and ensure that data recovery and system recovery is as quick as possible. It is considered particularly important that different situations are rehearsed and not just theoretically recorded.
In summary, OT network security requires specific measures and attention to ensure that critical processes are protected and potential risks are avoided. Organizations need to be well aware of these specific requirements and invest sufficient resources to improve and maintain the security of the OT network.
OT production network
OT A production network is a term that refers to the overall production process of a company or organization in which different actors and resources are interconnected. This network may include several production plants, suppliers, subcontractors and distribution networks that work together to produce and deliver a finished product or service to end users or customers.
Production networks can vary widely across industries and companies, depending on the complexity of the production process, production volumes, market requirements and logistical factors. For example, in a large international company, the production network may be extensive, covering several factories in different countries and many suppliers around the world. In smaller companies, the production network may be more local and its networks may be a simpler solution. In some plants, the age of the machinery is such that the data may not necessarily be exported to analytical systems.
Cybersecurity in production networks and systems
Cybersecurity in production networks is a very important topic, as the digitalization of industry and the increasing use of the network have also brought new threats and challenges. Critical functions and systems in production networks are vulnerable to various security attacks, and any disruption or attack can have serious consequences such as production downtime, quality degradation or even incidents.
Watch the video on Darktrace OT security
The interconnection of networks and remote connections between suppliers has grown rapidly. This brings new threats, as threats can spread from the office network to the production network. In addition, production network data is increasingly being exported to the office network to support the business. Data is needed for process improvement, monitoring antivirus ERP systems, and to increase real-time business monitoring. Such connectivity brings entirely new threats to the maintenance of production networks.