Until now, operational technology security has not been a priority. The main priority remains the availability and integrity of OT systems. But they are two sides of the same coin. Guaranteeing the desired availability and integrity now means taking OT/ICS security seriously. Learn more about why OT security is a challenge…

It’s good to start by reflecting on what you don’t know about your OT. We will address these knowledge gaps together. Through a detailed inventory, we will consolidate an overview of everything you have in your operations. Security validation or penetration tests will show how secure the OT network perimeter is, how robust the remote access is, how well the security zones within operations are created, how well physical and logical permissions are secured, what vulnerabilities individual components have, how well OT resources are backed up, and more.

To make the right decision, it is best to face the facts. We won’t scare you or lie to you. We will simply write down, to the best of our knowledge and conscience, the risks we identified during the inventory and validation, ranked by severity. The report won’t be long, but it will be easy to understand. Based on it, we will jointly develop an action plan for corrective measures. After understanding the risks, we will also help you create a response plan for OT security incidents.

OT involves health, the environment, and unfortunately, human lives. The ideal entry point for improving OT security is current knowledge of the environment and the ability to regularly check that nothing is going wrong. We propose solutions that do not require intervention in the functioning environment but will still provide enough information for proper decision-making and a good response to identified security incidents. We will design a comprehensive system for controlling introduced media (USB memory cards, engineering work systems) into your OT environment. Non-invasive solutions will allow you to always have an up-to-date inventory, an overview of vulnerabilities, and easily performed antivirus checks without the need to install anything on OT/ICS resources. This is even possible in isolated systems with a central console and reporting capabilities to your security operations center.

Before introducing new assets into your organization—whether servers, storage, workstations, or laptops—it is advisable to thoroughly inspect them upon receipt. They may unintentionally or intentionally contain malicious code, critical vulnerabilities, or unwanted software. It’s advisable to keep a detailed, centralized record of these inspections. The same applies to your products. If they contain an operating system, connect to the customer’s network, or may contain vulnerabilities, a detailed security report of the delivered systems should be provided to the customer. Non-invasive technologies mentioned earlier are also very suitable for performing these inspections. Creating and optionally printing and attaching reports to products demonstrates your company’s proper approach to supply and customer chain risk protection. We’ll think it through, advise you, and create a process on how to do it.

Protection via CPSDR (Cyber-Physical System Detection and Response) for your OT is like a Swiss Army knife for ICS security. With central management and support for all systems, even old and unsupported versions of Windows that may appear in OT, right up to the latest Windows 11 LTSC. The unified ICS endpoint protection agent delivers a set of features that prevent not only attacks but also human error. With learning algorithms, you can safely lock systems to perform defined tasks without complex configurations. The detection mode allows for thorough verification of the correctness of the automatically learned configuration, and the prevention mode will perfectly lock the system. When an update is needed, CPSDR can be switched to maintenance mode, which allows updates and simultaneously learns all new changes that the ICS update brings.

The operational technology network connects critical systems of your production. Here, emphasis is understandably placed on reliability, resilience, and protection against failure. Given the development of security threats, it also makes sense to include another element—security. Creating security zones, micro-segmentation, visibility into operations, and protection against vulnerabilities at the network layer without disrupting OT system availability is a significant benefit to the stability of your production. Industrial intrusion prevention systems (IPS) allow these goals to be achieved without having to modify anything on the OT network. They are fully transparent to operations, natively understand OT protocol communication down to individual instructions, and contain traditional IPS from the physical to the application layer. They are easy to deploy with self-learning mechanisms that create a foundation for rules. These rules can be monitored and enforced once trust is established. Additionally, industrial firewalls can be deployed for segmentation at the network layer, but they require configuration changes to OT systems and are usually deployed during new construction or complete reconstruction of OT operations. For ease of deployment, industrial IPS is typically preferred.

The speed of service intervention is now a priority. Therefore, most software and configuration issues can be diagnosed and usually resolved remotely by OT system suppliers. Everything seems perfect until you consider remote access to your OT network from a security perspective. Who is accessing it, from which system, what can they theoretically access remotely, is the remote technician’s computer free of malicious code, how is their activity verified, authorized, and logged? There are many security concerns, and an easy solution is to replace insecure remote access methods (VPN, SSL-VPN, RDP) with the “Zero Trust” technology. “Zero Trust” is a secure approach to both IT and OT that is easy to configure. It allows access only within a designated service window, verifies geolocation, checks the remote system’s security, performs verification and authorization to access only a specific system, creates a point-to-point connection that is continuously checked, and logs all activity in detail.

A recovery plan and an incident response plan are fundamental tools for a good manager. We will help you create an OT security incident response plan, which must include reliable automated backups of your production assets and their control systems. We will ensure not only that backups are made but that they meet your RTO/RPO (Recovery Time Objective/Recovery Point Objective) requirements and do not contain malicious code. The backup is the last lock protecting your production assets, and it must always be 100% reliable.

Managing security with a monitoring center is like the final level of a Tetris game. Few reach it; it requires great effort, but the result is worth it. SOC – Security Operation Center allows operational security to be perfected. Moreover, it doesn’t have to be as complicated as getting past the 10th level in Tetris. We can advise not only on creating a dedicated OT SOC but also on how to implement a combined IT/OT SOC without financially or resource-wise overwhelming you.

Remember that investments in security measures will never have a positive impact on the organization unless thorough staff training is included. The training should be divided into two parts. Even before the actual implementation, it is necessary to explain the reasons for the measures, their benefits, and, let’s be honest, any possible less positive effects to everyone whose work will or may be affected. This helps to not only gain understanding but also secure informed agreement and support for the deployment of the respective security measure. The initial introduction prepares the staff for potential changes in their activities, authorizations, access, and common processes. During the implementation, it’s essential to follow the set plan and provide the relevant personnel with the information and knowledge required to perform their tasks. Before launching the new security measures, it is necessary to test the team’s knowledge and readiness. And since security is not a state but a process, it is crucial to continuously strengthen knowledge and skills, repeating the trainings regularly.