Scribd
Upload
74 views6 pages

Understanding OT, ICS, and IIoT Security

Uploaded by

aware.yarrow0k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
74 views6 pages

Understanding OT, ICS, and IIoT Security

Uploaded by

aware.yarrow0k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

General terms:

OT
Hardware and software that controls industrial equipment (physical hardware)
Example: In a factory, OT systems might be used to:
• Monitor the temperature and pressure of machinery to prevent breakdowns
• Control the flow of materials on a production line

ICS
A major segment/sector within the operational technology sector.
specialized computer systems that monitor and control essential industrial processes.
Example: It receives input from various instruments (sensors) and uses that
information to control different parts of the orchestra (machines) to create the final
product (manufactured good, generated power, etc.).

Components: An ICS typically involves a network of devices like:


A. Sensors: These gather real-time data on the physical process.
B. Programmable Logic Controllers (PLCs): These are like mini-computers
that analyze sensor data and make basic control decisions.
C. Supervisory Control and Data Acquisition (SCADA) systems: These
provide a central interface for monitoring and controlling the entire process,
often from a remote location.

IioT
IIoT involves using a network of smart devices, sensors, and machines equipped for
communication over the internet.
How it's different from OT: Traditional OT systems are often closed networks, while IIoT
connects industrial devices to a broader internet infrastructure.
OT, ICS, & SCADA Security
Operational Technology (OT) Security
OT assets are now part of complex networks, exposing them to threats like malware and
ransomware attacks.

Industrial Control System (ICS) Security


Ensure that the system is secured from unauthrized access and data interity .

A compromise in ICS security doesn’t just risk data integrity but can lead to the disruption
of industrial processes, leading to operational downtime, financial losses, and at its
extreme, poses threats to human safety.

Example: attack on florida water supply on ICS


What happend: hackers tried to increase the amount of sodium hydroxide in the water
supply to dangerous levels.
How attacker gained access: The attackers remotely took control of the mouse and the
system using a legitimate application called TeamViewer, commonly used in industrial
settings for remote access.

Example of OT threats:
Malware
How the malware can get to the system ?
• Phishing Attacks -> links can trick employees into installing malware on
workstations that can then access the OT network.
• Infected USB Drives -> (stuxnet) inserting a USB drive containing malware into a
computer connected to the OT network.
• Unsecured Remote Access -> Remote access is often used for maintenance and
monitoring of OT systems.
OT Levels
Level 0 : Includes the physical components on the “shop-floor” e.g., sensors, motors.
Level 1 : Includes the systems that monitor and send commands to layer 0, such as
Programmable Logic Controllers (PLCs).
Level 2 : Includes the devices that support and manage the processes within the OT
environment, including application/database servers and human input interfaces (HMIs),
that enable humans to monitor and manage the lower layers.
Level 3 : Defines the barrier between the OT and IT where jump servers and patch
deployment servers manage limited user access between environments.
IT vs. OT
Logs and moitor
logs coming from Operational Technology (OT) systems will vary depending on the type of
OT device and the software it uses. However, some common fields you might encounter
include:

• Timestamp: This records the date and time the event occurred.
• Device ID: Identifies the specific OT device that generated the log entry.
• Event Type: This describes the type of activity that happened, such as "Start-up,"
"Shutdown," "Error," or "Security Event."
• Event Description: Provides more details about the event, potentially including
error codes, specific values measured by sensors, or actions taken by the system.
• User: If the OT system allows user logins, this field might identify the user
associated with the logged event.
• Data Values: For sensors and monitoring systems, logs might include actual data
point values like temperature, pressure, flow rate, etc.
• Configuration Changes: Logs might track changes made to device settings or
configurations.

Where does these logs come from?

• Embedded Software: Many OT devices like PLCs and sensors have built-in
software that tracks system events and operational data. This software generates
logs and stores them on the device itself or transmits them to a central logging
server.
• Operating Systems: Some OT devices run on dedicated operating systems that log
system activity, including startup/shutdown events, resource usage, and potential
errors.
• Applications: Specific software applications used for monitoring and control within
OT systems might generate their own logs. These could track user actions,
configuration changes, or data acquisition details (Nozomi , dragon)
Systems (nozomi and dragos)
Dragos
• Asset Visibilit : Automatically discover and profile all assets in OT environments
• Risk-Based Vulnerability Management : the only OT cybersecurity solution to deliver
OT-corrected and enriched vulnerability analysis.
• Threat Detection : threat intelligence integrated into the Dragos Platform.

How to response to an OT threat?


Automated incident response playbooks (Like the one offered by Dragos) that can isolate
infected devices, contain the spread of threats, and minimize downtime.

Common questions

Powered by AI

Level 0 of OT includes physical components like sensors and motors on the shop-floor, while Level 1 involves systems like PLCs that control these components . Level 2 manages the processes within the OT environment through application servers and HMIs. Level 3 defines the barrier between OT and IT, using jump servers to control user access across environments, integrating IT systems without compromising industrial control .

HMIs enable operators to monitor and manage lower OT layers by providing real-time data visualization and control capabilities. However, they introduce potential vulnerabilities such as exposure to cyber-attacks if not adequately secured, and the risk of human error leading to incorrect configurations or actions, affecting overall system reliability and security .

IIoT involves using a network of smart devices, sensors, and machines equipped for communication over the internet, contrasting with traditional OT systems that are typically closed networks . This means IIoT enables broader internet connectivity and data integration for improved operational efficiency and innovation, whereas traditional OT focuses on isolated systems to maintain strict control and security of industrial processes .

Ensuring data integrity and securing ICS against unauthorized access involves implementing robust security protocols, regular system audits, and controlling access points to sensitive systems. This is crucial to prevent disruptions in industrial processes, financial losses, and potential threats to human safety, as demonstrated by incidents like the attempted manipulation of water supply systems .

SCADA systems provide a central interface for monitoring and controlling the entire industrial process, often from a remote location . They interact with sensors, which gather real-time data, and PLCs, which analyze this data and make basic control decisions, to ensure seamless operation of industrial processes .

The integration of IoT technologies in industrial environments introduces expanded connectivity and data exchange capabilities, which enhance operational efficiencies but also broaden the attack surface of traditional OT systems. This necessitates stronger cybersecurity measures to mitigate risks associated with increased exposure to internet-based threats and requires rethinking of traditional security models to protect interconnected systems .

To enhance threat detection and response in OT environments, automated incident response playbooks can be used to isolate infected devices and contain threats . Platforms like Dragos facilitate this process by providing asset visibility, vulnerability management, and integrated threat intelligence, enhancing the proactive defense posture of OT systems .

A notable example of OT and ICS security vulnerabilities was the attack on the Florida water supply, where hackers used TeamViewer to increase the level of sodium hydroxide in the water to dangerous levels . This illustrates how malware, phishing attacks, unsecured remote access, and similar vulnerabilities can compromise ICS, leading to potential industrial disasters, operational downtime, and threats to human safety .

Malware and phishing attacks can severely disrupt OT networks by exploiting vulnerabilities such as unsecured remote access and social engineering tactics. For instance, phishing attacks may trick employees into installing malware via malicious links, while infected USB drives may introduce malware directly into OT networks, as seen in the Stuxnet case .

Operational logs in OT systems track events like startup, shutdown, errors, security incidents, and configuration changes. These logs typically contain timestamps, device IDs, event types and descriptions, user interactions, and sensor data values, providing comprehensive oversight that aids in system management and troubleshooting .

You might also like