ISJ talks to Denrich Sananda, Senior Analyst, Arista Cyber about the growing cybersecurity risk in operational technology in the manufacturing sector..
Let’s start with the basics: what exactly is operational technology (OT) cybersecurity? How is it different from traditional IT security?
The key difference is that OT cybersecurity protects cyber-physical systems. In OT, a cyber incident not only disrupts data or information processes, but has a tangible impact.
An event can directly affect people, the environment and physical processes.
If something goes wrong in the OT environment, valves can open, settings can be altered and equipment can fail in ways that cause real world damage.
Traditional IT security is primarily concerned with protecting information. It is about data privacy, reliability and availability.
OT protection, on the other hand, is about preventing physical effects.
Simply put, IT breaches usually mean lost data, but OT breaches can mean shutdowns, environmental damage or even explosions. That difference really changes the way risk must be understood and managed.
Why is OT cybersecurity becoming a top priority for manufacturing and critical infrastructure businesses?
The threat landscape has changed dramatically. Manufacturing is one of the most frequently targeted sectors today, and attacks against industry standards are no longer just about financial gain.
They are designed to disrupt and endanger, and involve national actors and long-term projects. Threats have grown to such an extent that critical infrastructure industries, such as water, wastewater, electricity and sanitation, are known as political targets.
Some plants, especially chemical or defense-related products, can cause serious damage if used. Even outside of critical infrastructure, managing industrial processes can cause safety incidents, loss of productivity or environmental harm.
OT systems, especially legacy systems that have undergone digital transformation, were never designed for this level of poor maintenance. Yet here we are: They are now connected, remote and exposed.
That combination makes OT cybersecurity a board-level issue.
What kinds of real-world threats do developers face today, and how are attackers looking at the industry landscape differently than in the past?
Developers are getting scammed by common entry points, especially phishing and poor internet hygiene. In most cases, attackers do not enter directly through OT systems.
They begin to discover the IT environment and move beyond the industrial network.
Remote access has become a major risk factor. Since COVID-19, the remote connection to plants and control systems has increased rapidly, often without adequate security controls or oversight.
Physical access is often underestimated, with removable media such as USB devices still capable of introducing malware into industrial environments.
None of this will be new to IT professionals, and while attack methods haven’t changed much, the intent and motivation have. Attacks have become more organized and more serious.
Procurement-as-a-service and supply chain compromise have lowered the barrier to entry, meaning that OT environments are now being targeted deliberately and systematically, rather than being random victims of IT-focused attacks.
How do laws such as the NIS2 Directive affect the way organizations approach OT security?
Europe is clearly leading the way in this area. NIS2 introduces mandatory requirements that transform cybersecurity from a proactive to a regulatory one.
Essentially, this means that organizations look beyond IT and address supply chain risk, physical security, governance and stability across their operations. Well, this includes the OT.
In North America, most guidelines are still voluntary. Organizations such as CISA provide advice rather than practical instructions. But NIS2 is still important for non-European companies.
Every organization operating in Europe, exporting to European markets or forming part of a European supply chain must comply.
For the developers of the world, this means that NIS2 raises the bar everywhere. It helps push OT cybersecurity out of the technical silo and into business risk management.
What are the most common mistakes or misconceptions that organizations make when trying to maintain their OT environment?
The most common misconception is that OT spaces are not spiritual. That is an old philosophy that does not take digitalisation into account. In fact, many are already connected, often incorrectly, through IT networks.
As for mistakes, most networks are not built with risk in mind.
We see a lack of separation, where many plants are running a flat network where IT and OT systems meet with little separation, allowing attackers to move around with ease. There is an over-reliance on older technologies such as VPN for remote access, which provides extensive access once compromised.
Finally, organizations often underestimate basic access control issues.
When I work in the field, I often see unused accounts, vendor credentials, and weak physical security. These gaps persist not because solutions do not exist, but because the OT environment is perceived as isolated and safe.
In your experience, what are the first steps organizations should take to build a strong OT cybersecurity foundation, especially if they have legacy systems?
Start with three steps. The first step is to acknowledge that OT cyber-risk exists.
From there, organizations must understand their hardware; A basic inventory is essential. This should be followed by a high-level cybersecurity risk assessment of the OT to determine where the serious risks are.
It is important to point out that this process does not mean that the legacy systems themselves need to be replaced. A risk assessment determines whether additional controls are needed and what form they should take.
In some cases, physical protection may be more effective than technical controls.
Most importantly, this is not a solo project.
Cybersecurity must be part of the OT safety manual and managed as an ongoing program. Without consistent governance, policies, monitoring and follow-up, even well-designed reforms will fail over time.
What role does the collaboration between IT and OT teams play in maintaining an industrial network?
Security cannot happen without close collaboration and communication between teams on both sides of the IT/OT divide.
IT security teams are generally more mature and have significant experience in governance, crisis management and incident response.
OT teams can and should learn from those practices, but IT practices cannot simply be copied.
OT sites operate under very different constraints. For example, patching can require downtime and there is a performance risk. A failed device can shut down the entire plant. That is why IT-OT collaboration must be deliberate and informed. Best practices should be changed, not enforced.
When IT and OT teams work together with a shared understanding, organizations can build security that protects digital assets and physical operations without creating new risks.
#Defending #cyber #philosophy