Most people are familiar with the term Information Technology (IT), which covers the spectrum of technologies for information processing, including software, hardware, communications technologies and related services. Operational Technology (OT) is a relatively newer term that refers to hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise. For example, OT networks interconnect industrial control systems such as programmable logic controllers, supervisory control and data acquisition systems, distributed control systems, process control domains, safety instrumented systems, and building management and automation systems.
As many organizations are discovering, the Industrial Internet is a huge new opportunity for growth and efficiency. To realize this value, OT environments need to be connected. With production systems becoming more interconnected, the exposure to cyber incidents increases. Attacks and disruptions on critical infrastructure put reputation, production, people, and profits at risk.
Traditionally, OT networks have operated separately from IT networks. For example, OT networks utilize proprietary protocols optimized for the required functions, some of which have become adopted as ‘standard’ industrial communications protocols (e.g., DNP3, Modbus, Profinet). More recently, IT-standard network protocols are being implemented in OT devices and systems to reduce complexity and increase compatibility with more traditional IT hardware (e.g., TCP/IP). This increase in connectivity, complexity and exposure has led to a demonstrable reduction in security for OT systems.
Industrial network security devices are designed to protect critical infrastructure, control systems and OT assets. Network security devices provide protection from cyber threats and vulnerabilities in OT environments by monitoring and blocking malicious activity and misconfiguration to promote OT safety and protect productivity. While effective, configuring network security devices is a difficult and time intensive manual task. For example, a network administrator is often tasked with manually generating a network topology and selecting appropriate policies and whitelist protocols. Accordingly, improvements are needed.