The evolution of OT: securing the intersection of digital and physical worlds

Our lives have become increasingly surrounded by an invisible network of connected physical machines. Physical devices are being integrated with cloud systems for operational convenience, data and greater flexibility. Over the last decade, these increasing integrations have driven the growth of Operational Technology (OT) systems. OT refers to the hardware and software systems used to control and monitor physical processes, devices, and infrastructure in industries. Unlike IT (Information Technology), which focuses on data-centric computing, OT is concerned with managing and operating physical machinery and automation processes.

OT systems are everywhere in industry today. From control systems in manufacturing, to fire safety systems, transportation systems, energy grid management systems, and water treatment facilities – this technology is the backbone of modern society and forms a critical infrastructure. However, while these systems introduce significant benefits in productivity, environmental and efficiency, they also bring concerns of greater cyber risks.

We spoke to Simon Chassar from Claroty about the importance of these OT systems and how they can be protected from adversaries. 

1. Hi Simon! Operational Technology (OT) projected to be a $38.2 billion market by 2028, in simple terms, what makes OT a critical component for businesses, and how has its relevance evolved in recent times?

OT has long been critical to fields such as manufacturing and energy production which centre around large industrial systems. OT has become more visible in recent years due to its role in driving rapid technological and smart infrastructure developments, often referred to as Industry 4.0.

The convergence of IT and OT has greatly benefited businesses by enhancing operational efficiency, environmental and service quality. However, the vulnerabilities in these systems can be extremely lucrative for cyber criminal gangs. Examples of these attacks include the Colonial Pipeline attack in 2021 where the hackers stole 100 gigabytes of data within a two-hour window and brought the company to a stand still. In a more recent case, the state-run Oil India company’s IT systems were hit by a ransomware attack last year.

OT security is significantly enhanced when it is linked with IT infrastructure. OT security, pivotal in protecting critical infrastructure, is available in the cloud and on-premises models. Cloud-based OT security solutions offer agility, scalability, and robust security, which is particularly appealing to SMEs and large enterprises.

Conversely, on-premises solutions control security measures, including advanced firewalls and threat prevention systems. This growing demand underlines the expected expansion of the global OT security market from $17.9 billion in 2023 to $38.2 billion by 2028.

2. With 69% of organisations reportedly paying the ransom, what are the financial ramifications of these attacks and how is Claroty navigating the current ransomware landscape as impacts shift from IT to OT environments?

The increasing intersection of IT and OT, alongside an evolving threat landscape, has definitely heightened the prevalence of ransomware in the cyber-physical systems (CPS) that comprise OT. These attacks are no longer limited to IT networks but now extensively affect OT environments. This shift has become a critical issue for CISOs and decision-makers safeguarding essential infrastructure.

Recent data indicates a 10% rise in ransomware attacks impacting IT and OT systems in the past two years, with 37% of surveyed organisations experiencing such incidents in the last year. This figure has grown from the findings of our 2021 report. In these incidents, many organisations endured operational disruptions; 32% reported moderate effects, while 12% experienced severe impacts, leading to operational shutdowns extending over a week.

Worse yet, 69% of organisations globally conceded to paying ransoms following an attack, a testament to the severity of these incidents. Most ransom payments fell between $100,000 and $499,000. North American respondents were the most likely to report financial losses in this range. The Asia-Pacific region reports particularly high economic impacts, with 14% of businesses experiencing costs exceeding $5 million USD.

To mitigate these financial risks, 80% of organisations have cyber insurance policies, with nearly half securing coverage of at least half a million dollars. This response to escalating ransomware threats reflects a strategic shift towards financial preparedness in cybersecurity.

3. The integration of new technologies like generative AI into OT environments raises concerns about security vulnerabilities. How is Claroty addressing the challenges associated with the adoption of such technologies, and what measures should businesses take to secure their OT environments amid the growing complexity of technological integrations?

Integrating generative AI (genAI) into OT environments is a double-edged sword. On one hand, 61% of survey respondents are utilising security tools that leverage genAI, recognising its potential to revolutionise industry practices. However, this advancement brings a heightened sense of vigilance, as 47% of these users report increased security concerns.

Claroty is addressing these challenges by ensuring that the implementation of new technologies like genAI is innovative and secure. This involves a careful balance between leveraging the benefits of genAI and maintaining a robust security posture. For businesses, it’s crucial to adopt a layered approach to security that includes regular risk assessments, continuous monitoring of the environments but also the AI contextual understanding (Large Language Models) LLM (example. GPT) which can adversely impact rules by ‘AI changing the AI responses’ (example. OpenAI); and proactive threat detection, especially in environments where genAI is deployed.

As technological integrations grow more complex, businesses must remain vigilant in updating their security strategies. This includes staying informed about the latest developments in emerging technologies, understanding their potential security implications, and implementing necessary safeguards. By doing so, they can secure their OT environments against evolving threats while reaping the benefits of technological advancement.

4. Industry regulations and standard are crucial in shaping priorities and investments in OT security. Could you let us know how businesses can align their strategies to meet compliance requirements while enhancing overall security measures?

For compliance, providers must have comprehensive visibility of their connected assets. Creating an extensive asset inventory across the Extended Internet of Things (XIoT) provides a reliable basis for securing operations in line with cybersecurity regulations. Understanding how assets interact on the network forms a baseline for implementing effective network segmentation policies.

The transportation sector, for example, is extremely reliant on highly secure yet accessible systems, so remote access control solutions are vital for regulatory compliance. Continuous monitoring and detection become challenging with an array of proprietary protocols and escalating cyber threats. An effective cybersecurity solution should offer deep visibility and expertise, alerting to real threats and adhering to required security measures.

In any industry addressing legacy systems and unpatched vulnerabilities prevalent is crucial. The security solution safeguarding these industries must effectively defend against insecure protocols, common vulnerabilities and exposures (CVEs), Exploit Prediction Scoring System (EPSS) and other security weaknesses, ensuring comprehensive enterprise-wide protection.

5. As we head into 2024 and beyond, Claroty’s industrial survey indicates a changing landscape in OT security. How should businesses adapt to the evolving challenges, and what new measures are essential for closing the gaps in OT security?

Regarding OT security, 43% of survey participants have identified risk assessment as a key initiative, emphasising the need to evaluate and mitigate potential threats in the OT environment thoroughly. Furthermore, 40% of respondents have prioritised asset change and lifecycle management, underscoring the importance of maintaining, updating, and securely managing OT assets throughout their operational life. Vulnerability management is another critical focus, chosen by 39% of participants. This involves systematically identifying, classifying, remedying, and mitigating vulnerabilities within OT systems. 

For vulnerability and risk management, it's important to identify vulnerabilities and assess their impact on operations for effective prioritisation and remediation. Since industrial assets often cannot tolerate standard vulnerability scanning, a solution is needed to match assets with known vulnerabilities accurately.

Additionally, there is a key set of areas organisations should be focused on as we progress into 2024 and beyond. Firstly, effective asset management is crucial. Due to the proprietary nature of industrial assets, standard inventory tools are often incompatible, making asset management challenging. Continuous monitoring and optimised workflows are necessary for keeping pace with emerging risks like outdated firmware and vulnerabilities.

Network protection is another vital area for focus. One of the best solutions to protect the network is to deploy Zero Trust controls such as network segmentation and secure remote access. Network segmentation breaks the network into small silos, limiting the impact of the attack and secure remote access is a blend of security strategies and tools implemented to safeguard an organisation's digital resources and prevent the leakage of confidential information. Given the unique nature of industrial networks, this requires specifically tailored policies and continuous monitoring for compliance and policy violations.

Lastly, given the inevitability of cyber breaches, threat detection is essential. This includes profiling all assets and processes in industrial networks and understanding proprietary protocols for effective security policy application. Integrating these capabilities with existing tech stacks bridges the IT-OT expertise gap.

6. Can you provide insights into what key strategies and considerations businesses should take to bolster their OT security posture in the coming years?

Adapting to the evolving challenges in OT security is paramount for businesses. The first step is establishing comprehensive visibility across all CPS in the OT environment. This task is complex due to the protective nature of CPS assets and the mix of new and legacy devices. Achieving this requires specialised security solutions capable of discovering a wide range of assets through various methods tailored to the unique aspects of each environment.

Integrating IT technology and workflows into the CPS environment is another critical strategy. Many organisations already incorporate IT-oriented solutions, including generative AI, into their cybersecurity programs. Effective CPS security solutions should seamlessly integrate with these existing tools, enhancing risk management without compromising operational integrity. This approach not only bridges gaps in governance but also promotes collaboration across traditionally isolated teams.

Finally, it is essential to extend IT security controls and governance to the CPS environment. Many CPS systems, designed primarily for functionality and reliability, now face new security challenges due to increased internet connectivity. Traditional “air-gapped” systems, which were not originally intended to be networked, are increasingly converging with IT networks. To address this, organisations must evaluate CPS security vendors that can extend IT controls to CPS, thereby unifying security governance and supporting the journey toward cyber and operational resilience.