Is OT Cybersecurity Really THAT Different from IT?

Without digital transformation and remote connectivity, businesses cannot be competitive in the 21st century and beyond. The world is becoming more connected every minute of the day. With the increase in ransomware attacks, coupled with increasing attack surfaces, cybersecurity is important now more than ever. According to a study in 2019, 90% of cyberattacks occurred via phishing. With so much on the line, such as classified information, legal fines, HSE damages, and loss of reputation, it is vital to be prepared. Cyberattacks are not about the “if”, but instead “when” they will occur. 

Industrial cybersecurity focuses on heavy machinery, which is much different than cybersecurity for general purpose computers. In an industrial cybersecurity event, it is not only money or data that is on the line but also safety, as this type of machinery can be dangerous if in the wrong hands (think Stuxnet). 

Two main types of cybersecurity include IT and OT. Though they are coming together in recent years, they are still very different. This blog describes the differences between IT and OT cybersecurity and how Nexus Controls is leading the way in OT cybersecurity solutions.

Information Technology (IT) and Operational Technology (OT) cybersecurity focus on different things. To put it simply—IT focuses on data, and OT focuses on process safety.

IT concentrates on day-to-day operations with IT departments on efforts like managing devices like landlines, mobile phones, laptops, modems, printers, and fax machines connected to corporate networks, external devices like USBs, as well as technical support. IT also concentrates on hardware—not only software. 

Examples of OT cybersecurity devices include Industrial Control Systems (ICS), Programmable Logic Controllers (PLCs), Next Generation Firewalls (NGFW), and Supervisory Control and Data Acquisition (SCADA). An ICS is a general term to describe hardware and software used in industrial processes. NGFW is part of the third generation of firewall technology. SCADA is system architecture made to monitor and control industrial devices. 

Compared to OT, IT devices have a shorter life cycle. The typical life cycle of IT devices is about two to five years, many times due to the non-availability of security patches from manufacturers. However, some of the OT plants can run on legacy control systems as old as twenty years. Because IT is more associated with connection to the internet, these devices are more prone to cyberattacks that compromise data. Ultimately, IT incidents are more common, and every organization needs this type of security to some extent to keep information secure and controlled.

OT cybersecurity uses hardware and software to focus on larger scale technology like turbines, power systems, heavy equipment, and other industrial machines. Previously, this type of machinery was not always connected to the internet, meaning they were not exposed to cyber threats. However, the more connected these systems become with digital transformation and need to collect sensor data for analytics and predictive maintenance, the more vulnerable they are to attacks. Traditionally, cybersecurity attacks used to be confided to financial and health sectors due to the high levels of payouts. However, in the recent times, attack vectors and attack frequency have shifted to the industrial sector since the impact and consequently the payout are much higher.

This heavy machinery is more destructive if in the wrong hands. Even small OT attacks can mean big monetary losses and even have damaging effects, such as power outages, natural gas leaks, or worse, death

Patching also looks different from an OT standpoint. Patching industrial equipment typically means that the entire industrial plant may have to shut down. Depending on the plant, this could mean problems that affect the general public, such as shutting down water treatment plants. This is why OT machinery rarely gets updated for years at a time.