Skip to main content

Topic

Operational Technology (OT) security

Operational Technology (OT) security refers to the vulnerability and protection of hardware and software systems that control and monitor physical systems. OT, often embedded in Industrial Control Systems (ICS), is prevalent in the critical infrastructure and industrial sector, such as powerplants, water installations, manufacturing factories, and so on.

Up until recently, the OT systems and IT (Information Technology) networks operated in separate domains. However, as part of the Smart Industry 4.0 revolution, the OT sector does not remain untouched by the accelerating digitalisation. While OT and IT networks are becoming increasingly interconnected, the threat landscape within which the critical infrastructures and industrial sector operate is changing.

Along with the convergence of OT and IT, possibilities of remote control and networked OT, the cybersecurity risks grow. If an ICS is hacked, this can pose serious threats to society. For example, if the ICS of an industrial system within a power plant is hacked, the attack could result in a widespread power outage. Without electricity, systems and devices, lighting and other (industrial) processes could be shut down. You can read all about it in the HSD Report: Implications of OT and IT Integration for Cyber Security.

Community of Practice (CoP)
HSD has set up an OT-Security Community of Practice (CoP) to navigate the changing cyberthreat landscape in which OT operates. The CoP is a collection of experts operating within the OT-security field that gathers once every two months and actively engages in sharing knowledge, skills, and security solutions. The group includes experts from the public and private sector, as well as those from knowledge institutions. Besides the actively involved experts, the CoP is establishing concrete ties with the different sectors that work daily with OT. This approach allows for the inclusion of different perspectives.

The Community of Practice aims to put OT-security on the agenda by increasing cybersecurity awareness, establish best practices, and develop and share tools and research. Every thematic session starts with a presentation held by one of the involved parties, during which a certain OT-security topic is explored in depth. Afterwards the floor is open for any issue or update the other parties might have. As such, new participants, ideas, and initiatives are always welcomed by the CoP.

Tools
There are a couple of tools available:

  • The Digital Trust Center (DTC) has developed a “Security Check Process Automation”. This tool allows you to check how vulnerable your Industrial Control Systems (ICS) are. After completing the Security Check, you will receive a practical checklist with effective ICS security measures. Complete the check now.
  • Looking to increase the cyber security awareness of your team? Thales has developed a Cyber Escape Room! This Escape Room is a real-life team-based game in which players solve a series of puzzles and riddles within a limited time frame. The game is intended to increase cybersecurity awareness in a fun and playful way. Check it out! 


Get in touch!
Would you like to know more about the OT Security Community of Practice, are you an OT-security expert or is your sector practically working with OT? Get in touch by sending an email to: bert.feskens@thehaguesecuritydelta.com