Understanding OT-Native Cybersecurity
Dave Purdy, OT Cybersecurity Specialist at TXOne, was recently interviewed by ARC’s Vice President, Cybersecurity Services Sid Snitkin at the 2023 ARC Forum, held in Orlando, Florida. We encourage you to view this valuable discussion, as they touched upon the growing importance of understanding OT as a situation unique from IT, especially as IT/OT convergence marches ahead, and where TXOne Networks fits into the market for OT solutions.
What Is OT-Native Cybersecurity?
“We are decidedly focused on the OT side of this,” Dave Purdy stated clearly. “We don’t try to straddle the IT/OT side of that domain. We understand we need to co-exist with IT, but we are focused on operational technology,” he said, referring to an array of security needs that TXOne Networks’ OT-native solutions were designed to meet.
OT-native solutions are those that were designed and built specifically for the realities, situations, and needs of OT environments. The industrial settings of OT cybersecurity present very different priorities, physical environments, and attack surfaces than IT security deals with. That’s why simply adapting IT solutions into OT networks is challenging and insufficient. But it must be a team effort. “IT and OT must work together to strengthen OT cybersecurity,” he says. “And IT stakeholders should be champions of monitoring OT environments and surfacing threats.”
How IT and OT Can Converge on Security
“Companies don’t want to build an OT security operations center and an IT SOC,” Dave said. And he does not believe they’re converging in the sense of the technology stack. While any number of excellent IT-developed solutions exist, they’re focused on confidentiality, not the continuous operation of complex machines and devices in a physically safe environment.
“In the OT security space,” he says, “it’s around human safety, the availability of the operation, quality of the product, and then confidentiality.” With such different design parameters, IT/OT convergence happens most effectively at the management layer. “I don’t think they come together from the software solution stack,” he states.
But he strongly believes OT needs to take the lead in several key areas. “On the OT side,” he says, “we need to provide real-time preventative measures, visibility, and threat detection. Threat response is not adequate.”
The Importance of OT-Specific Expertise
One of the challenges facing OT cybersecurity is a critical shortage of genuine OT security expertise and the consequent confusion and false assumptions about OT security requirements. TXOne is investing vigorously in R&D efforts to help address the issue.
For example, TXOne currently recognizes more than 200 industrial control system protocols to support ICS cybersecurity. “And because we have that deep level of understanding, and we know that the OT practitioners don’t really have the time or wherewithal to sift through what we see in their industrial setting, we’ve developed AI and machine learning algorithms to run in monitoring mode for a period of time plant operators are comfortable with.”
A shortage of expertise also means the unique threats of OT environments and how they differ from IT environments are not as widely understood as they should be. Dave feels that a clear understanding of the threat landscape within an OT setting is essential to be effective but knows it doesn’t always come easily. “That’s a journey,” he acknowledges, but adds that “the financial stakeholders and organizations need to understand the threats, so they make the investments.”
He also finds a notable amount of marketplace confusion about OT-specific solutions and IT-specific solutions being passed down into the OT layer, cited in a number of the breakout sessions held during February’s 2023 ARC Forum. He bemoans continued confusion between the IT and the OT stakeholders. “The IT folks can’t solve this problem in a vacuum. So we spend a lot of time trying to bring those two worlds together,” he says.
The Need for Partnerships
“I absolutely won’t tell you we can solve all the problems and I absolutely recognize the value of partners,” Dave said, absolutely emphatic on the topic. He described two ways to look at partnerships for OT solutions, including OT specialists and channel professionals who can help communicate TXOne’s value in the marketplace.
“More importantly,” he says, they have invested considerable time certifying and onboarding the OT personnel that actually walk the floor, “the people that work during Christmas shutdown, work during the Fourth of July shutdown.” TXOne works to support these industrial heroes because their software and hardware OT cybersecurity solutions must be introduced into environments during planned preventive maintenance shutdowns, often on holidays, so operations are more secure when they resume with effective OT-native solutions.”
Originally this article was published here.