What is OT, ICS and SCADA?

OT refers to operating technology. Gartner defines it as „hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events". 

Other terms commonly used in this area are ICSs (Industrial Control Systems). These are a key sector in the OT and often a heavy punt, as they are used, as the name suggests, to control large industrial processes, such as power plants. ICSs are often managed through SCADA (Supervision Control and Data Acquisition). So that exact SCADA cybersecurity is a focal point. Precisely because SCADA systems allow full control over the entire industrial process.

Convergence creates new risks

IT and OT systems have traditionally been separated but have grown together in recent years. OT systems are increasingly connected to the Internet, through more powerful communication networks within the critical infrastructure providers.

For example, a dashboard can be provided to managers to provide information about the performance of a power plant, operational changes (e.g. changes in load generation) and commercial decisions (e.g. the execution and pricing of purchase contracts) in real time.

This brings clear benefits, but also new risks. OT systems are no longer isolated and can no longer be isolated. Therefor cyberattacks are executed directly to IT-OT Systems, connected to the internet. These attacks thus have immediate physical consequences. If the organization is part of the critical national infrastructure, such an attack has an immediate impact on nationalsecurity.

The Challenge of OT Cybersecurity

The most important principles may be similar, but IT cybersecurity is considered much more mature and advanced than OT Cybersecurity. This is partly due to the fact that IT systems have been used much more frequently so far, that the risks have been better understood and that there are sufficient case studies on real attacks to ensure that the focus and understanding of how to deal with the risks available.

In the past, OT systems were physically isolated, and cybersecurity was not a priority until the recent convergence trend put them on the agenda.

There are significant overlaps and similarities between OT and cybersecurity, and OT cybersecurity can learn a lot from IT cybersecurity. Probably 80% of the threats are the same as for IT systems, but the other 20% are the biggest challenges. Some of the main differences are:

​​​​​​​

• The risk calculation is different. A successful OT attack can result in serious bodily harm or even death.
• For OT systems, the availability of services is often more important than confidentiality - whereas this priority is often reversed in traditional IT. Shutting down a system to stop an attack may not be an option for an OT system, and even installing updates to address known vulnerabilities may not always be feasible.
  Integrity is also more important than changing devices, given the potential safety-critical impact.
• The service life of OT systems is usually much longer than that of IT systems. Plants and machines can have a service life of 15 to 30 years, while IT systems are usually replaced every 3 to 5 years. Older systems are usually not designed for modern threats, and support and security patches are usually unavailable.
• Threat and attack models are different. Typically, the design of firewalls and security monitoring tools is based on characteristic indicators of IT attacks, e.g. OT attacks can happen undetected.