Technology (OT) and information technology (IT) are different, but they must be managed and secured within a building operational framework. Over the years, OT systems have been physically segregated and managed apart from IT. However, many people choose to place them together on a single network. With that, building operators face new challenges in securing IT and OT within a single information and communications technology design. Here are a few points you need to consider to secure IT and OT in your smart building design.
Related: What is ICT? Information and Communications Technology
What Is Operational Technology?
While operational technology has been around for a few years, it has only achieved its own identity with a renewed focus on automation. OT refers to the network of software and devices used in the process control system. This type of device will hang off IoT networks to operate relays, sensors, and other single-purpose circuitry. For the most part, IT also supports specialized gear like relays and capture data to enable industrial equipment to perform specific tasks. Managing OT is provided by data acquisition software and supervisory controls. Like information technology, OT devices can be placed and left to function for many years without any problems. As long as the equipment is doing its job, these components may not need updates for a very long time.
Now that you understand the basics of IT and OT, learn a few tips to implement into your ICT design.
What Is Information Technology?
Out of these two technologies, IT is the most recognizable. It represents the critical infrastructure needed for data processing. IT is also the more advanced and mature of these technologies. IT systems are data-oriented, storing corporate data and making that information available to many applications and individuals. The role of IT is expansive and diverse, providing data to many departments within a company, such as payroll processing, human resources, sales, marketing, and customer support. IT uses those familiar computing system components, such as storage systems, servers, network equipment, and end-user devices. Over the past decades, IT has expanded to include mobile computing devices and cloud-based services.
Need help understanding the right information and communications technology design for your business? At C&C Technology Group, we have plenty of solutions for your network.
Consider Segmentation
IT and OT equipment often share the same physical network, but traffic flows are not always securely segmented. If you want to separate IT from OT systems on a wired Ethernet network, consider using access lists or network firewalls configured with separate switches or routers. For those IT and OT components that connect through WI-Fi, you may want to use different SSIDs to segment the OT and IT traffic. With that, one side will not affect the other.
Related: What is a Smart Building and How Will it Benefit You?
Use Granular Remote Access Controls
In a few situations, third-party managed service providers will be responsible for the upkeep and maintenance of all smart building technologies. With that, these partners will need to request remote access through VPN connectivity. That connectivity can allow the partner to manage and monitor the technology from anywhere in the world. There is no need to come to the site to make an upgrade or maintain the system. While remote access VPNs have been around for many years, they are often not very secure. In many cases, the access is wide open, allowing a third party to access the entire network instead of a particular subnet or IT/OT components.
As you can imagine, that can lead to a situation where the VPN credentials are compromised, leading bad actors to access the entire smart building’s infrastructure. In turn, open access allows anyone to compromise the whole network.
However, there are ways to counter these issues. Remote access configuration should use granular access controls that can limit the access of network components. Access will only be granted to certain OT or IT devices in a few situations. Additionally, access control lists must be created that allow users access to specific IP addresses while restricting all other network access types.
Related: Why Build a Smart Building? 3 Benefits to Recognize
Think About End-To-End Visibility
Cybersecurity can be challenging if you do not have the proper level of infrastructure visibility. At the very minimum, you need essential network monitoring that leverages ICMP, flow-based monitoring, and simple network management protocols. With that, you can monitor devices from an operational standpoint. You can use several tools to give better insights into the security of networks and devices. These tools can include security information and event management (SIEM), network detection and response (NDR), and security orchestration, automation and response (SOAR). These methods can help to collect security-related information, such as event errors, device logs, and network telemetry infections, that can be analyzed to identify any threats to the network.
Artificial intelligence is even helping to secure these networks. It can identify the root cause of issues and recommend how security personnel can quickly find any breaches in security.
IT Is More Secure Than OT
Unfortunately, there is a lag in security with OT, especially from a cybersecurity perspective. OT manufacturers have not focused on securing their components, which is one flaw that bad actors can exploit. With extra planning, OT can be just as secure as that IT equipment. However, if you fail to protect and secure OT equipment, it can lead to breaches with IT equipment, causing potential harm to your entire network.
IT and OT Work Together in a Secure Environment
While mingling both IT and OT equipment can save time and money, additional steps must be taken to ensure that all components, equipment, and networks stay secure. Special considerations must be made for these two different technologies. Focusing on one and ignoring the other can lead to significant problems down the road for your ICT design.
Are you searching for solutions to secure your data networks? At C&C Technology Group, we can help you find the right options for your business.
Last Updated on January 20, 2023 by Josh Mahan