Be Ready: How to Defend the OT Against Cyberattacks

Hackers are stealthily moving from IT to OT environments, and the threat of a large-scale calamity looms in an increasingly digital world. OTORIO has developed an OT cybersecurity solution that identifies network vulnerabilities, provides a pathway to risk mitigation, and enables channel partners to offer value-added services.

 

Image credit: OTORIO

Cyberattacks make headlines for their devastation and disruption, and their increasing frequency highlights how vulnerable operational technology (OT) infrastructure can be. With the growth of Industrial Internet of Things (IIoT), more devices are connected in IT and OT environments. While that provides invaluable network insight, it can leave a company’s business at risk.

Operational technology refers to all technologies that enable the day-to-day operations of critical infrastructure, including manufacturing, energy, water, and chemical facilities. Advanced hackers not only can acquire sensitive information from IT networks, but they also can disable OT systems. Breaches in the OT environment can lead to shutdowns in critical infrastructure, which can have disastrous results.

 

The Silent Attacker

“The difference between OT and IT is that OT is life- or mission-critical,” says Nick Donaldson, vice president of partners & channels at OTORIO, an industrial cybersecurity developer based in Israel. “Critical infrastructure can’t halt for a patch, upgrade, or cyberattack, and companies often don’t realize their network’s vulnerability.

“Many of the attacks in big companies start in the IT environment, in an HVAC machine or an old Windows machine plugged into the factory floor,” Donaldson says. Hackers gain access and can infiltrate the organization, often undetected for weeks or months.

“OTORIO has developed an industrial cyber security solution to protect OT environments that give companies good “cyber hygiene,” Donaldson says. OTORIO’s solution takes a three-pronged approach, allowing companies to use just one tool for the job or any combination of all three.

ReconOT automatically discovers a company’s assets in the same manner as an external nefarious attacker might see them and determines the risk level of the network. The spOT tool assesses each IT, OT, and IIoT asset and checks network compliance based on safety regulations and security standards, such as NIST, IEC62443 or NERC-CIP. 

The RAM2 pulls together all that information and creates a digital network twin. It then simulates security breaches to identify network vulnerabilities. RAM2 compares security events with potential risks and traces them back to operational processes to identify risk patterns. It also determines the most effective fix and provides a step-by-step roadmap to mitigate those risks, enabling companies to secure the network before an attack proactively.

Image credit: OTORIO

Partners Against Crime

The OTORIO solution automates the risk assessment but doesn’t perform the mitigation. That presents an opportunity for channel partners to build up their cybersecurity services. Systems integrators can perform the asset audit, and compliance testing then follows the workflow plan to address the vulnerabilities and shore up network security.

“Our system integrators and consultants can do compliance testing more quickly,” Donaldson says. “Risk assessments that took three weeks can be accomplished in one. System integrators can offer compliance testing as a one-time service, or they can return at regular intervals to ensure OT network compliance and security. They can also provide 24/7 monitoring for high-risk environments”.

OTORIO is working with Arrow Electronics to bring industrial cybersecurity to its customer base. “Our relationship with Arrow expands our solution outside our core hardware and software stack,” Donaldson says. “We make them more relevant to their customers, so the [added] value is higher for Arrow. They bring to us scale.”

  • Learn more about Otorio.
  • Watch the video to see how Otorio RAM2 works. 
  • Find out more about Arrow Edge Cybersecurity services. 

 

Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.

Find Intel® IoT Market Ready Solutions

Search the Intel® IoT partner ecosystem and discover 130+ end-to-end IoT solutions.

Become a Member of the Intel® Partner Alliance

If you are delivering repeatable and scalable IoT offerings using Intel technology, the Intel® Partner Alliance program gives you more opportunities to build your business. Get started.