Security for IoT Networks Needs to Reflect an OT Mindset

Security for IoT Networks Needs to Reflect an OT Mindset

The Convergence of OT, IoT and IT

Nozomi Networks was founded to address the particular cybersecurity requirements of industrial control systems and operational technology (OT) networks. OT networks are complicated by unique and proprietary network protocols and systems, with a range of vulnerabilities in mission-critical and legacy environments.

Fueled by automation and digital transformation, plus the widespread adoption of IoT technologies, pure operational technology (OT) environments no longer exist. Instead, they include many IT machines and distributed IoT sensors that strengthen visibility and system control.

Smart manufacturing, smart buildings, smart cities, smart grids, smart healthcare—all these verticals are leveraging IoT platforms and IT integration to respond to market needs faster and better, as well as to reduce costs.

As defenders and engineers who need to keep systems running securely and safely, it’s important to understand how the adoption of IoT impacts visibility and security for OT systems.

Comparing Classic ICS Systems and New OT/IoT Systems

For some, OT/ICS is a just a particular case of IoT, because they both safely monitor and control the performance of physical devices used by critical industries. While IoT devices interact with the physical world too, they are designed primarily to send data to the cloud and other IT applications, whereas OT has traditionally been segmented away from IT networks.

What OT and IoT have in common today is connectivity to the physical world and industrial processes. Let’s compare and contrast some of the security considerations:

  • Device types: OT features highly engineered devices like HMIs, SCADA Front ends, RTUs, PLCs, and IEDs. IoT is comprised of simpler and more diverse sensors, such as CCTV cameras, RFIDs, bar code readers, light bridges, etc. In this sense, cheap and poorly designed IoT devices are widely available on the internet, and the lack of security by design makes them more vulnerable than classic OT devices. Lastly, vendor maintenance might not be available over time, especially for consumer products and for security updates.
  • Device deployment/configuration: while IoT often offers self-configuration, OT frequently includes direct and complex configurations of individual components. Self-configuration also means less security hardening, and lower perception on the devices’ expected behavior.
  • Networking: OT networks tend to be highly segmented, such as the layers of the Purdue model that restrict and control network traffic between processes, limiting access or the spread of malware. As in a flat, open network, an IoT sensor can usually connect to every device in its surroundings, and the likelihood of penetrating into such a network dramatically increases, often including many other IT resources.
  • Data users: in OT, users are restricted to system owners and operators, while in IoT, for public systems, anyone can subscribe and be a user. As data access is given to anyone who authenticates, the attack surface is broadened.
  • Node resources: the environment where IoT nodes are placed is frequently not physically monitored. IoT nodes are supposed to run for a long time without a power source except a battery, which requires resource optimization to be more of a focus point than in OT. This can make them less hardened and more vulnerable to attack.
  • Baseline stability: the Nozomi Networks solution relies on certain algorithms for baselining the monitored network via machine learning. Such systems have to account for the higher degree of non-deterministic events in an IoT network. Factors such as:
  • increased connectivity to the internet
  • the use of cloud web services utilizing dynamic IPs
  • connection (disconnection) of new types of devices after the initial system deployment
  • higher rates of component updates, with successive behavior pattern changes
Digital transformation
Digital transformation is driving the need for more security around IoT devices to mirror OT requirements.

Nozomi Networks Addresses the Security Gaps Created by IoT Use

We adapted our products and services to help organizations close the security gaps created by the rapid adoption of IoT technologies. This includes:

  • Vantage, a new product that leverages the power and simplicity of software as a service (SaaS) to deliver unmatched security and visibility across your OT, IoT, and IT networks. Vantage allows for much larger scalability across multiple sites typical of IoT operations.
  • Asset Intelligence, a service delivering ongoing OT and IoT asset intelligence for faster and more accurate asset inventory and anomaly detection. It helps you focus efforts and reduce your mean-time-to-repair (MTTR), and includes modeling of IoT devices.
  • Adaptive Learning, a machine learning mode that takes into account the lesser predictability and higher variability over time of an IoT network, by triggering less and more relevant alerts.
  • Smart Polling, a powerful combination of active and passive asset discovery for enhanced asset tracking, vulnerability assessment and security monitoring. Its strategies cover typical IoT protocols as well the wide range of OT devices we have always supported.

Summary: One Solution for IoT and OT

It’s becoming increasingly important to unify security operations and visibility across your entire operation. There are critical differences between OT and IoT networks and devices. Only Nozomi Networks integrates unique features and approaches to consolidate and simplify security operations across these converged infrastructures. If you’d like to learn more about how we tackle OT and IoT visibility and security, just let us know.