Defending OT Networks: For on the Spot and by the IT Networks Around It
摘要
The security issues of OT systems are different from those of IT systems. The differences come from the nature of these systems and demand a different approach. First, traditional endpoint security solutions are not applicable, and we can’t rely on regular security updates, patching (neither the operating system nor other components). The lifecycle of a device/endpoint is much longer than “normal” IT systems’ components. Based on these, we should expect old, unpatched devices over an OT network. To prevent successful attacks against these systems, we must be able to detect the signs of intruders, the small and silent steps of the attackers. We can’t touch the devices themselves, but we can monitor and analyse the network traffic to achieve this goal, because the signs are there. As we see, to deal with OT systems from a security perspective is a hard task. We can’t use only our traditional mindset. We must adapt. But there is one other thing, we can rely on the fact that all the successful attacks against OT systems started on the IT level. And this is where we can be creative to make a harder attacker’s life—and this is what the second part of this paper is about.