Does the organization comply with standards and laws and regulations?

More and more organizations are becoming aware of the need to monitor Operational Technology (OT) network traffic. Often the focus is on detecting anomalies in the network traffic of the OT environment. After creating a so-called blueprint of the default and expected network traffic within the OT environment, all network traffic is compared against this blueprint and anomalies are reported. Because OT environments (which include Industrial Automation and control systems such as building control systems) are often static, this is a good way to gain insight into deviations in network traffic. This is also called anomaly detection.

OT Monitoring

More than anomaly detection

However, people expect more than that from a professional OT monitoring solution. Organizations no longer only want to see deviations in the regular communication, they also expect other functionality. For example, companies also want insight into the quality of the communication, because this enables them to solve possible connection or configuration problems. They also increasingly expect support for asset management, something that a good OT monitoring solution can contribute to. “It is evident that an OT monitoring solution needs to understand the protocols specific to an OT environment flawlessly ” say Marcel Jutte, Managing Director of Hudson Cybertec, “Solutions built for IT environments do not recognize and process these OT protocols, which also prevents a correct interpretation of the network traffic.” Therefore, a solution developed entirely from an OT perspective is essential!

Laws and regulations concerning OT

Companies are making more and more demands on OT monitoring, because more and more is asked of them in the area of cybersecurity. Laws and regulations regarding the digital resilience of the critical infrastructure are changing and being tightened. Companies in the vital infrastructure are designated as OES (Operators of Essential Services) or DSP (Digital Service Provider). They have a reporting obligation for cybersecurity incidents and a duty of care for cybersecurity. This simply means that they must have their digital resilience demonstrably in order. These organizations often use standards such as IEC 62443, BIO, VEWIN or CSIR to similar. In this way, they ensure that they manage cybersecurity in a consistent and responsible manner, take the right measures to increase digital resilience and work demonstrably in line with laws and regulations.

Gamechanger

OT Insight logo

A real gamechanger in the playing field of OT monitoring is OT Insight. Of course this OT monitoring solution offers the standard functionality that other solutions do. But what makes this solution so unique is that the monitoring platform also detects deviations in previously mentioned standards and reports to the asset owner. Jutte explains: “We mainly have customers in the critical infrastructure. They have to comply with these laws and regulations. OT Insight is an ideal solution for them. But also companies that do not fall under the Wbni see the importance of these standards and the great advantages of this solution.” With OT Insight, at a glance you can see the degree of compliance with the various standards frameworks on a clear dashboard. In addition, organizations can easily see in which areas a framework is not (or no longer) being met and where actions are needed. A notification is sent as soon as a deviation is found, so that timely action can be taken. Detailed information is available with a simple mouse click. Other unique features are that it is an entirely Dutch-German development and that the platform is completely modular and hardware-independent. “For the security of the Netherlands it is important that companies have access to a completely European solution. Companies should not only depend on technology from non-European countries for cybersecurity,” Jutte clarifies. This trend can also be seen in the telecom sector, for example, where equipment from certain countries is banned to prevent possible espionage on the telecom network.

Stakeholders and increasing integration of systems

Therefore, companies need a locally built custom solution. Each organization has specific requirements in terms of digital resilience. Also within an organization, different stakeholders have different interests. The right information is presented by OT Insight in a way that is relevant to the target group, through dashboards specifically created for that function. An OT monitoring solution like OT Insight helps organizations with their challenges of making and keeping the OT environment digitally resilient. In an environment where integration of all kinds of systems on the technical network is increasing, this is not a luxury, but a necessity. Especially now that building-related systems such as access control systems, climate control and even alarm systems for fire and intrusion are increasingly being accessed on the same network, it is important to obtain clarity about what is happening and whether all these different systems can interact in a safe manner at all. Jutte concludes: “Ultimately cybersecurity is also largely about insight. Only when you know what is happening in your OT environment can you really be in control.”

Source: OTAR, April 2021

HUDSON CYBERTEC

In the spotlight

Monitoring your OT environment is essential. You know what is happening on your network and see to what extent you are compliant with various cyber security standards and laws and regulations.

IEC 62443 Standard

The IEC 62443 standard offers your organization tools to improve the digital security and safety of your IACS environment. Implementation of the standard improves the cybersecurity level of your organization's OT / ICS / SCADA environment.

The IEC 62443 is the international cybersecurity standards framework for operational technology (OT). The framework consists of a collection of standards, technical reports and related information for securing Industrial Automation and Control Systems (IACS).

read more

Hudson Cybertec’s IEC 62443 Competence Center has extensive experience with this standard. We play an active role in the development of the standard, actively promote it internationally and have developed a training program around the IEC 62443.

read more

It is becoming increasingly important for organizations to be able to demonstrate that the digital security of the OT environment is in accordance with standards frameworks. It is therefore possible to certify (parts of) your IACS environment according to IEC 62443.

read more

If you want to know more about this standard and need training on how to apply it within your own organization or at your clients, Hudson Cybertec has a number of very interesting training courses for you.

read more

The IEC 62443 standard provides organizations with tools to improve the digital security and safety of OT / ICS / SCADA environments.

read more

How digitally safe is your organization?

Curious about the possibilities? Please contact us!

Contact us

Newsletter

Sign up for our newsletter. We will keep you posted on the latest developments in our cybersecurity services.

  • This field is for validation purposes and should be left unchanged.