More and more organizations are becoming aware of the need to monitor Operational Technology (OT) network traffic. Often the focus is on detecting anomalies in the network traffic of the OT environment. After creating a so-called blueprint of the default and expected network traffic within the OT environment, all network traffic is compared against this blueprint and anomalies are reported. Because OT environments (which include Industrial Automation and control systems such as building control systems) are often static, this is a good way to gain insight into deviations in network traffic. This is also called anomaly detection.
More than anomaly detection
However, people expect more than that from a professional OT monitoring solution. Organizations no longer only want to see deviations in the regular communication, they also expect other functionality. For example, companies also want insight into the quality of the communication, because this enables them to solve possible connection or configuration problems. They also increasingly expect support for asset management, something that a good OT monitoring solution can contribute to. “It is evident that an OT monitoring solution needs to understand the protocols specific to an OT environment flawlessly ” say Marcel Jutte, Managing Director of Hudson Cybertec, “Solutions built for IT environments do not recognize and process these OT protocols, which also prevents a correct interpretation of the network traffic.” Therefore, a solution developed entirely from an OT perspective is essential!
Laws and regulations concerning OT
Companies are making more and more demands on OT monitoring, because more and more is asked of them in the area of cybersecurity. Laws and regulations regarding the digital resilience of the critical infrastructure are changing and being tightened. Companies in the vital infrastructure are designated as OES (Operators of Essential Services) or DSP (Digital Service Provider). They have a reporting obligation for cybersecurity incidents and a duty of care for cybersecurity. This simply means that they must have their digital resilience demonstrably in order. These organizations often use standards such as IEC 62443, BIO, VEWIN or CSIR to similar. In this way, they ensure that they manage cybersecurity in a consistent and responsible manner, take the right measures to increase digital resilience and work demonstrably in line with laws and regulations.
A real gamechanger in the playing field of OT monitoring is OT Insight. Of course this OT monitoring solution offers the standard functionality that other solutions do. But what makes this solution so unique is that the monitoring platform also detects deviations in previously mentioned standards and reports to the asset owner. Jutte explains: “We mainly have customers in the critical infrastructure. They have to comply with these laws and regulations. OT Insight is an ideal solution for them. But also companies that do not fall under the Wbni see the importance of these standards and the great advantages of this solution.” With OT Insight, at a glance you can see the degree of compliance with the various standards frameworks on a clear dashboard. In addition, organizations can easily see in which areas a framework is not (or no longer) being met and where actions are needed. A notification is sent as soon as a deviation is found, so that timely action can be taken. Detailed information is available with a simple mouse click. Other unique features are that it is an entirely Dutch-German development and that the platform is completely modular and hardware-independent. “For the security of the Netherlands it is important that companies have access to a completely European solution. Companies should not only depend on technology from non-European countries for cybersecurity,” Jutte clarifies. This trend can also be seen in the telecom sector, for example, where equipment from certain countries is banned to prevent possible espionage on the telecom network.
Stakeholders and increasing integration of systems
Therefore, companies need a locally built custom solution. Each organization has specific requirements in terms of digital resilience. Also within an organization, different stakeholders have different interests. The right information is presented by OT Insight in a way that is relevant to the target group, through dashboards specifically created for that function. An OT monitoring solution like OT Insight helps organizations with their challenges of making and keeping the OT environment digitally resilient. In an environment where integration of all kinds of systems on the technical network is increasing, this is not a luxury, but a necessity. Especially now that building-related systems such as access control systems, climate control and even alarm systems for fire and intrusion are increasingly being accessed on the same network, it is important to obtain clarity about what is happening and whether all these different systems can interact in a safe manner at all. Jutte concludes: “Ultimately cybersecurity is also largely about insight. Only when you know what is happening in your OT environment can you really be in control.”
Source: OTAR, April 2021