One of the foundational elements of the Fourth Industrial Revolution (Industry 4.0) is interconnectivity. This is the motivation behind the convergence of IT networks and OT environments. When devices, machines, and systems are interconnected via the internet, they can communicate and share data in real-time, and these abilities lead to many new benefits.

IT and OT convergence is very compelling to those in leadership roles in industrial and critical infrastructure organizations because it can improve efficiency, enhance productivity, reduce costs, increase operations visibility, lead to better decision-making, and more.

However, IT and OT leaders must be constantly aware that cybercriminals take advantage of the disruptions that happen with revolutions and even evolutions. Here are some of the serious challenges that come with IT and OT convergence:

• Most industrial control systems (ICS) lack security by design and are sensitive to change.

• The cyber-physical attack surface expands as OT air-gap protection diminishes.

• There’s an increase in the adoption of new technologies, such as 5G, IoT, Industrial IoT, and cloud.

• The remote access requirements for work-from-anywhere (WFA) users create additional risks.

• Asset owners’ reliance on OEMs and SIs exposes critical systems to additional threats.

• Asset owners must comply with existing and new industry-specific regulations.

To address these new challenges, organizations must deploy next-generation cybersecurity solutions that ensure the IT-OT convergence benefits are worth the risks. Some key components in the latest cyber defenses are OT risk management and OT threat detection.

OT Risk Management

Identifying, assessing, and mitigating threats to OT systems is called OT risk management. OT risk management falls under the umbrella of cyber-risk management. OT encompasses hardware and software that monitor and control physical processes and equipment in major industries like manufacturing, energy, utilities, transportation, and more. Because OT networks are essential to ensure the safety, reliability, and security of critical industrial processes and infrastructure, they must be bulletproof to cyberattacks.

OT Threat Detection

Having the ability to evaluate what can go wrong before it happens is critical to superior protection. OT threat detection using a single centralized device management tool is one of the best ways, if not the best, to use the latest data to safeguard an organization and its OT network. OT threat detection is the proactive protection that all critical infrastructure organizations need to prevent potential disasters and loss of life.

The Rationale for Implementing OT Threat Detection and OT Malware Prevention

Due to the severe implications that can come with intrusions and hacking of OT environments, governments worldwide have set standards and regulations to protect citizens, organizations, and institutions.

The following four documents from the National Institute of Standards and Technology (NIST) and the International Society of Automation (ISA) are good examples of the guidance that companies responsible for OT technology must comply with:

• NIST Cybersecurity Framework Detect – Security Continuous Monitoring

• NIST Cybersecurity Framework Respond – Mitigation

• ISA/IEC 62443-2-1:2009

• ISA/IEC 62443-3-3:2013

By implementing OT threat detection and OT malware prevention, organizations can better comply with requirements and meet the standards that governments demand.

Adding OT Threat Detection Capabilities via Endpoint Security

To fortify the efforts of OT threat detection, cybersecurity experts recommended employing an endpoint detection and response (EDR) solution that prevents, detects, and defuses threats while keeping IT and OT environments online and functioning. A strong and effective EDR component secures endpoints in real-time whether responding pre- or post-intrusion.

To best manage OT risks, visibility into all endpoints is a must. When an EDR solution detects an endpoint vulnerability, it should trigger an alert—a preferred choice in an OT environment, instead of automatically patching the endpoint. An EDR solution must prevent, detect, and defuse threats while keeping systems online across IT and OT environments.

By incorporating early detection and response, an IT team can elevate the organization’s security posture and reduce business disruption from threats. The best type of EDR solution includes key capabilities for protecting vulnerable OT endpoints, such as:

• Machine-learning-based next-generation antivirus

• Application communication control

• Automated EDR

• Real-time blocking

• Threat hunting

• Incident response

• Virtual patching capabilities

FortiEDR, the Fortinet endpoint detection and response solution, features all the above capabilities. It ensures high availability for OT systems, supporting multiple and legacy operating systems even amid a security incident or breach. FortiEDR leverages the Fortinet Security Fabric architecture and integrates with many Security Fabric components, including FortiGate NGFWs, FortiSandbox, and FortiSIEM.

The Benefits of Deception Technology in OT Threat Detection

Another essential component of a rock-solid cyber defense is deception technology. With the stakes for OT intrusion so high, it is vital to be prepared and proactive to limit the impact of an attack. FortiDeceptor is a solution that uses decoys or honeypots that can easily be deployed in IT and OT networks. By rolling out decoys that mimic real digital assets on the network, FortiDeceptor can lure attackers who are in the reconnaissance phase of an intrusion. Once the intruders attack the decoy, their activities can be monitored and analyzed in real-time. Then, the analysis can be used to create a mitigation and remediation response to safeguard the organization’s digital assets.

FortiDeceptor is so effective because it can mimic jump servers, human-machine interfaces (HMIs), engineering and operator workstations, and programmable logic controllers (PLCs) in ICS and OT networks. Inside IT networks, FortiDeceptor can emulate typical IT services such as RDP, SSL VPN, and more.

FortiDeceptor also features an asset discovery feature that works in IT and OT networks. It generates a network asset inventory using passive network sniffing for network threat visibility and automating decoy deployment. FortiDeceptor also supports MITRE ATT&CK for ICS framework—both as an independent dashboard and inside the incident alert itself—to provide better visibility to incident alerts in the ICS network.

How Fortinet Helps with OT Risk Assessment and OT Risk Management

As a leader in cybersecurity, Fortinet is at the forefront of protecting operational technology. The solutions that we provide organizations to fortify their security posture are:

• FortiGate is a next-generation firewall providing security control and policy enforcement.

• FortiClient is network and endpoint management software for OT endpoint security and zero-trust network access (ZTNA).

• FortiEDR is an endpoint detection and response solution that offers automated endpoint threat detection, protection, incident response, and forensics.

• FortiSandbox is advanced persistent threat detection and protection.

• FortiDeceptor provides honeypot deployments to trick, expose, and eliminate threat actors before damage is done.

• FortiGuard Labs is an organization that provides real-time data and mitigation on threats, vulnerabilities, and zero-day exploits.

• Fortinet Cyber Threat Assessment reveals known vulnerabilities and gets facts about network security.

Figure 1: Diagram of how Fortinet solutions employ OT risk management