A recent US government report warns that industry is leaving itself dangerously vulnerable to cyber attacks.
According to the Pentagon report, the American manufacturing industry is focusing its attention on cloud services, data management and other types of information technology (IT), while overlooking security of the supply chain, much of which runs on operational technology (OT).
The Pentagon is concerned about the defence industry in the US, but the issues they cover apply equally to all industrial and critical infrastructure enterprises. Power utilities, the healthcare industry and transport are among the sectors facing the same challenges around the world.
The crux of the problem identified in the 146-page report is that cyber security programmes are too often led by an IT approach. In reality, the operational constraints in industry sectors such as manufacturing, but also energy, healthcare and transport, among others, mean that an approach to cyber security is needed that also safeguards OT.
It is a global issue and the key is to understand the difference between IT and OT, two different but complementary technologies.
The primary focus of IT is data and its ability to flow freely and securely.
IT is fluid and has many moving parts and gateways, making it more vulnerable and offering a large surface for a greater variety of constantly evolving attacks. Defending against attacks is about safeguarding every layer, continuously identifying and correcting weaknesses to keep data flowing.
OT systems are designed for specific actions, such as ensuring that a generator is switched on or off, or that an overflow valve is open when a chemical tank is full. The primary focus of OT is ensuring the security and control of what in the past were usually closed systems.
Operational technologies ensure the correct execution of all actions. Everything in OT is geared to physically moving and controlling devices and processes to keep systems working as intended, with a primary focus on security and increased efficiency.