Knowledge OT Security – An Essential for Overseas Locations and Factories: Introduction to Risks and Specific Countermeasures

OT (Operational Technology) security refers to security measures designed to protect industrial control systems, known as OT systems. The importance of OT security has been influenced by the rapid progress of digitization and the shift to smart factories. Conventional OT systems are built and operated based on the design concepts from the time of factory establishment and are not designed with security as a top priority. As a result, many factories continue to operate legacy systems designed more than 10 years ago, and security vulnerabilities have become a significant issue.

In addition, the integration of IT and OT systems is accelerating due to the recent shift towards digitalization and smart factories. However, as supply chain systems become connected to cloud services, various devices are networked, leading to a surge in cyber security risks.

From a risk management perspective, OT security measures are essential to protect companies and production facilities from attacks that target system and OS vulnerabilities.

To achieve OT security, it is necessary to understand the risk factors unique to overseas locations and OT environments.

In an OT environment (factory), the availability of the production system is of utmost importance, so unlike in an IT environment, it is difficult to respond quickly in the event of a cyber-attack, and there is a risk of increased costs due to system outages. 

In environments where availability is critical, it is not uncommon for older OSs and systems to continue in use, making it challenging to apply the latest security patches. This can result in unchecked vulnerabilities, leading to unrecognized security risks.

Many legacy systems that have been in use for many years are not up to date with the latest cybersecurity standards. If they continue to operate without resolving vulnerabilities, they become easy targets for cyber-attacks and can lead to severe damage, such as being used as entry points for attacks targeting headquarters.

In addition, many OT systems are not designed for network connectivity and may not be able to utilize current IT security tools as they are. For example, indirect methods such as virtual patching must be used to address vulnerabilities.

OT systems provide real-time control and monitoring, so system delays and failures can seriously affect safety as well as the entire production line. For example, system delays caused by cyber-attacks can directly impact people's safety, especially if the control systems of power grids and transportation infrastructure are attacked.

Uniquely designed systems based on each country's laws and regulations can undermine consistency in OT security.

Headquarters need to bridge the gap between global standards and the situation at each location while considering the security measures and standards required at each location.

Cyberattacks on OT systems at individual sites can potentially spread throughout the entire supply chain. Particularly in supply chains where interactions with business partners are the primary focus, there is a risk of significant impact not only on that company but also on others.  

For example, in the case of an incident at an automotive company, a major supplier was the target of a cyber-attack that halted production at all its plants because they were connected through the supply chain system.  

To minimize risks, it is essential to establish a rapid response system and continuously update devices and systems connected to the supply chain to keep them up to date.

For OT security, there are international guidelines and frameworks that aim to eliminate risks specific to the OT environment. In particular, the “NIS2 Directive” developed by the EU has established important standards.

Article 21 defines 10 key basic policies, including risk analysis and incident response systems, backup and vulnerability management, supply chain security enhancement, and multi-factor authentication (MFA).
Of all the measures, a risk assessment based on “risk analysis and periodic risk assessment” according to the characteristics of each location can help visualize vulnerabilities and security gaps and prioritize measures to address them.

In line with the “Standardization of Incident Response and Development of a Rapid Action System,” setting global response standards at the headquarters and establishing a system that allows for immediate local response at overseas locations will prevent delays in response due to time differences and distance.

By following the above guidelines, the “cyber resilience” of the entire enterprise can be enhanced by reducing the risk of system outages, production delays, and spillover to the supply chain in the OT environment. In addition, improved coordination and governance among locations can serve as a foundation for ensuring consistency in the global security structure. Please refer to the following article for more details.

To strengthen OT security, it is vital to implement a combination of several specific measures based on the guidelines. Some key points that should be addressed are listed below.

Clearly separate OT and IT systems to limit the impact of cyber-attacks. For example, the production line and administrative departments can be separated using firewalls and security gateways to control access, thereby increasing the level of security.

Keep the number of users with remote access to the minimum necessary, and for those remote accesses that are allowed, implement multi-factor authentication (MFA) to reduce the risk of unauthorized access

For OT systems, including legacy systems, it is crucial to perform periodic vulnerability scans and apply patches only when they are deemed essential. For legacy systems that are difficult to update, it is recommended that alternative measures be implemented to complement the vulnerabilities, utilizing virtual patching and network segment isolation.

In addition, equipment and systems connected to the supply chain must be kept up to date to prevent the risk of cyber-attacks spreading through the network.

To minimize damage from cyberattacks, it is vital to develop a mechanism to monitor the network and detect abnormal behavior early. For example, IDS (Intrusion Detection System) or IPS (Intrusion Prevention System) can be introduced to monitor traffic in real-time and detect signs of anomalies.

Furthermore, a company-wide incident response flow should be formulated, and a consistent response policy should be presented in a form overseen by the headquarters. At the same time, prepare an incident response manual tailored to the laws, regulations, and business processes of each location, and establish a system that enables prompt initial response and recovery work.

Based on the premise of “trust no one,” implement a “zero-trust” model that verifies all access inside and outside the network. This model, which always enforces authentication and verification for users and devices inside and outside the network, will be used to protect critical systems in an OT environment.

Creating a zero-trust environment improves OT security and contributes to building security that is resistant to attacks from within.

There are a wide variety of measures to strengthen OT security, and it may be difficult to achieve all of them at once. It is important first to conduct a risk analysis to understand the current situation, then check the status of each location and production facility and take priority and step-by-step measures starting with the most important areas and sections.

If it is difficult to handle in-house, requesting an outside vendor can be an effective solution.

Strengthening OT security is an essential initiative for companies to remain competitive and build credibility in the global marketplace. Appropriate security measures tailored to each location's OT environment can help protect systems and production facilities from external threats.

Furthermore, in today's world of IoT proliferation and integration of IT and OT, dealing with security risks is becoming increasingly complex. To address the current challenges, a security strategy that combines global standards with local requirements for each location and integrates vulnerability management, monitoring, and incident response systems is essential. In today's rapidly changing world, companies need to continuously review and strengthen the framework that protects their systems and facilities while responding quickly and flexibly.