Operational technology (OT) and information technology (IT) have traditionally been kept separate in most cases, but now they are being integrated. OT controls processes that have physical impact, guiding equipment in manufacturing plants, pipelines, railways, and other infrastructure. Many components of OT are critical to public safety and global economic health.
IT generally refers to computing, networking, and managing information in organizations. Integrating IT with OT reduces costs, boosts productivity, and delivers competitive advantage. That is why, in a recent survey, three-quarters of OT organizations reveal they have made, at least, basic connections between the
two environments.2 The downside is that integrating the environments increases exposure to cyberattacks, with cyber criminals targeting IT networks to gain access to OT systems. Nearly 90% of OT organizations have reported a breach of their OT networks, and 56% have been breached in the past year.3 Attacks on power grids, shipping lines, steel plants, and other facilities are increasing.
The “air gap” between OT and IT has evaporated, and cyber threats pose a real challenge to OT organizations:
nearly three-quarters indicate they experienced a successful malware intrusion in the past year.1
Organizations must ensure their OT and IT security postures are ready for the most sophisticated attacks. To do this, a cybersecurity solution must cover the entire attack surface, share threat intelligence between security products, and automate responses to threats. This guide explains how Fortinet enables integration of IT with OT while increasing protection throughout the network. It spotlights how OT and IT are different, why they are converging, and how to address increased risk. It presents Fortinet cybersecurity solutions for OT and IT and outlines five best practices to protect a converged environment.
- Identify assets, classify, and prioritize value
- Segment the network
- Analyze traffic for threats and vulnerabilities
- Control access by users and devices
- Secure both wired and wireless access
This guide also reviews how elements of the Fortinet Security Fabric map to security controls in leading regulations. And it outlines an architectural framework for securing OT, correlated to the Purdue Network Model. It suggests next steps in a journey to a desired state for cybersecurity. Finally, an appendix maps OT security needs to Fortinet Security Fabric offerings.