Operational Technology (OT): Protecting Critical Systems in a Connected World

In recent years, the convergence of Operational Technology (OT) and Information Technology (IT) has become increasingly important.

What is OT?

OT is defined by the NCSC as "technology that interfaces with the physical world and includes Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS)." Securing these systems, given they are part of our critical infrastructure, is imperative.

The Rockwell Automation Warning

Rockwell Automation, a leading OT vendor, issued a critical warning to administrators: disconnect ICS (Industrial Control Systems) devices not designed for online exposure from the Internet. This warning comes in response to the rising global cyber threats targeting OT systems. Here are the key takeaways from Rockwell’s guidance:

1. Keep ICS Devices Offline: Rockwell advises keeping ICS devices offline whenever possible. Unlike traditional IT systems, which often require internet connectivity, OT systems tend to operate in a different manner. They handle repetitive processes and may not need direct internet access.
2. Segmentation of IT and OT Assets: Separating IT and OT assets is crucial. Implementing techniques such as VLANs, firewalls, DMZs, data diodes, and air gaps ensures that OT systems remain isolated from external threats.
3. Inventory Management: Just like in IT, maintaining an inventory of OT assets is essential. Without proper asset management, it becomes challenging to apply consistent changes across the environment.
4. Remote Access Control: Limit remote access to OT sites or plants. The restricted nature of OT access paths makes controlling remote connections vital for security.
5. Patching and Malware Scanning: While patching is necessary for OT systems, it also introduces risks. Ensure that devices used for patching are secure and free from malware.
6. Business Continuity Planning: Having robust Business Continuity Plans (BCPs) for OT operations is crucial. In case of downtime, a well-prepared plan ensures a faster recovery.

The Uptick in Threats

The threat landscape for OT systems has intensified. Threat actors increasingly target these critical infrastructure components. Whether it’s state-sponsored attacks, hacktivist groups, or cybercriminals, the risk to OT systems is real. Organizations must be proactive in safeguarding their OT assets.

Some recent stats from the Dragos 2023 year in review report have highlighted this.

How Brit can help?

Our Consortium (BCAP) is designed to bridge the coverage gap which typically exists between cyber insurance policy language and that provided by an all-risks property policy.  We have a range of client centric solutions designed to help clients understand their exposures and marry them up to a risk transfer solution.

This coverage gap exists because:

1. A typical cyber policy excludes damage to physical property (such as buildings and materials).
2. Many all-risks property policies exclude cover for cyber-triggered losses altogether or else provide only limited coverage (e.g. for non-malicious events and/or physically damaged data processing media only).

BCAP is made up of Lloyd’s markets led by Brit Syndicate 2987 – Offering broad comprehensive cyber coverage including cyber triggered Physical Damage and Business Interruption.