“We’ve had a disruptive year this 2020 due to COVID. Similarly, to IT and OT, we have seen [a] fragmented approach recently. We’ve also seen digital transformation which has led to a huge complexity and created huge security gaps that needed a really new approach”, said Joe Sarno, SVP International Emerging & APJ, Head of OT, Fortinet, as he formally opened the virtual Fortinet Secure 2020 conference.
In his session on ‘Innovation Through Disruption’, Joe explained that this disruption in businesses can generate innovation, and digital innovation is driving the integration between IT and Operational Technology (OT). This reflects the fact that business leaders are now asking for more analytics and information coming from their plants, power grids and manufacturing floors.
Joe explained that this disruption is affecting every single industry in the market, especially five industries that heavily rely on OT – manufacturing, oil & gas, power & utilities, smart infrastructure and transportation & logistics – which are also the focus of the event.
Continuing the discussion, Dale Peterson, OT Industry Evangelist - Industrial Control Systems (ICS) Expert, spoke about how the OT cybersecurity technology has evolved over the years, impacted by disruptive technologies.
He explained that while it is often assumed that security or network technology won’t gel with ICS or OT, what people have found over the years is that notion just isn’t true in most cases. As an example, he mentioned that in the 1990s, the Ethernet and Windows would not work in ICS but now they are everywhere.
Another instance is that industrial companies thought that products in virtualised platforms would fail, but today almost every vendor is urging their customers to run their computers virtualised. More recently, the cloud has also been a major disruptor. For example, Dale said we are now seeing many industrial organisations leveraging things like predictive maintenance, efficiency call outs and limited closed-loop control, which the cloud is providing.
According to Dale, such disruptions are inevitable, and yet they are not something most people and organisations take to naturally. But if they are to take on these disruptions in their stride and continue to innovate, “defence-in-depth security” is becoming a necessity, especially with rising cyber threats that would not only cause an outage but also physical damage and even loss of life, environmental incidents and other risks.
Antoine D'Haussy, OT Business Development Director for Fortinet, then explained the company’s approach to OT defence. According to Antoine, “The more we optimise our plant process, the more we break the isolation of our industrial control system – and this is a disruption for OT security experts because we increase the surface of vulnerability”.
He added that cyber threat actors are taking advantage of all this disruption. First, there is now an increasing digital attack surface as new edges in computing expand within an organisation. There are also sophisticated threats such as breaches and ransomware that costs companies valuable money and resources.
Today’s digital ecosystem is also getting more and more complex, as there are too many vendors and security alerts but not enough skilled people to address such threats. Lastly, there are compliance and regulations that are more stringent which businesses should adhere to in deploying their security.
“All this can be addressed with our Fortinet Security Fabric solution, directly or together with our tech alliance partners. Another key is our FortiGuard threat intel protection. It will enable all these products to speak the many different industrial protocol languages and also protect against OT vulnerabilities”, added Antoine.
The Fortinet Security Fabric delivers solutions in five key areas: zero-trust access, security-driven networking, dynamic cloud security, AI-driven security operations and the alliance ecosystem.
Antoine ended the session by saying that organisations should start with architecture and critical use cases, having deep OT visibility, secure remote connectivity and centralised security management – all of which Fortinet can provide.