Figure 1: OT network segmentation1
The increased number of IT and OT systems expands the cyber attack surface. This makes risk management, network audit, and visibility difficult and creates a serious potential for attackers to bypass defenses without being observed.
OT network segmentation can prevent threats and attackers from freely traversing the OT network. This research identifies challenges and impacts OT practitioners face and provides a path for protecting OT systems in an ever-changing threat environment.
Read more: Top 10 insider threat management software.
What is OT network segmentation?
OT network segmentation is a critical security strategy to prevent attackers and unauthorized users from accessing vital and sensitive data and equipment on operational technology networks.
Why is OT network segmentation important?
Understanding the types and methods of attacks on operating systems is crucial for developing effective defenses.
”Cyberattacks on OT systems can have serious and highly damaging consequences, as attackers may incapacitate critical infrastructure such as water plants, fuel pipeline facilities, supply chains, and power grids.”3
The quote explains why business leaders have identified cybersecurity risk as the greatest threat to their organization’s growth.4OT security network segmentation reduces the possible effect radius of a cyberattack and allows for faster incident response and repair, which helps in governing network access by letting only approved devices, programs, and processes enter certain zones. This strategy enhances OT security and avoids unauthorized access in industrial environments.
Figure 2: Segmentation perspective
Without OT network segmentation, a single compromised device within your network – such as a printer, production system, or programmable logic controller (PLC) – could potentially grant a hacker access to your entire industrial framework. However, with OT segmentation, the same infected device is limited to a single network segment, significantly reducing the potential degree of harm.
Segmenting OT networks: the Purdue Enterprise Reference Architecture
ICS designs, the Purdue Enterprise Reference Architecture (PERA), or simply Purdue, the model given in Figure 3 categorizes systems in standard ICS into levels and “zones”. Each of them represents a separate area of capability provided by the ICS.
Naturally, as one moves below in the hierarchy, different levels of trust in the underlying devices emerge. Devices within the organizational levels have lesser trust, whereas DMZ entities have medium trust. Levels 0 to 3 have higher trust. These constraints apply to installed software and hardware, and to physical access to the networks. This depends on the unique needs of each industry and organization.
Figure 3: Industrial control systems (ICS) grouped by zones
Source: Department of Computer Science, University of Idaho; European Commission, Joint Research Centre (JRC); Idaho National Laboratory (INL)5
A description of each level of the model is provided below
Level 0: The physical processes that enter the facility. Devices such as sensors, pumps, turbines, and pipes deliver monitoring and operational capacities.
Level 1: Intelligent devices that perceive, monitor, and control physical processes. These devices include PID (proportional integral derivative) controllers and SIS (safety instrumented system) controllers.
Level 2: Control mechanisms are used to supervise physical processes. This level comprises HMIs (human-machine interface) and engineering consoles.
Level 3: Site operational systems that manage production workflows (e.g. data historians or domain controllers)
Industrial Demilitarized Zone (DMZ): Designed to prohibit direct connectivity between IT and OT systems by implementing “broker” services. This additional level typically includes proxy servers, database backup servers, and remote access servers.
Level 4: Logistics platforms manage IT-related activities on-site to support manufacturing. This level includes systems such as application servers, or ERP systems.
Level 5: Corporate network for data sharing for B2B and B2C services.
How zones interact: These zones interact using conduits. The conduit must be protected to the same level of importance as the most trusted zone to its connection For example, the communication line from Level 2 to Level 3, known as the conduit, must be protected with the same level of importance as Level 2, the more trusted zone.
Physical and logical network adjustments may be required after the networks have been theoretically segmented (separated), segregated (isolated), and linked via zones and conduits to suit the network architecture and meet the proper security standards.
Figure 4: The concept of security zones and conduits
How flat networks (levels) interact: Flat networks provide an unrestricted connection between devices. Devices in a network with OT segmentation may interact with one another without the need to connect to a border device or software, such as a security appliance, firewall, or router.
Flat networks have few security procedures in place to monitor network traffic. A segmented network will use a variety of technologies (e.g. firewalls, access control entries (ACEs), RBAC, network security policy management) to govern and monitor communications, including subnetting, switches, routers, firewalls, and security products.
Other technologies used by OT network segmentation:
Next-generation firewall (NGFW) — sets security control and policy enforcement.
Wireless access points (WAPs) — builds access and security control policy enforcement for end users as devices attempt to enter the network.
Ethernet switches — provide visibility and control over network users and devices.
Network access control (NAC) — provides visibility, control, and automatic reaction for all network connections.
Bridges — builds communication between local Ethernet LANs and wireless LTE/5G WAN connections.
Companies may use a segmented network design to separate their network into distinct zones, and then rigorously regulate and enforce the rules and policies that govern what can pass from zone to zone. Security administrators divide the network into discrete portions based on corporate demands and limit interconnectivity.
Figure 5 depicts a high-level adaption of the Purdue Model, demonstrating the key components of this design. According to the mentioned adaption of the Purdue Model, a typical environment may be separated into IT and OT networks.
Figure 5: Typical physical elements of the OT network
Source: Department of Computer Science, University of Idaho; European Commission, Joint Research Centre (JRC); Idaho National Laboratory (INL) 7
*OPC server: OPC Server is software that translates the hardware communication protocol (e.g. a device connector).
**PLC: Programmable logic controllers
Today, the OT and IT network sectors are becoming more integrated. Standard IT components, such as desktop PCs and industrial equipment, can communicate via standard protocols like industrial protocols.
How OT network segmentation impacts attack situations
Consider the following situation: An attacker has accessed an IT workstation and is attempting to access OT resources. There is no security in the flat network, making it easy to gain access to and misuse unsecured protocols and services operating on OT resources.
Solution scenario 1: A company can deploy a firewall to separate OT assets from the computer system. The firewall restricts every network connection except what it is set to accept. For example, IT workstations may be permitted to connect over the firewall to a web-based control gateway in the OT zone, or a setup tool may require access to a protocol such as SCADA (supervisory control and data acquisition). The attacker now has a smaller attack surface, nevertheless, any vulnerabilities in the exposed systems might still be used to break into the other company systems.
Figure 6: Infected IT workstation using firewalls to target PLCs (programmable logic controllers)
Source: Applied Risk8
Solution scenario 2: A company can set up a dual-homed gateway (e.g. a historian, a system that stores past process values), with a single network connection for the IT environment and another for the OT environment.
Figure 7: Attacking OT assets using exposed dual-homed gateway
Source: Applied Risk9
3 Types of attacks on OT networks
1. Direct attacks — aim to harm a specific OT system. Hackers have used remote access to conduct harm. When systems are compromised, attackers might inject malicious software that causes the system to malfunction by altering its control mechanism.
Triton malware stole the remote control of an energy plant’s safety control console. Authorities discovered that the safety instrumentation systems (SIS) engineering workstation (EWS) was the first to be hacked. The EWS communicated directly with the SIS processors. As a result, attackers uploaded binary files directly to the controllers targeting a specific SIS controller, and the SIS took a system outage.10
Recent instances include ransomware attacks on a gasoline pipeline in the U.S.Colonial Pipeline, one of the major refined goods pipelines in the US, experienced an incident linked to ransomware by a criminal organization, and the company ultimately shut down operations, leading to record price rises, panic purchasing, and fuel shortages.11This instance demonstrates how vulnerable operational systems are to the indirect effects of IT system attacks.
Read more: 3 ways to improve supply chain cybersecurity.
3. Espionage attacks — cover attackers who can use an environment to obtain information, leak private information, and conduct cyber espionage to gain an advantage over a competitive company or government entity.
A U.S. government contractor was accused of conducting espionage for delivering national defense information to a foreign government and revealing sensitive SECRET and TOP SECRET information.12
The impact of cyberattacks on OT environments
1. Physical damage and safety hazards
OT cyberattacks have more severe impacts than IT attacks because they might have physical impacts. In 2022, 57 OT-related hacks on industrial systems have occurred. That is more than 2.5 times the 22 analogous attacks that took place in 2021, and 3 times the 19 attacks recorded in 2020.13
2. Supply chain chaos
The domino impact of cyberattacks can influence supply networks severely. A compromise in one company’s OT systems may spread to its partners and vendors, disrupting whole sectors and jeopardizing key services. In 2022, 1743 entities in the U.S. were affected by supply chain cybersecurity threats, which is the highest recorded figure since 2017 and the number of impacted companies rose by nearly two times year on year.14
3. Disruption of essential services
Cyberattackers frequently utilize ransomware and insecure third-party connections to take over OT machines, which can disrupt production and operations.15
Consider a bottled water production facility becoming vulnerable to malicious hackers. The resulting turmoil may result in corrupted water supplies, endangering the safety and well-being of the public.
4. Industrial espionage and intellectual property fraud
Beyond operational interruption, cyberattacks against OT environments frequently seek to steal proprietary data and private data. A breach could expose sensitive process data, manufacturing processes, and intellectual property, providing rivals an unfair edge.
Read more: 14 data loss prevention (DLP) best practices.
5 challenges of OT network segmentation
The practice of OT network segmentation is not new, but it may be a time-consuming and expensive process, particularly in industrial settings with legacy systems. Below are a few of the primary challenges companies might encounter when ensuring their OT networks are correctly segmented:
1. Legacy systems
Unlike IT settings, where systems seldom remain for more than five years, industrial OT environments consist of legacy devices and systems with decades-long life cycles. Legacy industrial control systems (ICS) in these contexts are often not designed with security in consideration, and they may lack the required functionality to allow OT network segmentation or compliance with modern security measures.
Legacy systems, which might be 20 or more years old, might include old vulnerabilities and weak safety measures (e.g. an attacker can infect old Windows 2000 server systems using a unique typeface to run malicious malware).16
2. Synchronization of IT and OT systems
IT and OT networks frequently interact to transmit information and data; however, guaranteeing connection between segmented OT networks and other components of an organization’s IT architecture can be difficult. This approach necessitates collaboration among IT and OT teams, which have never worked jointly, resulting in errors that can lead to intricacy and duplication of efforts, increased operational expenses, or vulnerability to security problems.
3. Error-prone OT segmentation methods
Implementing efficient OT network segmentation strategies in industrial settings may be challenging, error-prone, and costly to operate and maintain. The procedures frequently involve regularly tailoring network policies to specific environments, laying out a foundation for human error.
4. Maintaining compliance standards
Critical infrastructure companies are subject to several complicated regulatory frameworks and requirements. Frequently, monitoring and enforcing compliance with these requirements demands specific, finely tailored procedures, which numerous companies might lack. This can result in varying methods of OT network segmentation and uneven enforcement among companies.
5. Unsecured remote access
Most industrial environments rely on remote access to allow insiders and external parties to manage resources, yet typical approaches are unsafe and ineffective since 80% of service engagements lack visibility across OT networks.17
If not properly managed, remote access can circumvent OT network segmentation protections. It also increases the attack surface, opening up additional entry sites for cyber threats.
Key elements to accelerate OT network segmentation
Given the challenges, improving OT network segmentation practices involves the integration of technology, systems, and employee skills. Industrial companies can leverage 6 critical success elements for improving OT cybersecurity, which is based on the principles: of strengthening technology foundations, and ensuring value-driven OT operations.
Improve technological systems
OT settings can provide improved technological controls to ensure that risks are mitigated effectively depending on asset importance:
1. Segment OT networks both from other networks and within themselves: Continuous information acquisition, remote support of OT networks, and connectivity between OT systems and ERP systems all contribute to the need for reliable alignment between the IT and OT settings through the implementation of security controls. Security technologies should be correctly designed and approved by automation vendors.
2. Set asset management, threat detection, and security protocols: Knowing what resources are in the plant, along with their software applications, vulnerabilities, and risks, is critical to determining how well they are protected (e.g. deploying threat management solutions with OT asset management tools to establish a complete awareness of a plant’s cybersecurity posture). This is equally vital as putting in place security controls and protections for OT networks.
3. Configure security policies: Implementing security controls and upgrades is critical, however, how effectively they are set, maintained, and managed makes a difference in the effectiveness of security controls (e.g. incorrect password configuration might cause malicious attackers to breach the OT system).
Maintain value-driven OT practices
Standardized security protocols assist IT, OT, and other parties in responding rapidly to threats and avoiding physical impacts that disrupt operations. Effective value-driven OT practices include the following:
4. Accurately define IT and OT teams’ responsibilities: Because of technological advancements and skilled labor shortages, OT and IT operations are becoming more intertwined. This might result in confusing duties for some devices (e.g. smart meters and digital twins). Strengthening cybersecurity oversight and operating frameworks across OT and IT teams clarifies ownership, roles, and duties for securing plant resources while encouraging coordination.
5. Build risk-based operational methods: Different OT assets have different degrees of importance (e.g. emergency shutdown systems and fire and gas systems, which demand a greater level of security and need an entirely distinct security methodology).
Developing techniques for determining the value at stake and criticality of OT assets enables a company to prioritize company resilience and plant continuity of operations.
6. Standardize processes across multiple locations: Organizations struggle to standardize OT processes due to differences between sites, technologies, and devices. Mapping architectural and management standards makes it easier to deploy new OT cybersecurity measures.
The future of OT network segmentation and security
Organizations will face more intense and complicated OT risks as they adopt new technologies and business leaders will take an approach to investigate, invent, adopt, and assess OT network segmentation and security to guarantee protection against the attacks that present a risk to their industrial operations.
Some of the stats include:
- As operational technology (OT) integrates with IT systems and newly built cyber-physical systems (CPS) are implemented OT security shifts from network-centric to CPS asset-centric.18
- ~45% of industrial companies aim to segment the OT network in the future.19
- ~80% of companies are moving beyond security awareness, with the majority beginning with an investigation attempt.20
- ~75% of industrial companies are still in the early phases of their OT security journeys. Furthermore, none of the participants have fully protected their OT/ICS settings yet.21
- ~60% of industrial companies aim to gain comprehensive visibility on OT devices and industrial networks in the future.22
- Top 10 Microsegmentation Tools
- Microsegmentation: What is it? Benefits & Challenges
- Role-based access control (RBAC)
- Network Segmentation: 6 Benefits & 8 Best Practices
- 80+ Network Security Statistics
- Network Security Policy Management Solutions (NSPM)
- Cybersecurity Risk Management
AIMultiple can assist your organization in finding the right vendor for network segmentation and cybersecurity needs. Feel free to reach out to us:
Cem has been the principal analyst at AIMultiple since 2017. AIMultiple informs hundreds of thousands of businesses (as per similarWeb) including 60% of Fortune 500 every month.
Cem's work has been cited by leading global publications including Business Insider, Forbes, Washington Post, global firms like Deloitte, HPE, NGOs like World Economic Forum and supranational organizations like European Commission. You can see more reputable companies and media that referenced AIMultiple.
Throughout his career, Cem served as a tech consultant, tech buyer and tech entrepreneur. He advised businesses on their enterprise software, automation, cloud, AI / ML and other technology related decisions at McKinsey & Company and Altman Solon for more than a decade. He also published a McKinsey report on digitalization.
He led technology strategy and procurement of a telco while reporting to the CEO. He has also led commercial growth of deep tech company Hypatos that reached a 7 digit annual recurring revenue and a 9 digit valuation from 0 within 2 years. Cem's work in Hypatos was covered by leading technology publications like TechCrunch and Business Insider.
Cem regularly speaks at international technology conferences. He graduated from Bogazici University as a computer engineer and holds an MBA from Columbia Business School.
To stay up-to-date on B2B tech & accelerate your enterprise:Follow on
Next to Read
Your email address will not be published. All fields are required.