While traditional IT security tools can typically be adapted to various environments, developing tailored security architectures for operational security (OT) environments is more complex, according to a new study from Cyolo, an OT-focused provider of zero trust solutions.
Cyolo’s research zeroes in on high-level security architecture for OT, critical infrastructure systems (CIS) and industrial control systems (ICS), and evaluates key requirements of security regulations and frameworks.
Top level findings include:
- OT threat landscape. Heightened geopolitical factors have intensified attacks on OT and ICS, posing significant consequences ranging from operational disruptions and service denial to financial repercussions and potential harm to human well-being.
- Core cybersecurity regulations. The risks and consequences of cyber-attacks against critical infrastructure advanced regulations globally mandating secure architectures and technical controls. KRITIS (critical infrastructures) and the follow-on IT Security Act 2.0 are related examples of such regulations, as well as the NIST Cybersecurity Framework.
- OT security architectures and key functionalities. There are eight areas of functionality that are central to effective OT security architectures. Cybersecurity architectures for OT must address asset discovery, access control, IT security tool integration, detection and response capabilities, and OT protocol level threats.
Cyolo 4.3 Advances OT Security
To address the increasing need for secure access in OT environments, the company has introduced its Cyolo 4.3 solution, which adds more layers of security and makes the product easier to use for both administrators and end users in the industrial space, the company said.
According to Cyolo, the new release enables industrial organizations to extend their multi-factor authentication (MFA) across environments, through an integration with Duo Security, to support their physical tokens as required.
Additionally, the company has implemented another layer of security for file transfer within the OT/ICS environment, through query anti-virus software to scan files before they are delivered to their destination.
Joe O'Donnell, Cyolo vice president of ICS/OT, explained how the imperative of securing critical infrastructure and industrial processes:
“This convergence has expanded the OT threat landscape and introduced significant cybersecurity challenges, as the once-isolated OT networks are now vulnerable to the same threats that have targeted IT networks for years. With Cyolo 4.3, industrial entities can confidently navigate the complexities of the modern threat landscape and fortify their defenses against evolving cyber threats.”