With many security organisations in Australia now responsible for protecting both IT and OT environments, there is a great opportunity to manage cyber-risk more holistically across the industrial enterprise. Doing so efficiently requires a combination of leverage and integration as well as specialised security tools to provide visibility into each environment.

It also requires a knowledge of OT networks and identifying some of the misconceptions about how they differ to IT networks, their specific security vulnerabilities and how to best protect them.

OT’s propriety nature offers protection

One common misconception about OT networks is the result of OT’s long history as a technology isolated from IT. It is that OT relies on decades old, proprietary technologies that are not vulnerable to today’s cyber-attacks.

Unfortunately, the truth is quite the opposite. OT networks are often vulnerable because they were designed many decades ago when security was not top of mind. Furthermore, many industrial facilities do not have up to date documentation on what exists within their control environments, and how all this equipment interacts with each other.

In these scenarios, behavioural monitoring that is not dependent on device-specific protection techniques and on detailed knowledge of the functioning of individual components can be extremely valuable. These technologies can monitor OT networks to establish normal behaviour, detect and alert on any anomalies.

This is hugely valuable because unlike people-centric IT networks, OT networks are machine-centric and therefore highly predictable: any behavioural anomaly is highly likely to represent compromise by cyber attack.

OT and IT can be secured in the same way

Another misconception is that IT and OT are the same and therefore can be treated the same when security measures are being developed and implemented, but this is not the case.

Corporate IT networks have down time when system upgrades can be installed and vulnerabilities patched. On the other hand, OT networks often operate around the clock to maximise productivity. So, taking OT assets offline for maintenance or security upgrades can impact production and have a direct impact on revenue.

Further complicating vulnerability management for industrial enterprises is the 25-year (or more) lifecycle of most OT assets, which often run proprietary applications supported by legacy operating systems. Many of these systems were never designed to be patched, and that leaves them exposed. Upgrading this expensive hardware and software can be expensive, but vulnerabilities are of little consequence in the absence of credible threats. Unfortunately, the last several years have borne witness to a marked increase in the rise of capable and willing attackers.

OT and IT networks are separate

One of the most common misconceptions is that IT networks are separate from OT networks and that OT networks do not require protection from cyber-attacks because they are separated from the Internet by ‘air-gaps’.

What many organisations don’t realise is that today’s OT environments are highly networked and integrated with IT networks to optimise efficiency.

Recent cyber-attacks on IT networks have demonstrated that attacks on IT networks can cause extensive “spill-over” damage to industrial environments when the malware spreads from the IT network to poorly segmented OT networks.

While IT systems with good backups can recover lost data relatively quickly, the impact of a malware attack on an OT environment can potentially be far worse. This was the case in 2019, when global aluminium producer Norsk Hydro was hit by the LockerGoga ransomware that infected 22,000 computers across 170 sites in 40 countries. The result was the entire workforce - 35,000 people - resorting to pen and paper and production lines being closed down.

The integration with IT networks is beneficial as it facilitates data sharing across enterprises and with third parties, but this also comes with cyber security concerns.

For example, some OT networks require third-party management and access from third-party vendors to support equipment. By granting this access, organisations are opening themselves up to vulnerabilities, trusting that their partners follow stringent cyber security controls and practises that they enforce. Many security breaches have been conducted through these types of third-party vendors who prove to be the weakest link in the chain.

Organisations with OT networks need to protect these networks not only from threats posed by the Internet but also threats introduced by unmanaged remote access.


OT and IT integration creates many potential benefits, such as gaining access to data from the OT environment for analysis, and giving business divisions better visibility into production processes.

But knowledge of how to protect an OT network from a cyber-attack is imperative. Protection can come in the form of reducing the OT attack surface with tools that manage tracking, approval and auditing of remote access requests; and tools able to quickly detect behavioural changes that can indicate when an attack is underway.

Eddie Stefanescu is Regional Vice President, Business - Asia Pacific & Japan at IoT/OT specialist Claroty.

Related news & editorials

  1. 28.02.2020
    by      In
    Australia really needs to lift a gear in the field of industrial automation to avoid falling further behind. But it’s just not happening. Why?
    Personally, I think there are a number of factors, such as the lack of continuity of staff across the board from end users to suppliers. There is a lack of... Read More
  2. 25.02.2020
    by      In
    New workplace manslaughter laws coming into effect in Victoria on the 1st July 2020 will impact decisions made by organisational leaders now and into the future. What kinds of risks is your organisation now open to with this change in legislation, and how will you mitigate those risks?
    Company... Read More
  3. 17.02.2020
    by      In
    Open IIOT asked Dr Zygmunt Szpak, a senior research associate at the Australian Institute for Machine Learning, to explain artificial intelligence in a nutshell. Dr Szpak and his team run seminars around the country with the aim to simplify the topic and provide a business connection between AI and... Read More
  4. 07.02.2020
    by      In
    Igor Kazagrandi, Founder and CEO of Vanguard Wireless, examines the importance of new product development (NPD).
    In Australia, the Work Health and Safety Regulation 2017 stipulates that a person conducting a business or undertaking must ensure that an emergency plan is prepared for the workplace... Read More