VanRoey Logo
Search
VanRoey Logo
menu
Header image overlay

Safety first in Operational Technology / OT

Operational Technology (OT) refers to hardware and software that controls physical devices & processes. This often involves systems in production environments, such as pumps, machines, to even locks and windmills. Through IoT, these systems are increasingly finding their way into the corporate network and the cloud.

However, this evolution towards IIoT (Industrial Internet of Things) also comes with serious cybersecurity risks given that numerous systems are still running on Windows XP or even Windows 3.1(!), under the motto: "If it ain't broke, don't fix it."

Operational Technology: from CNC machine to nuclear power plant

Industrial Control Systems (ICS), such as SCADA and PLC controls, used to be isolated silos where cybersecurity was not considered. But attacks on OT can lead to serious consequences, ranging from reduced productivity to physical accidents or even social disasters. Thinking about the hack at the Colonial Pipeline in the US, which caused a fuel shortage, or attacks on nuclear power plants in Iran... The potential consequences are incalculable.

Today, for example, there is ransomware that specifically targets CNC machines. Nothing immediately seems wrong, but once you start production, the values deviate slightly from the input time after time and the whole production process is disrupted. Hackers also eagerly exploit less secure OT environments to find their way into the rest of the corporate network.

LAT relationship for IT & OT

To reduce these risks, it is important to keep OT and IT environments separate and strictly monitor communication between the two. The PERA model (Purdue Enterprise Reference Architecture) distinguishes five layers of system security, with the layer protecting OT systems to be separated from the layer protecting IT systems.

Therefore, zone '3.5', a Industrial DMZ between OT and IT, implemented adding security management and specific scanning protocols. Fortinet offers various solutions and collaborates with specialised partners in the OT landscape for this purpose, such as Dragos, Nozomi, Microsoft, Siemens, Schneider Electric etc... to ensure the most adequate security.

NAC & Deep Packet inspection for Operational Technology

It is important to keep the O of OT in mind at all times. So security measures should not get in the way or cause unnecessary disruption to the production or operation of your organisation.

This is how a NAC with DPI (Network Access Control with Deep Packet Inspection) system differently at OT. You want to avoid a device being accidentally barred from the network, because that impact is much more dramatic than if, for example, a printer is momentarily inactive. The type of traffic as well as the protocols also differ from traditional IT traffic. That is why we work with active, non-intrusive device classification & fingerprinting.

On some 20 levels (think mac-address + https requests + Vendor logo + tcp requests...) a profile of devices is set up and 'rogue devices' can be detected immediately and you can decide automatically or manually what to do with them. Because Fortinet also opens up its ecosystem to third-party integration, it can communicate directly with systems from Modbus, Siemens, Microsoft and numerous other specialists to correctly process this information and protocols at all times.

Application Control

With Application Control, operational operation is further analysed and secured. The system knows and studies the usual operation of your devices thanks to the aforementioned integration with partners. If certain commands come in with expected values between e.g. 0 and 2, there is no problem, but as soon as an unexpected value would appear, alarm bells go off.

Industrial honeypot

Fortideceptor Another interesting example is FortiDeceptor. With it, fictitious OT environments (Decoys) are set up and communicated to the outside world to lure attackers. Once these make an attack attempt on a Decoy, the attack is immediately analysed and barred. Even before it can effectively attempt an attack on the live environment, it will be excluded. There are a lot of Decoys available, thus including SCADA systems such as Modbus, S7comm, HTTP, TFTP, Bacnet, Triconex...

In conclusion

It is important to regularly monitor and update the security of OT systems. Many OT systems are still running on older software versions, such as Windows XP, which are no longer supported, so extra care should be taken to ensure these systems remain compliant with the latest security standards.

Fortinet Expert Partner | VanRoey.beThis article is only a summary of this video presentation by Lars Putteneers, Channel System Engineer at Fortinet. In it, he goes much deeper into the PERDUE model, as well as the challenges and solutions involved in today's OT environment.

Security audit for your Operational Technology environment?

Want to know how safe your environment is? You can rely on our thorough Security audit, where our experts will test your environment for more than 60,000 attack vectors and come and make a physical visit. All issues will come to the surface. Want to know more? Then feel free to request some additional info:

vat no.*

"As soon as an attacker makes an attempt on a decoy environment, it is immediately detected and barred. Even before it can effectively begin an attack attempt on the live environment."

share this post:

How are you doing?

Security audit

We have never come across a 100% safe environment....
Find out more
Clippy forces you to follow us.
  • Recording
Lars Putteneers of Fortinet presents on OT
Lars Putteneers of Fortinet presents on OT

What is Operational Technology (OT) and how can Fortinet secure these environments?

What is Operational Technology (OT) and how does it differ from IT? What are the challenges in protecting industrial environments? Lars Putteneers from Fortinet explains it in great detail!
Get Free Access

Written by:

Matthias Sanne | VanRoey.be
LinkedIn icon
Matthias Sanne
Marketing & design @ VanRoey

Has been working as a marketer, designer, webmaster, copywriter, PowerPoint guru and numerous other things for 15 years. He gets his energy from simplifying complex matters. He tries to do the same in his Techblog PowrUsr.com where he brings handy solutions to challenging problems.

Related info

  • Blog

Retrospective OT Security Event: How to secure your production environment?

OT Security Lunch - VanRoey 2024
  • Blog

VanRoey.be Wins Fortinet EMEA Growth Partner Of The Year award!

Fortinet EMEA award Partner growth 2018 Pat and Roel on stage

Expertise Services

HPE alletra
  • Case study

Willemen Group builds solid security strategy with Fortinet & VanRoey.be

Willemen Group

Let our experts guide you

Like thousands of organisations, rely on our knowledge & experience to work out your ideal network, data centre, IT security, CRM / ERP, meeting rooms or digital workplace...

Ask your question
Frame21 Logo
"As CEO of a coworking space, you obviously don't want visitors or permanent residents to be unable to start their meetings on time because of infrastructure problems."
Stéphanie Beyens - CEO Frame 21
Stéphanie Beyens CEO at Frame21
Read Case!
"The need for a good ERP system was growing, especially as we were running up against the limits of Excel. The VanRoey cloud-based ERP system, based on Microsoft Business Central and Dynamics 365 CRM, proved to be the perfect match."
Dirk Evenepoel Co-manager BATO
Read Case!
NMBS Logo
"We will get calls from all over Belgium to support people. Then it is ideal to have central management platforms. This allows us to configure or solve almost everything remotely."
Filip d'Haenens
Filip D'Haenens Sr. Architect at YPTO (IT company SNCB)
Read Case!
Indupol logo | VanRoey.be
"We now have one totally integrated package that (new) employees can quickly find their way around. Everything runs centrally from sales order to production, purchasing, accounting and all figures end up in clear reporting."
Bram Van Baelen, Indupol | VanRoey.be
Bram Van Baelen Indupol
Read Case!
Transparency
Alides Logo | VanRoey.be
"The great added value of VanRoey's integrated solution lies in the faster and more mobile availability of information. Moreover, they can be confident that the data they see is correct and up to date."
Thomas de Moor
Thomas De Moor Financial Controller, Alides
Read Case!
Transparency
"The result is a much better running IT infrastructure that is monitored and supported 24/7 by the people of VanRoey. Today we have far fewer problems and employees in other time zones are also assured of solid IT services!"
Guido Peeters IT Manager Biobest
Read Case!
Transparency

Newsletter  | Linkedin

LinkedIn Spotify Instagram Facebook-f Youtube Newspaper

PartnershipsSatisfaction surveyConditionsPrivacy & cookiesCSR/ESG Policy

  BC-Certified-logo_ISO-27001

Our Solutions

Managed IT Services
Security audit
Expertise Services

IT Security Strategy
Train Your Staff (Awareness)
Network Security
Firewalls
Antivirus
Endpoint Defence & Response (EDR)
Cybersecurity for Government (Smals)
Smart AI camera surveillance

VanRoey Private Cloud (IaaS)
Servers & Storage
Apps & device management
Backup Solutions
Networking & Wifi
Internet line & IP VPN
Azure Cloud Solutions
AI-powered CCTV

Copilot AI
Microsoft 365 / Office 365
Microsoft Teams
Microsoft SharePoint
CTOUCH Touchscreens
HP Business Notebooks
Dell XPS & Latitudes
Professional Printers

ERP & CRM With Dynamics 365
Power Platform
Dynamics 365 Real Estate

Events

Training

Inspiration Centre

Jobs

About

ESG

Kempus

Customer Area

Contact
Inspiration Days

Next session: 21 Nov

IT Inspiration Days

Our own Inspiration Centre in Geel provides the perfect setting to welcome you this autumn and take you into the latest trends within the IT world.

Info & Sessions!

Attention: limited number of places!