Future-proof machine security: Bridging the IT/OT gap

3 min. read

Share

In today's interconnected world, machines are no longer isolated islands of productivity. They're connected to other devices and networks, making them vulnerable to cyber threats. As machine builders and plant owners, it's crucial to recognize the importance of industrial security and take proactive measures to protect your assets.

This article explores the challenges of maintaining machine security and offers insights and tools to help machine builders with that.

Understanding IT/OT security objectives

The gap between Information Technology (IT) and Operational Technology (OT) is a well-known obstacle in maintaining machine security. While IT systems are designed with security and confidentiality in mind, OT environments tend to prioritize availability and physical safety. This mismatch can lead to serious consequences when machines are attacked.  Priorities are often completely reversed, as the figure below shows.

IT OT security objectives
Different IT/OT security objectives (source: ISA)

In the world of OT, there’s often the motto: "Never touch a running system". This is different from what IT experts usually say, which is to update and install the newest security patches regularly. OT operators hesitate to update machines because patches take time to install and might have bugs that cause interruptions. This might cause downtime and risks the availability of the system. As a result, a machine runs outdated, vulnerable software.

Mismatched operating system lifecycles

Another challenge in machine security is the mismatch between the lifecycles of OT and IT systems. While machines are built to last for decades, operating systems and software typically have a lifespan of only 3 to 5 years. This means that the software running on machine controllers and operating systems become outdated and vulnerable to cyber threats long before the machine is decommissioned

Mismatch OT & IT security IT systems have a shorter life expectancy than your machine

Addressing the challenge posed by the differing lifecycles of OT and IT systems, implementing edge connectivity through edge gateways and complying with IEC 62443 become essential for securing machines. Let's discover why.

Harnessing edge connectivity

Edge connectivity offers solutions to secure machines while minimizing the impact and risk on production processes. An edge gateway is a multifunctional device that combines a router, modem, and firewall. It allows for secure remote connectivity and maintenance and protects the machine network from external threats by segmenting the IT and OT parts of the network.

ixon_it_ot_network_architecture How an edge gateway can be used in a network.

Example of a dangerous situation without edge connectivity:
Because no remote connectivity is available, maintenance and service is done by external service technicians on-site. There’s a risk that they physically connect their infected laptop to a machine, exposing it to viruses and ransomware, or leaking confidential data. 

Leveraging IEC 62443 standards

To improve machine security, machine builders should consider designing their machines in accordance with IEC 62443 guidelines. This international standard provides a framework for securing industrial automation and control systems.

It helps to mitigate risks throughout the machine's lifecycle and can help with setting systems to last for the long-term, including those short-lived IT operating systems. The standard takes the unique challenges and priorities of OT environments into account, so they can effectively be applied to the machine building industry.  

Take steps to improve machine security now

As technology continues to evolve, so do the threats to industrial machines. To future-proof your machine security, you need to adopt a proactive approach where you understand the unique challenges of machines, use edge connectivity and apply guidelines such as IEC 62443. Don't wait until it's too late – take steps today to protect your industrial assets.

Our Security Kit can help you to start with IEC 62443 through a starter guide and webinar. It also gives you insight into how security is managed at IXON. Download the security kit here.

IXON’s SecureEdge Pro Gateway

The SecureEdge Pro — IXON’s latest edge gateway — embodies cutting-edge security principles, designed to raise the bar for secure machine connectivity. Key features include:

  • Dedicated OT network port: Keeps the factory network isolated from the internet, significantly reducing the risk of cyber threats and ensuring uninterrupted operations. 
  • Regular firmware updates: Receive the latest security patches without affecting legacy OT software or causing downtime.
  • Built-in TPM chip: Enables secure generation and storage of cryptographic keys. This makes it possible to securely boot from trusted hardware and software, and enables other security features.
  • Compliant with IEC 62443-4-2: Meets strict security requirements for industrial automation and control systems, providing robust protection against a wide range of threats.

Discover how the SecureEdge Pro gateway can transform your industrial network security. 

Learn more