The Clash Between OT and Cybersecurity: A Necessary Conflict?

Have you ever thought that some of the cybersecurity antipatterns are actual design patterns for Operational Technology (OT) environments? Here’s a look at some common antipatterns and their relevance in OT:

1. We don't patch (unless it's critical):

This antipattern avoids patch installation due to the implicit assumption that patches aren't crucial. Often, there's a belief that "it won't happen to us" because unpatched vulnerabilities have not been exploited before (or have gone undetected). In OT environments, the risk of disrupting critical processes often leads to this approach.

2. Waiting for patch perfection instead of building resilience:

This antipattern delays patching due to fear of potential issues with the patches. While aiming for perfection, it inadvertently increases the likelihood of downtime from attacks. In OT, the focus is often on stability and uptime, which can make this antipattern seem like a safer approach.

3. Broken accountability model:

Here, security is held accountable for the negative outcomes of patches. This model leads to other teams de-prioritizing security maintenance. In OT, the priority often lies with operational continuity, leading to a similar distribution of accountability where security is sidelined.

4. Over-customizing patch selection:

This antipattern involves using unique criteria for patching rather than applying all manufacturer-recommended patches. This customization creates unique builds of Windows, Linux, and applications that have never been tested in that exact configuration. In OT, customized solutions can be seen as necessary to meet specific operational requirements, even though it complicates security.

5. Focusing only on operating systems:

This antipattern addresses only servers and workstations, ignoring containers, applications, firmware, and IoT/OT devices. In OT, the complex and heterogeneous nature of environments often results in focusing on the most visible components, neglecting the rest.

So what should a Cybersecurity expert do address the above?

Understanding these antipatterns as potential design patterns in OT highlights the unique challenges and priorities in securing these environments. The key is balancing operational continuity with robust security practices by conducting a Cyber-Risk Assessment.

The Cyber-Risk Assessment allows the organization to:

• Identify and prioritize vulnerabilities across all systems, including those often neglected.
• Develop a resilient patch management strategy that balances the need for updates with the operational stability of OT environments.
• Establish clear accountability models that distribute responsibility appropriately and encourage proactive security measures.
• Streamline patch selection processes to avoid over-customization while still meeting operational needs.
• Ensure comprehensive coverage by addressing all aspects of the environment, not just the operating systems.

By recognizing and addressing these antipatterns, cybersecurity professionals can better secure OT environments, ensuring both safety and efficiency.