APRIL 20249 As digital transformation continues to expand, there is a growing need to link and integrate business systems with manufacturing systems and shop-floor equipmentmalicious insider: a trusted person with technical knowledge and access who manipulates systems. The fourth is a malicious outsider, whether an external partner or a hacker; the lack of security controls puts organizations at unnecessary risk. If all these points are starting to alarm you, then you are starting to understand that you should not be taking these risks. So, what do you do? The best answer is planning a physical separation of devices and networks. For example, you should not co-locate IT and OT applications on the same physical infrastructure. OT lower-level devices should be on-premises and not have access to the internet, and you can control who has access to those devices using the local OT infrastructure. Evaluate your networks to ensure you have a separation between IT and OT; this way, the firewalls can act to prevent OT devices from going through the IT networks and vice versa. Segregate internal networks: IT systems should access separate subnets to OT systems; this way, individual switch ports can be configured to that subnet. Now you might be thinking, great, there is a way to fix it. Well, yes, in many cases, but there are many considerations to plan for. Many solution providers are using PCs as managers for their systems, and quite frankly, they are far less secure than a physical server, so that device must be placed into the lower level and accessed through a Jump Host. There are also considerations on the number of subnets, configurations, failover devices, clusters versus high availability, methods and devices to scan OT environments, and the big one ­ support processes. So do yourself a favor and create a detailed process flow map that can lead to architecture discussion, which will lead to system needs, which leads to secure environments and real organizational value.
< Page 8 | Page 10 >