VanRoey Logo
VanRoey Logo
menu
Header image overlay

Safety first in Operational Technology / OT

Operational Technology (OT) refers to hardware and software that controls physical devices & processes. This often involves systems in production environments, such as pumps, machines, to even locks and windmills. Through IoT, these systems are increasingly finding their way into the corporate network and cloud.

However, this evolution towards IIoT (Industrial Internet of Things) also comes with serious cybersecurity risks given that numerous systems are still running on Windows XP or even Windows 3.1(!), under the motto: "If it ain't broke, don't fix it."

Operational Technology: from CNC machine to nuclear power plant

Industrial Control Systems (ICS), such as SCADA and PLC controls, used to be isolated silos where cybersecurity was not considered. But attacks on OT can lead to serious consequences, ranging from reduced productivity to physical accidents or even social disasters. Thinking about the hack at the Colonial Pipeline in the US, which caused a fuel shortage, or attacks on nuclear power plants in Iran... The potential consequences are incalculable.

Today, for example, there is ransomware that specifically targets CNC machines. Nothing immediately seems wrong, but once you start production, the values deviate slightly from the input time after time and the whole production process is disrupted. Hackers also eagerly exploit less secure OT environments to find their way into the rest of the corporate network.

LAT relationship for IT & OT

To reduce these risks, it is important to keep OT and IT environments separate and strictly monitor communication between the two. The PERA model (Purdue Enterprise Reference Architecture) distinguishes five layers of system security, with the layer protecting OT systems to be separated from the layer protecting IT systems.

Therefore, zone '3.5', a Industrial DMZ between OT and IT, implemented adding security management and specific scanning protocols. Fortinet offers various solutions and collaborates with specialised partners in the OT landscape for this purpose, such as Dragos, Nozomi, Microsoft, Siemens, Schneider Electric etc... to ensure the most adequate security.

NAC & Deep Packet inspection for Operational Technology

It is important to keep the O of OT in mind at all times. So security measures should not get in the way or cause unnecessary disruption to the production or operation of your organisation.

This is how a NAC with DPI (Network Access Control with Deep Packet Inspection) system differently at OT. You want to avoid a device being accidentally barred from the network, because that impact is much more dramatic than if, for example, a printer is momentarily inactive. The type of traffic as well as the protocols also differ from traditional IT traffic. That is why we work with active, non-intrusive device classification & fingerprinting.

On some 20 levels (think mac-address + https requests + Vendor logo + tcp requests...) a profile of devices is set up and 'rogue devices' can be detected immediately and you can decide automatically or manually what to do with them. Because Fortinet also opens up its ecosystem to third-party integration, it can communicate directly with systems from Modbus, Siemens, Microsoft and numerous other specialists to correctly process this information and protocols at all times.

Application Control

With Application Control, operational operation is further analysed and secured. The system knows and studies the usual operation of your devices thanks to the aforementioned integration with partners. If certain commands come in with expected values between e.g. 0 and 2, there is no problem, but as soon as an unexpected value would appear, alarm bells go off.

Industrial honeypot

Fortideceptor Another interesting example is FortiDeceptor. With it, fictitious OT environments (Decoys) are set up and communicated to the outside world to lure attackers. Once these make an attack attempt on a Decoy, the attack is immediately analysed and barred. Even before it can effectively attempt an attack on the live environment, it will be excluded. There are a lot of Decoys available, thus including SCADA systems such as Modbus, S7comm, HTTP, TFTP, Bacnet, Triconex...

In conclusion

It is important to regularly monitor and update the security of OT systems. Many OT systems are still running on older software versions, such as Windows XP, which are no longer supported, so extra care should be taken to ensure these systems remain compliant with the latest security standards.

Fortinet Expert Partner | VanRoey.beThis article is only a summary of this video presentation by Lars Putteneers, Channel System Engineer at Fortinet. In it, he goes much deeper into the PERDUE model, as well as the challenges and solutions involved in today's OT environment.

Security audit for your Operational Technology environment?

Want to know how safe your environment is? You can rely on our thorough Security audit, where our experts will test your environment for more than 60,000 attack vectors and come and make a physical visit. All issues will come to the surface. Want to know more? Then feel free to request some additional info:

vat no.*

"As soon as an attacker makes an attempt on a decoy environment, it is immediately detected and barred. Even before it can effectively begin an attack attempt on the live environment."
How are you doing?

Security audit

We have never come across a 100% safe environment....
Find out more
Clippy forces you to follow us.
  • Webinar
Lars Putteneers of Fortinet presents on OT
Lars Putteneers of Fortinet presents on OT

What is Operational Technology (OT) and how can Fortinet secure these environments?

What is Operational Technology (OT) and how does it differ from IT? What are the challenges in protecting industrial environments? Lars Putteneers from Fortinet explains it in great detail!
Get Free Access

Written by:

Matthias Sanne | VanRoey.be
LinkedIn icon
Matthias Sanne
Marketing & design @ VanRoey

Has been working as a marketer, designer, webmaster, copywriter, PowerPoint guru and numerous other things for 15 years. He gets his energy from simplifying complex matters. He tries to do the same in his Techblog PowrUsr.com where he brings handy solutions to challenging problems.

Related info

  • Blog

VanRoey.be Wins Fortinet EMEA Growth Partner Of The Year award!

Fortinet EMEA award Partner growth 2018 Pat and Roel on stage

Expertise Services

HPE alletra

IT Security Audit

IT Security Audit
  • Case study

Willemen Group builds solid security strategy with Fortinet & VanRoey.be

Willemen Group

Let our experts guide you

Like thousands of organisations, rely on our knowledge & experience to work out your ideal network, data centre, IT security, CRM / ERP, meeting rooms or digital workplace...

Ask your question


Thanks to the Fortinet Security Fabric, a single security platform allows us to manage all our devices centrally and conveniently, without sacrificing data nor Internet accessibility! Watch video case...
Luc Smet
Luc SmetICT-NIM Teamleader


What I appreciate most about VanRoey is their hands-on approach and no-nonsense corporate culture. Moreover, they don't just answer the question, but they really do think along. For us, this has led to a deeper understanding and solutions that exactly fill our needs. Watch video case...
Steven BruynseelsIT Operations Manager


Switching to telephony via Teams went smoothly. Communication is very important to me in such projects. The cooperation between us, Telenet and VanRoey went very smoothly. Watch video case...
Gert Torah
Gert TorahIT Manager


I've worked with many companies before, but the approach of VanRoey is really quite unparalleled. With VanRoey.be we found the IT partner we were looking for. Read the case...
Raf De Leu
Raf De LeuIT Manager


We are very satisfied with the cooperation with VanRoey. Their people have a extensive knowledge and, in addition, can be used on a understandable way ...to transfer. Read the case...
Kim Kerkhofs
Kim KerkhofsExecutive assistant


Quality pays for itself over the years anyway, both for construction projects and in ICT. We therefore opted for the VanRoey ecosystem: the right solutions, the right brands, expertise and flexibility, with high reliability as a result. Read the case...
Martin Björklund
Martin BjörklundICT administrator

Newsletter  | Linkedin

LinkedIn Spotify Instagram Facebook-f Youtube Newspaper

Conditions – PartnershipsSatisfaction survey - VanRoey

  BC-Certified-logo_ISO-27001

Our Solutions

Managed IT Services
Security audit
Expertise Services

IT Security Strategy
Train Your Staff (Awareness)
Network Security
Firewalls
Antivirus
Endpoint Defence & Response (EDR)
Cybersecurity for Government (Smals)
Smart AI camera surveillance

VanRoey Private Cloud (IaaS)
Servers & Storage
Apps & device management
Backup Solutions
Networking & Wifi
Internet line & IP VPN
Azure Cloud Solutions
AI-powered CCTV

Copilot AI
Microsoft 365 / Office 365
Microsoft Teams
Microsoft SharePoint
CTOUCH Touchscreens
HP Business Notebooks
Dell XPS & Latitudes
Professional Printers

ERP & CRM With Dynamics 365
Power Platform
Dynamics 365 Real Estate
GPS Tracking(Sensolus) / Indoor tracking (Pozyx)

Events

Training

Experience Center

Jobs

About

ESG

Kempus

Customer Area

Contact
Living Tomorrow building

Event: 30 Nov

IT Inspiration Day

What will the future bring? Get an exclusive tour & plenty of inspiring sessions at the revamped Living Tomorrow. It promises to be another great and educational year-end event! See you there?

Info & registration

Attention: limited number of places!