What would life be like without traffic lights, mass-produced food, energy at the touch of a button, or easily available motor fuel?
Operational Technology (OT) makes all these things happen and pervades our lives in both obvious and hidden ways, automatically monitoring and controlling processes and equipment that are too dangerous, too demanding or too monotonous for manual operation.
OT is defined as technology that interfaces with the physical world and includes Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS).
Where cyber security for IT has traditionally been concerned with information confidentiality, integrity and availability, OT priorities are often safety, reliability and availability, as there are clearly physical dangers associated with OT failure or malfunction. Many businesses strive for improved OT process efficiency and reliability for their customers, which often results in increased connectivity to enterprise technologies and the Internet. This convergence has the potential to increase system vulnerabilities, but can be addressed by adopting sound risk management principles, which are the same regardless of the underlying system type.
Many OT environments form part of our Critical National Infrastructure and so the NCSC is developing guidance to assist with this application of cyber security across OT environments. In the short term this will take the form of Security Architecture Principles for OT followed by the integration of the Security for Industrial Control Systems guidance into our NCSC guidance portfolio.