Open in app

Sign up

Sign in

Write

Sign up

Sign in

Home

Following

Library

Stories

Stats

Mastodon
InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow publication

Securing OT Systems: A Practical Guide

Ismail Tasdelen
InfoSec Write-ups
Published in
3 min readFeb 19, 2023

Photo by Aditya Vyas on Unsplash

As technology continues to advance, more and more industrial and critical infrastructure systems are becoming connected to the internet. These systems, known as Operational Technology (OT) systems, are responsible for running and controlling key components in industries such as energy, transportation, manufacturing, and healthcare.

However, the increased connectivity also makes these systems vulnerable to cyber-attacks. Hackers can infiltrate OT systems and cause severe damage to the physical infrastructure, leading to potential financial and environmental disasters. In this article, we’ll discuss practical tips for securing OT systems against cyber threats.

1. Conduct Risk Assessment:

The first step in securing OT systems is to identify the risks and vulnerabilities. It is crucial to conduct a risk assessment that covers the entire system, including all devices and applications. This assessment will help identify potential vulnerabilities that can be exploited by attackers.

The risk assessment should also include an evaluation of the impact of a successful cyber-attack on the system. By understanding the potential damage, organizations can prioritize and allocate resources to the most critical parts of the OT system.

2. Implement Segmentation:

OT systems typically have a large number of devices connected to the network. These devices include industrial control systems, sensors, and other components that are essential for the operation of the system.

To improve the security of the OT system, it is essential to segment the network. This means dividing the network into smaller subnetworks to limit the scope of a potential cyber-attack. By segmenting the network, even if an attacker gains access to one part of the network, they will not be able to access other critical parts of the system.

3. Use Strong Authentication:

Strong authentication is essential for securing OT systems. Passwords are often the weakest link in the security chain, as they can be easily guessed or stolen. Therefore, organizations should use strong authentication methods such as multi-factor authentication (MFA) and biometric authentication.

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

InfoSec Write-ups
InfoSec Write-ups
Follow

Published in InfoSec Write-ups

57K Followers
Last published 10 hours ago

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow
Ismail Tasdelen
Ismail Tasdelen
Follow

Written by Ismail Tasdelen

2.4K Followers
434 Following

I'm Ismail Tasdelen. I have been working in the cyber security industry for +7 years. Don't forget to follow and applaud to support my content.

Follow

Responses (1)

What are your thoughts?

Jakub Jančík

Feb 19, 2023

Software and firmware updates are crucial for maintaining the security of OT systems. Updates often include security patches that address vulnerabilities and bugs that can be exploited ...

While I do agree with you on this, this usually means that the factory has to stop. No one will do that, so you have to schedule this during maintenance windows. Whenever you know that there will be some downtime, use it to update the software (if there is any update pending).

More from Ismail Tasdelen and InfoSec Write-ups

See all from Ismail Tasdelen
See all from InfoSec Write-ups

Recommended from Medium

See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech