Week 17: Prevent OT Compromise From Affecting Safety And Protection

21 Apr 2025 | A Year In OT Security

If any of your failure scenarios from last week required isolating the safety and protection devices and systems from OT, then this week you will design your solution.

Note: Even if you don’t need to isolate your safety and protection you should read this section. The technology is also used to isolate OT from cloud service providers.

There are three main ways to isolate safety and protection from OT.

  1. Remove the network connection between OT and safety / protection. Safety and protection are sometimes put on the OT network for ease of computer and device administration. This ease of administration also provides easier access for an adversary on OT. If safety and protection doesn’t need to be on OT or communicate with OT, remove the network connection and make it impossible for a compromise of OT to reach safety and protection.

If communication is required between OT and safety / protection, then consider design options 2 and 3.

  1. Use a one-way / data diode solution to allow data to flow from safety / protection to OT, but not vice versa. Some systems require safety and protection status information be available in OT. Some asset owners rely on this visibility in their scheme of operation. A one-way solution allows safety / protection status information to flow to OT, and it prevents all communication from OT to safety / protection using physics, not software. A real data diode solution cannot be hacked.
  2. If your safety / protection solution requires two-way communication with OT, then deploy an industrial firewall with ICS protocol deep packet inspection to limit OT access to safety / protection. For example, an OT cyber asset could issue read requests to safety or protection systems, but not write requests or other administrative requests. This is often used in petrochemical plants to separate the DCS from the SIS.

***

Update your answers from last week if necessary.

Failure Scenario 1

_________________________________________________________

High Consequence Event Avoidance Solution 1

_________________________________________________________

Failure Scenario 2

_________________________________________________________

High Consequence Event Avoidance Solution 2

_________________________________________________________

Failure Scenario 3

_________________________________________________________

High Consequence Event Avoidance Solution 3

_________________________________________________________