"Operational Technology (OT) Security" was the topic of the 105th Digital Dialogue and Decrypting Cyber Security (part 3 of 5) on 30 November 2023, which were held as a joint event this time. The focus was on the vulnerability of operational technology in critical infrastructures and the IT security of operational technology (OT).
The hosts Michael Zwantschko from Silicon Alps Cluster and Helmut Wiedenhofer from JOANNEUM RESEARCH gave an introduction to the problem, which is gaining momentum in view of the increasing networking of different components, including across national borders, as well as the changed geopolitical situation (since the attack on Ukraine).
Michael Gebetsroither Founder and CEO of the Graz-based company mgIT Gmbh and IT infrastructure expert discussed cyber security in practice in his presentation. According to Gebetsroither, it is important in this context that security should not stand in opposition to usability, as otherwise there is a risk that employees will look for ways to circumvent annoying security measures. In addition, IT security should never depend on the user: For example, in the form of telling them "you can't click here". His tip: "Make the simplest solution a secure one, otherwise your security strategy will fail."
Martin Lampel Head of OT Cybersecurity Solutions and System Integration at K-Businesscom AG, explained the differences between IT and OT: Information technology focuses on the processing, storage and transmission of data and information to support business processes, decision-making and communication. In contrast, operational technology is used to control and monitor physical processes and systems, such as production facilities, power grids, building automation and industrial machinery. "In production, analogue or digital data is usually processed that is directly linked to physical processes and devices, such as sensor data, control signals and measured values." Due to these and other differences, securing the OT environment requires a different approach than in the IT sector, says Lampel.
Matthias Rüther, Director of the DIGITAL Institute at JOANNEUM RESEARCH, spoke in his presentation about the vulnerability of operational technology in critical infrastructures and related research at the company. Due to the current geopolitical security situation, critical infrastructure is increasingly becoming the target of cyber attacks worldwide. A particular challenge is the diversity and distribution of OT components and their increasing complexity, as well as IoT, edge and cloud applications. The complexity of attacks has also increased. "Assume that you will be attacked and that some attacks will be successful," says Rüther.