Chapter 13 - 03 - Understand OT Concepts, Devices, and Protocols - 01_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
loT and OT Security

Module Flow
TS
£
LB. f‘!r-‘

Understand IoT Devices, Discuss the Security Understand OT Discuss the Security
Application Areas, and in IoT-enabled Concepts, Devices, in OT-enabled
Communication Models Environments and Protocols Environments
Copyright
pyrig © byY IL AN
Al Rights
[ Reserved. Reproduction
Reproduction
P IsIs Strictly
Strictly Y Prohibited
Prohibited

Understand OT Concepts, Devices, and Protocols
Operational technology (OT) plays a major role in today’s modern society, as it drives a
collection of devices designed to work together as an integrated or homogeneous system. For
example, OT in telecommunications is used to transfer information from the electrical grid
through wheeling power. The same telecommunications are also used for financial transactions
between electrical producers and consumers. OT is aa combination of hardware and software
that is used to monitor, run, and control industrial process assets. This section discusses various
important concepts related to OT.

Module 13 Page 1592 Certified Cybersecurity Technician Copyright © by EG-Gouncil
EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
loT and OT Security

Operational Technology (OT) is the software and hardware designed
to detect or cause changes in industrial operations through direct
monitoring and/or controlling of industrial physical devices
What is OT?
OT consists of Industrial Control Systems (ICS) to monitor and control
the industrial operations

— Utility Sector Electricity Traffic Signal Transportation

Water Grid 8. ! ) i | Surveillance

v R ar
Gas Filling ‘ Gorvent ‘:%\ ‘ / 8 Rl 3 Truck

oT

MRI.\S
Yy N > g
Scanner L
'EJ ) \e Blometric iy
3 Fire
Extingulsher
Healthcare Industry Microscope Office Building

Copyright © by EC-Council Al Rights Reserved. ReproductionIs Strictly Prohibited

What is OT?
OT is a combination of software and hardware designed to detect or cause changes in industrial
operations through direct monitoring and/or controlling of industrial physical devices. These
devices include switches, pumps, lights, sensors, surveillance cameras, elevators, robots, valves,
and cooling and heating systems. Any system that analyzes and processes operational data
(such as technical components, electronics, telecommunications, and computer systems) can
be a part of OT.

OT systems are used in the manufacturing, mining, healthcare, building, transportation, oil and
gas, defense, and utility sectors, as well as many other industries, to ensure the safety of
physical devices and their operations in networks. This technology consists of Industrial Control
Systems (ICSs), which include Supervisory Control and Data Acquisition (SCADA), Remote
Terminal Units (RTU), Programmable Logic Controllers (PLC), Distributed Control Systems
(DCSs), and many other dedicated network systems that help in monitoring and controlling
industrial operations.

OT systems employ different approaches to design hardware and protocols that are unfamiliar
with IT. Supporting older versions of software and hardware makes OT systems more
vulnerable to cyber-attacks, as developing fixes or patches for them is very difficult.

Module 13 Page 1593 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
loT and OT Security

Utility Sector Electricity
Electricity Traffic Signal
Traffic Signal Transportation

_— @
Water Grid @ @ @ —
Surveillance

i
Gasiling @@\/
@ | -
]
ECG o~ @...u) Robot
Machine

0 Fire
Biometric Extinguisher
Healthcare Industry Office Building

Figure 13.12: Devices connected to an OT network

Figure 13.13: Components of OT

Module 13 Page 1594 Certified Cybersecurity Technician Copyright © by EG-Council
EC-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
loT and OT Security

Essential Terminology

Assets
@
@ OT systems
OT systems consist
consist ofof physical
physical assets
assets such
such asas sensors
sensors and
and actuators,
actuators, servers,
servers,
workstations, network devices, and PLCs, and logical assets such as flow graphics,
program logic, databases, firmware, and firewall rules

Zones and Conduits
@ A network segregation technique used to isolate the networks and assets to
impose and maintain strong access control mechanisms

@ Industrial Network
A network of automated control systems is known as an industrial network

Business Network
@ It comprises of a network of systems that offer information infrastructure to
the business

Industrial Protocols
Protocols used for serial communication and communication over standard
Ethernet. Ex: S7, CDA, CIP, Modbus, etc.

Network Perimeter
It is the outermost boundary of a network zone i.e. closed group of assets

@ Electronic Security Perimeter
Itis referred to as the boundary between secure and insecure zones

Critical Infrastructure
@ A collection of physical or logical systems and assets that the failure or destruction
of which will severely impact the security, safety, economy, or public health

Essential Terminology
Discussed below are some of the most important and extensively used terms related to OT
systems:
= Assets

Different components of OT are generally referred to as assets. Most OT systems, such
as ICSs, comprise physical assets such as sensors and actuators, servers, workstations,

Module 13 Page 1595 Certified Cybersecurity Technician Copyright © by EC-Council
EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
10T and OT Security

network devices, PLCs, etc. ICS systems also include logical assets that represent the
workings and containment of physical assets, such as graphics representing process
flow, program logic, database, firmware, or firewall rules.

= Zones and Conduits

Zones and conduits is a network segregation technique used to isolate networks and
assets to impose and maintain strong access control mechanisms.

* |ndustrial Network and Business Network

OT generally comprises a collection of automated control systems. These systems are
networked to achieve a business objective. A network comprising these systems is
known as an industrial network. An enterprise or business network comprises a network
of systems that offer an information infrastructure to the business. Businesses often
need to establish communications between business networks and industrial networks.

= Industrial Protocols

Most OT systems employ proprietary protocols (S7, CDA, SRTP, etc.) or non-proprietary
protocols (Modbus, OPC, DNP3, CIP, etc.). These protocols are generally used for serial
communication and can also be used for communication over standard Ethernet using
Internet Protocol (IP) along with transport layer protocols TCP or UDP. As these
protocols operate at the application layer, they are referred to as applications.

= Network Perimeter/Electronic Security Perimeter

The network perimeter is the outermost boundary of a network zone, i.e., a closed
group of assets. It acts as a point of separation between the interior and exterior of a
zone. Generally, cybersecurity controls are implemented at the network perimeter. An
Electronic Security Perimeter refers to a boundary between secure and insecure zones.
= (Critical Infrastructure

Critical infrastructure refers to a collection of physical or logical systems and assets, the
failure or destruction of which will severely impact security, safety, the economy, or
public health.

Module 13 Page 1596 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.