IT vs OT. Enterprise versus Industrial (ICS). The technologies operate in different environments and have different uses.
IT is the arena we all know: computers, keyboards, etc. IT uses a common environment and solutions (the cloud, servers, firewalls, antivirus, etc.). The components communicate over familiar protocols such as IP and HTTP. As users and managers, we are used to frequent updates, reboots, and patches to our systems.
OT uses completely different components that are found mainly in industrial environments. These components are usually machinery and PLCs. They often do not have operating systems that are compatible with the current IT systems.
They run firmware. They are programmed differently than conventional computers and communicate over industrial protocols (e.g. Modbus or Profinet) that are not seen on IT networks. Frequent updates, reboots, and patches do not happen. Imagine shutting down a production line or power generation station to reboot a system. It simply isn’t feasible.
Traditionally, IT focused primarily on confidentiality and OT on safety. It is clear that these two systems operate in different ways. Industry experts predict that these systems will continue to converge and the divide between the two systems will need to be bridged within our critical infrastructures as they slowly modernize.
Visibility Challenges in OT Environments
Network visibility is the core of all effective OT and IT security. You can’t protect the assets you don’t know about. This is true no matter what you are producing.
OT environments may face challenges protecting network assets from incoming threats by way of the network infrastructure designed to protect them. These situations require a one-way data transfer between segments or facilities.
Unidirectional, or one-way data flow, is designed to secure OT networks from external threats and maintain business continuity, whilst adhering to:-
- NERC CIP v5 regulations1
- NRC guidelines
- EUR 2865922
Garland Technology has pioneered and produced physical, hardware TAPs with data diode functionality to meet these challenges. Data diode TAPs allow raw data to travel only in one direction.
With the convergence of IT and OT, there have also been requirements for software based TAPs (commonly known as virtual TAPs). Traditionally, virtual TAPs have been produced for the IT market and are either dependent on the Hypervisor used or the operating system. However, these virtual TAPs suffer from the same problem that plagues physical TAPs: the possibility of bi-directional traffic in the network.
Garland Technology’s virtual TAP has been architected with the requirement of visibility and unidirectional only traffic for both OT and IT networks. The GTvTAP software works at the kernel level in the host operating systems (support is for common operating systems, Windows, Linux, and docker). It needs no interaction with a Hypervisor and hence is Hypervisor independent.
The GTvTAP emulates a traditional data diode TAP and mirrors data out of a second physical or virtual NIC. Data is mirrored to monitoring or security tools via a VXLAN. The GTvTAP configures the VXLAN using an arbitrary static ARP, alleviating the need for bidirectional communication to the end tool.
The GTvTAP has been designed with consideration for both OT and IT networks. It’s simple to install and easy to manage. Within moments of loading the software, data will be mirrored in a secure, simplex unidirectional method to a destination, whilst meeting the regulatory requirements/recommendations for OT networks.