Whilst people often refer to the utilities sector as a “Critical Infrastructure”, the transport and logistics industry should be considered equally as vital. A country’s economy demands the rapid delivery of goods to manufacturers, retailers and consumers.

A significant supply chain disruption can impact the entire global economy.

Transport and logistics companies are constantly competing to deliver goods faster and cheaper. Some firms are finding a competitive advantage through the convergence of their IT and OT environments.

Within IT environments, speed and security have generally been the mainstay considerations. Conversely, on the OT side, the primary drivers have been safety and 100% availability.

OT protocols and devices are normally not reliant on a high speed/bandwidth network and security was never a concern, as historically OT was always an isolated environment.

Cybercriminals are now actively exploiting the vulnerabilities created by the IT/OT convergence.

This has led to cyberattacks on transportation and logistics operations of every type: from air, rail and sea to warehousing, airports and everything in between.

Given the primary driver of the OT environment is non-interrupted availability, rather than security, this environment has become the primary target. Once the OT controls for physical equipment are converged with IT computers and networks, the air gap that separated the systems (and protected OT environments) is gone.

Research shows that malware and cyberattacks will almost certainly be designed to target and penetrate this expanded digital attack surface, resulting in an increasing number of breaches.

There are numerous compelling reasons why OT networks are prized targets for some cybercriminals.

In traditional IT environments, it’s “personal data” that criminals often seek. Even though OT systems don’t possess this type of information, impacting a critical infrastructure system still has huge appeal for state sponsored and commercial gain cybercriminals.

Agendas for OT attacks can extend to holding a critical system hostage, manipulating stock prices, or even operating as a competitive agent.

Given the potential risks, companies are proactively implementing sophisticated, non-disruptive security solutions for their OT environments.

These solutions are generally reliant on obtaining visibility into the OT network data and devices for functions such as asset/vulnerability discovery, threat detection and response. Access to this data, whilst recognised as a requirement, is alarmingly often overlooked during the security tool selection and planning stages. Unfortunately, without secure, non-disruptive access to the data, security tools cannot properly protect the network.

An OT environment is typically a dated infrastructure of legacy systems, applications, network switches and aging HMI (human-machine interface) devices that have not been consistently patched or updated through the years. Often the aged network switches have no SPAN/Mirror facility to mirror packets, or there are serious concerns regarding port availability and switch utilisation capacity.



Also, questions quickly arise regarding the disruption of an operational network and the impact of reconfiguring switches that may not have been touched since they were installed many years prior. When opening a switch port, there’s a potential vulnerability created as bi-directional traffic flow can inadvertently provide backdoor access into the OT network.

Garland Technology’s network TAPs with data diode monitoring offer a means of obtaining network data, without disrupting the current configuration. Engineered to exclusively allow uni-directional traffic flow, data diode TAPs guarantee that a backdoor security vulnerability isn’t introduced.

In order to obtain complete visibility, data acquisition is required from many locations within the OT network. Often, this will mean that physical connections are of different media types (fibre, copper etc.) and these need to be aggregated together and provided to the security tools in the format they require.

Garland Technology offers multiple media conversion options within our portfolio of network TAPs.

Aggregation of the mirrored data is provided through the use of one or more network packet brokers. Whilst frequently used in IT environments, advanced network packet broker features such as packet slicing, decryption and deduplication are generally not needed for OT. These features are compute-intensive and therefore create increased platform costs.

Garland Technology has developed a unique line up of network packet brokers that fit any environment. This includes simple-to-deploy aggregators ideal for OT environments, all the way up to higher end network packet brokers commonly deployed in enterprise IT environments.

Data acquisition (OT network visibility) is a vital component of the OT security stack. It should be considered early and often in the security tool evaluation process.

Indeed, TAPs and network packet brokers are incredibly useful assets in the security tool evaluation process. Data from strategic locations can be collected and then delivered to multiple security tools simultaneously as part of a proof of concept.

When looking to enhance or add security within your OT environment, reach out to us for assistance. Garland Technology is an expert in OT network visibility. Together with our tech partners, we’re available to assist you with current and upcoming security projects.