Does the term OT contribute to the lack of security in Level 0,1 devices

Oct. 6, 2017

The term OT does not address the Level 0,1 devices and may be contributing to the lack of security considerations in these devices. 

Gartner defines the term Operational Technology (OT) as hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise. Gartner defines enterprise applications as those designed to integrate computer systems that run all phases of an enterprise’s operations to facilitate cooperation and coordination of work across the enterprise. The intent is to integrate core business processes (e.g., sales, accounting, finance, human resources, inventory and manufacturing). Effectively, OT represents the collection of systems, control and instrumentation equipment, and networks specifically designed to maintain physical process-based operations. OT provides a supporting role for managing computing resources for ICS. However, Level 0,1 devices (e.g., process sensors, actuators, and drives) directly monitor and control physical processes in operational facilities independent of networks and may not be integrated such as those Level 0,1 devices used in safety systems. Consequently, Level 0,1 devices have been considered engineering systems, have no security requirements, and have not been considered part of the enterprise for security considerations. As a result, ISA99 is starting a new working group to address the cyber security of Level 0,1 devices. Please let me know if you would interested in participating in the new ISA working group – [email protected].

Joe Weiss