Effectively integrating physical security technology into the operational technology domain

Abstract

The operational technology (OT) domain has historically been an area of sensitivity primarily within the industrial (manufacturing, petrochemical, medical) and critical infrastructure (power, water, utility, data, telecommunication) markets. Recent compromises of OT have expanded the exposure to loss from this domain into more core corporate markets, including pharmaceutical, technology, logistics/supply chain, software, banking/finance, retail, warehouse/distribution and commercial office. This paper promotes a holistic countermeasure implementation programme must be put in place and be managed as a core competency within the overall cyber security posture of an organisation in order to effectively mitigate threats to this domain. It advises how physical security controls must be a priority within this posture to effectively control access to the on-site assets that manage OT. The control strategy put forward in this paper introduces two key attributes. The first is to apply physical security controls to protect OT, which may require an expansion of the locations at a site where these controls are deployed. The second is to treat physical security assets as OT so they fall under the same level of network segmentation, threat management, version control and access management as core OT assets.