Testing Security Mechanisms with IT/OT Scenarios
Testing IT security systems is a mature, well-defined field. There are best practices, procedures and a plethora of tips and information that can help IT teams inexperienced in testing security systems to hit the ground running. Testing industrial networks, AKA OT (operational technology), is a new frontier with very little information and past data to learn from.
Moreover, the lessons learned from testing IT networks cannot be transferred to the operations floor. IT systems are constantly updated, while industrial networks are often running decades-old tools. IT systems can be shut-down for testing and updates; the operations floor runs 24/7/365. Finally, the stakes in operations networks are much higher as they control physical systems that require stable values such as temperatures.
In this whitepaper, OTORIO lays out the process for testing operational technology security networks, the available tools, the tool we chose to work with, how it can be used to test real-life scenarios and how to assess operational network testing results.