Utah's manufacturing sector has been growing steadily, and with that growth comes a cybersecurity challenge that most IT teams weren't trained to handle: securing operational technology.
OT environments, the systems that control physical processes from CNC machines to building management systems to production lines, operate under fundamentally different constraints than IT systems. And they're increasingly connected to IT networks, creating risk that didn't exist a decade ago.
The IT/OT convergence problem
Traditional manufacturing operated on air-gapped networks. The systems controlling the production floor had no connection to the corporate network or the internet. That's changed dramatically.
Modern manufacturing relies on data flowing between OT and IT systems for:
- Real-time production monitoring and analytics
- Predictive maintenance using sensor data
- Supply chain integration and just-in-time inventory
- Remote access for equipment vendors
Each of these connections is a potential attack path from the IT network into the OT environment.
Why OT security is different
IT security professionals often approach OT with the same playbook they use for servers and workstations. That approach fails for several important reasons:
Availability trumps everything. In IT, if a security patch requires a reboot, you schedule a maintenance window. In OT, stopping a production line for a patch can cost tens of thousands of dollars per hour. Many OT systems run 24/7 and can't be patched without a planned shutdown.
Legacy systems are the norm. It's common to find Windows XP or even Windows NT systems running production equipment. These aren't there because someone forgot to upgrade. They're there because the equipment vendor only supports that operating system, and the equipment costs millions to replace.
Different protocols and architectures. OT networks use protocols like Modbus, DNP3, and OPC-UA that most IT security tools don't understand. Standard vulnerability scanners can crash OT devices. Active network scanning in an OT environment can cause physical safety issues.
A practical approach for manufacturers
1. Start with visibility. You can't protect what you can't see. Conduct a passive inventory of your OT network. Don't use active scanning tools designed for IT. Use passive network monitoring to identify devices, protocols, and communication patterns without disrupting operations.
2. Segment IT and OT networks. This is the single highest-impact action. Implement a demilitarized zone (DMZ) between your IT and OT networks. Data can flow through controlled, monitored pathways, but direct access from the corporate network to the production floor should be blocked.
3. Control remote access. Equipment vendors frequently need remote access for maintenance. Don't give them VPN credentials that provide broad network access. Use jump servers with session recording, time-limited access, and multi-factor authentication.
4. Build an OT-specific incident response plan. Your IT incident response plan probably says "isolate the affected system." In OT, isolating a system might shut down a production line or create a safety hazard. OT incident response requires collaboration between IT security, plant operations, and safety teams.
5. Train your teams on both sides. OT engineers need to understand cyber risk. IT security teams need to understand operational constraints. The organizations that handle OT security well are the ones where both teams communicate regularly and respect each other's priorities.
The regulatory landscape
If you're a manufacturer in the defense supply chain, CMMC compliance requirements will increasingly drive OT security investment. Even if you're not in the defense sector, insurance carriers are asking more questions about OT security as part of cyber insurance underwriting.
The organizations investing in OT security now are building a competitive advantage, both in risk reduction and in their ability to win contracts that require security maturity.