0
Enter search by name or keyword
Contact your local office
Enter search by name or keyword
home About Us Podcast Episode 25

The Critical Lowdown Podcast Episode 25

Unpacking the Challenges of Network Security in IT and OT Environments


Cyber Attacks on critical infrastructure have been on the rise for the last decade, accelerated in recent years by the covid-19 pandemic and the war in Ukraine. In 2021, approximately 90 percent of manufacturing organizations had their production or energy supply hit by some form of cyberattack.

Amid this backdrop, one of the biggest mysteries is this: how to safeguard the giant technologies at these interfaces from relentless cyber threats? It's no longer enough to have a moat around your servers — the proverbial castle approach. The barbarians, as cyber criminals are often depicted, are not just at the gates; they're already inside the castle, seeking a moment of distraction to launch their assault.

Our Director of Sales for EMEA, John Lynch, sat down with Chris Bihary, CEO and CO-Founder of Garland Technology, an industry leader of IT and OT network solutions for enterprise, critical infrastructures, and government agencies worldwide.

Subscribe to The Critical Lowdown from EPS Global wherever you get your podcasts:

Apple
Spotify
Google
ximalaya
Chris Bihary

Chris Bihary
CEO and Co-Founder, Garland Technology

Chris Bihary, CEO and Co-founder of Garland Technology, has been in the network performance industry for over 20 years. Bihary has established collaborative partnerships with technology companies to complement product performance and security through the integration of network TAP visibility.

 

John K Lynch

John Lynch
Director Sales, EMEA, EPS Global

John Lynch is the Director of Sales for EMEA Networking for EPS Global. He serves on its Board of Directors and been with the Company since its inception in 1999. John has managed the growth of the EMEA Networking business over the last 15 years. Prior to joining EPS, John worked in a technical role for IBM supporting their Spanish market out of their Dublin office. John has a BA in Politics and Spanish from University College Dublin and a Diploma in Financial Management from the Dublin Business School.

If you have any questions about or need advice or tech support for your upcoming project, don’t hesitate to get in touch. Or check out our Service Provider Solutions here.


Transcript of Podcast

John: I'm really looking forward to this conversation. As you know, Chris, at EPS, we run a traditional value-added distribution business and have been partners of Garland for the last five and a half years. Alongside our distribution business, we also run one of the largest chip programming and tape and reeling value-added services businesses. We serve most of the largest electronic manufacturing companies in the world from secure programming centers that we've set up in Mexico, the US, all across Europe, Malaysia, India and China to name a few. So we have two different businesses with two different IT environments. With modern cybersecurity, these two areas that were traditionally separate have now converged. I’d like to talk to you today about how Garland is at the forefront of these challenges? Can I start by asking: what does it mean when we refer to the IT environment and the OT environment?

Chris: Thanks John it's great to be on your podcast today. I'm Chris Bihary, the CEO co-founder of Garland Technology, we've been working with EPS Global for over five years.

The ‘IT’ and ‘OT’ are distinctions we talk a lot about. The simple way I like to describe the differences is that IT is generally very sophisticated, clean data centers. You walk into a banking customer and see a pristine data center: power, cooling, all your racks. It's all about the data so obviously that's the most important thing. You could have a theft of data and lose money occurring on the IT side, but it's totally different than OT. With OT, we're talking about critical environments that can be life or death situations. Somes examples: a breach where air conditioning units in facilities are shut down; when we're dealing with cranes at a port; a breach of a water system where toxins are put in. Obviously, IT and OT are very important to secure, but in the IT world, it's a financial risk. You may lose IP, but OT is a different scenario because it can be life and death.

John: In your opinion, what's the single most important element to secure a network, regardless of the size or the scale of that network?

Chris: From my past experience, I've done some work in 911 centers and securing OT environments, doing a lot in IT from financials to SaaS. I really look at the basics. Garland Technology as a company is in the infrastructure side, we're in the foundation. What happens on the network, you have two devices communicating, you have packets flowing on your network. If we wanted to analyze our conversation, we would want to repeat everything I say and everything you say and get a copy of that. So regardless of IT or OT, I always like to go back to the simplest thing - the packet, meaning that if you have access to the traffic that flows on your network, there's a lot that you can do. If companies had unlimited budget and they had the ability to copy every single packet that ever flowed on their network and stored it and had access to that, think about the power. You can literally see every single thing that occurred. If there was a breach, you could look back and see what happened. If you have the security tools you can review the data and immediately find out why it occurred. So to me, in order to be able to go back and analyze effectively, you really want to have access to the packets and the traffic on your network. Our company's tagline is "see every bit byte and packet." We always say that the truth is in the packet.

John: We've known Chris for years, working in various sectors such as managed Service Providers, finance, government, military, and healthcare. Which industry would you say is experiencing the fastest rate of change in this area?

Chris: In the OT sector, there's a tremendous need for security. This could be manufacturing, utilities, in Europe, in the US. A lot of regulations are coming into effect and timeframes are being set for when certain security specifications must be met.

One of the things that's moving really fast is the need for these OT industries to quickly deploy asset management, security, and intrusion detection systems. However, many of these environments are challenging because the IT and network security isn’t necessarily the priority when a new manufacturing facility is being set up. The focus tends to be on productivity, margins, and safety. Network and security are often afterthoughts.

As a network engineer on the IT side, you're usually given a detailed network diagram and have the racks laid out. But in many manufacturing and utility sectors, that documentation isn't generally available. For example, we were working with a manufacturing company that had a couple of hundred sites, and every site had different routers, switches, and equipment. So, when there's a need to do something quickly, it becomes a real challenge to deploy.

The current situation is intriguing as it unfolds rapidly; however, it presents various challenges when individuals venture into the field to commence installations. They realize that each site might require different equipment, making the process more difficult. While it's acceptable to use 100BASE-FX or 100BASE-LX if you're making money and the production lines are operational, connecting to these environments can be particularly challenging. I see very quick growth in these segments to deploy network security, but I also see that once they make a commitment, they find that there's a lot of challenges with the deployments.

John: In dealing with various industry sectors, have you noticed a common challenge that network personnel frequently express? Is there a recurring urgent request?

Chris: Yes. Often, the urgency lies in the substantial time and effort companies invest in selecting vendors for their security solutions. After purchasing the equipment, deployment becomes a significant challenge. This is particularly true on the OT side.

For instance, I worked with an insurance company a few years ago that purchased new intrusion prevention systems. They wanted to deploy them in-line but didn't realize that they were migrating from 1G to 10G. They lacked the appropriate tapping infrastructure - bypass tap. Consequently, the equipment they invested in started collecting dust because they couldn't physically deploy it.

This issue is increasingly common in the OT side. We've worked with utilities where security tools are left unused in boxes, collecting dust. This is often because they didn't realize that some sites have unmanaged switches, or there's no way to connect it to the network. In many environments, the equipment is managed by providers like ABB, Honeywell, Schneider Electric. The Director of Security’s job is to ensure the security of their locations, but if their equipment is managed by a third party it can become a significant problem.

This is where we introduce wiretapping technology. We bring in a non-intrusive device that you plug between a PLC (Programmable Logic Controllers) and a switch, or a switch and a router. We disconnect the cable and connect to the wiretap, then take another cable. If you have a PLC, you connect it to the tap, and then the TAP to the switch. This creates a passive connection where traffic flows, but the wiretap, if powered, starts copying all the packets from that segment. This allows you to access packet-level data and deploy your security and monitoring tools.

The urgency is often, "I spent all this money, and now I have a problem." Budget issues often arise because Network TAPs, data diodes, or aggregators weren't considered in the initial budget. This can become messy, especially if you have numerous sites with different equipment and poor documentation. The urgency is there, but you have to figure out ways to properly instrument your network to connect them.

John: We're discussing the two different environments, IT and OT. In your opinion, which environment is more difficult to secure?

Chris: I would say OT provides more challenges because IT is a cleaner environment, generally, you're dealing with data centers. When you move into utilities or manufacturing, you're dealing with utilities at substations, facing environmental challenges. You're also dealing with a lot of older technology.

For example, several years ago, I was working with a company, CyberX, which was later bought by Microsoft. They were doing a deployment for the Super Bowl to protect the water intake and outtake. They were deploying their sensors on several connections. When they arrived a week before, they realized that many of the water treatment facilities were in a ring topology. Two issues arose. One, they weren't sure how to access the packets to connect their sensor. The other challenge was dealing with 100BaseFX.

Many people might not even know what that is. Try to find a network interface card for your computer that will accept traffic coming in 100BaseFX. You're not going to find it. Several years ago, we designed a passive tab that can go into 100BaseFX LX, and it'll convert out to standard one gate copper. We received a panic call, overnighted some TAPs to them, and they got everything connected. Everything ended up working out fine.

But again, all these unique challenges of needing DIN rails, DC power, dealing with higher ranges of temperature. We were working with a manufacturer that was doing cabinets and wanted to do some monitoring near some heated machines. We recently did some work in some nuclear plants and the regulation you have to go through is much more challenging. People had to come to our manufacturing facility and certify the process and see how products are built. There's just a lot more going on. The rigor sometimes that you have to go through is much more challenging than in IT, where everyone knows the standards. Generally, it's going to be in a regulated environment. Everything's going to be in place in terms of your generators, your UPSs, your cooling.

There are just a lot of things that are different, like wiring challenges. If you go on an oil rig, just trying to get wiring installed is very expensive. Often in IT, we can centralize monitoring. However, in some OT environments, it may be necessary to deploy sensors in multiple locations where wiring everything up is not feasible. This field is constantly evolving and presents unique challenges.


Glossary of Terms

  • Network TAPs: Hardware tools that allow you to access and monitor your network traffic by copying data packets and sending them to monitoring devices for analysis.
  • OT Environment: Stands for Operational Technology environment. It refers to the hardware and software used to change, monitor or control physical devices, processes, and events in the enterprise.
  • IT Environment: Refers to the composite of hardware, software, network resources, and services required for the existence, operation, and management of an enterprise IT infrastructure.
  • Cybersecurity: The practice of protecting systems, networks, and programs from digital attacks.
  • Packet: A small amount of data sent over a network, such as a LAN or the Internet. Similar to a real-life package, each packet includes a source and destination as well as the content (or data) being transferred.
  • Network Interface Card: A hardware component that connects a computer to a network.
  • Zero Trust Frameworks: A security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
  • Inline Blocking Devices: Security devices that are placed directly in the flow of network traffic and have the ability to stop, divert or alter traffic.
  • Out-of-band Devices: Security devices that operate separately from the main network data path and are used for network management and security tasks.
  • Bypass TAP: A network TAP that can redirect network traffic in the event of a device failure, ensuring network availability even during device maintenance or downtime.
  • Wiretapping Technology: A method of monitoring and recording communication passing over a network, often used for security and surveillance purposes.
  • Data Diodes: A network appliance or device that allows data to travel in only one direction, used in guaranteeing the flow of information in one direction only, ensuring network segment isolation.
  • Aggregators: Devices that combine several network connections into a single channel, increasing bandwidth and redundancy.
  • Intrusion Prevention Systems (IPS): Network security appliances that monitor network and/or system activities for malicious activity and can prevent or block such activities.
  • Denial of Service (DDoS) Solution: A security solution designed to protect networks or servers from denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks, where the servers are overloaded with requests, causing them to slow down or crash.
  • Network Detection Response (NDR): A security solution that uses artificial intelligence (AI) to detect and respond to threats across the network.
  • Firewall: A network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies.
  • Network Uptime: The time during which a network is operational and available to users.
  • Packet-level Data: Detailed information about each individual packet that travels over a network, including its source, destination, and the data it contains.
  • Managed Service Providers (MSPs): Companies that remotely manage a customer's IT infrastructure and/or end-user systems, typically on a proactive basis and under a subscription model.

 

Need Help?

We have local language and currency support in each of our 28 locations, ensuring you always have access to friendly customer support to deliver your hardware solutions regardless of your location.

Find your nearest eps global office

EMEA  
North America  
South America  
Asia