IT vs ICS
Today’s technology is defined by two terms, information technology (IT) and operational technology (OT). IT is the use of hardware and software to create, store, transmit and retrieve data; it typically includes computers that can act as a server or client, networking devices that are used for routing the traffic, virtual software to reduce the need for hardware and applications to provide a front end to the client to perform various tasks.
Learn ICS/SCADA Security
On the other hand, OT is the use of hardware and software to detect, monitor or control the physical devices, processes, and events in an enterprise. OT is used primarily used in Industrial Control Systems (ICS) for manufacturing and automation.
Companies using both IT and OT often fail to securely integrate them. In this article, we will have a look at how IT, which is a subsection of information systems, and ICS, which is a subsection of OT, are different from each other.
The differences between ICS and IT
1. Security objective
IT is more data-centric, where the key requirement is Confidentiality, Integrity and Availability (CIA). On the other hand, ICS is more concerned with Availability and Integrity. Confidentiality is the lowest priority.
Let’s consider an example for the above points:
Imagine an internet banking facility provided by a bank. It’s important to have confidentiality and integrity in net banking. An adversary sniffing or modifying the net banking traffic is a problem, but even if net banking is not available for a few minutes, loss is minimal.
Now, let’s imagine a power grid. Availability is the power grid’s key requirement, as a disruption in the power supply can have a huge impact on the entire grid’s consumers. Power disruption may directly impact IT operations as well, as IT uses electricity. It’s important to note that ICS safety is a constant requirement along with CIA.
2. Network topology
IT environments are large, with a number of devices and servers. These servers are segregated based on the importance and need. The environment is dynamic, with IP being allocated from the DHCP server. In contrast, ICS setup is comparatively small, with a limited number of assets and mostly static IP addresses. Dynamic IP addresses may hamper operations.
3. Physical component
IT systems primarily consist of servers, network devices and workstations. These components are often protected by firewalls, antiviruses, IPS and web application firewalls.
ICS, on the other hand, has proprietary products. Other than desktop and servers, the rest of the platforms are embedded and vendor-specific. There are limited security products available for ICS networks.
The lifetime of IT and ICS components varies. IT component life may range from three to five years, but ICS component life ranges from 15 to 20+ years.
4. Patch management
IT and ICS have different patch management processes. IT has patch management control where the patches are pushed as they are released. On the other hand, ICS patches are released on time, but due to a lack of operational downtime the patches are rarely applied. Consequently, ICS software is obsolete and critically vulnerable to attack.
5. Encryption and authentication
Encryption is commonly used in IT setups to protect sensitive data passing over the network. Similarly, authentication is required in IT to provide access to resources. Authentication and encryption are required in applications like net banking, email or any other entities who share and manage sensitive data.
Authentication and encryption aren’t priorities for ICS, despite their overall security benefits. In fact, implementing authentication and encryption processes often increases equipment overhead costs and slows operations.
6. Security testing
IT security testing is different from ICS security testing. Applying IT testing methodology on ICS may crash fragile ICS setups. Simply running an Nmap scan with various options like service and OS fingerprinting, script-based vulnerability detection, full port TCP and UDP scan, or Nessus scan can crash a simple PLC, hampering plant operations.
7. Environmental factors
Assets related to IT are hosted in a data center where environmental factors like temperature, humidity and cleanliness are controlled. These facilities have an automatic backup and human support staff.
ICS setups may be distributed across different locations. The components of the setup are exposed to temperature, pressure and humidity extremes and fluctuations.
Summary
To summarize the difference between IT and ICS:
Integrity
AvailabilitySafety
Integrity
ConfidentialityConclusion
IT and OT seem similar but are not the same. IT and OT are set up, used and controlled differently but often converge. What works for one might harm the other, so security measures are also different for IT and OT.
Understanding these differences is key to keeping these systems secure and avoiding conflict between IT and ICS administrators.
Learn ICS/SCADA Security
Sources
Learn ICS/SCADA Security
Build your critical infrastructure security skills with hands-on training in Infosec Skills. Train how you learn best:- Practice realistic scenarios
- Build hands-on skills
- Learn live or on-demand
- Get certified
In this Series
- IT vs ICS
- Securing operational technology: Safeguard infrastructure from cyberattack
- Operation technology sees rise in targeted remote access Trojans and ransomware
- Vehicle hacking: A history of connected car vulnerabilities and exploits
- Operational technology compromises: Low sophistication, high-frequency
- ICS/SCADA threats and threat actors
- Incident response and recovery best practices for industrial control systems
- BPCS & SIS
- Security Technologies for ICS/SCADA environments
- Data Loss Protection (DLP) for ICS/SCADA
- ICS/SCADA Wireless Attacks
- Security controls for ICS/SCADA environments
- SCADA & security of critical infrastructures [updated 2020]
- CIP (Common Industrial Protocol): CIP messages, device types, implementation and security in CIP
- Open vs proprietary protocols
- Critical security concerns facing the energy & utility industry
- ICS/SCADA Social Engineering Attacks
- ICS/SCADA Malware Threats
- Biggest threats to ICS/SCADA systems
- SIEM for ICS/SCADA environments
- Intrusion Detection and Prevention for ICS/SCADA Environments
- Firewalls for ICS/SCADA environments
- ICS/SCADA Security Technologies and Tools
- The state of threats to electric entities: 4 key findings from the 2020 Dragos report
- Modbus, DNP3 and HART
- RS-232 and RS-485
- BACnet
- TASE 2.0 and ICCP
- FOUNDATION Fieldbus
- Account Management Concepts for ICS/SCADA environments
- PROFIBUS and PROFINET
- ICS Strengths and Weaknesses (from security perspective)
- Access Control Implementation in ICS
- ICS Components
- Access Control Models for ICS/SCADA environments
- ICS/SCADA Security Specialist/Technician Role
- Credential Management and Enforcement for ICS/SCADA environments
- Process control network (PCN) evolution
- ICS protocols
- Saving lives with ICS and critical infrastructure security
- ICS/SCADA Access Controls
- Types of ICS
- Physical security for ICS/SCADA environments
- Introduction to SCADA security
- ICS/SCADA security overview
- Who Is Targeting Industrial Facilities and ICS Equipment, and How?
- Configuration of Anti-Virus and Anti-Malware Software within an ICS Environment
- MyPublicWiFi – A Windows Utility to manage ICS
- Situational awareness and ICS Using GRASS MARLIN
- Cyber risks for Industrial environments continue to increase
- Advice to a New SCADA Engineer
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Critical infrastructure
Securing operational technology: Safeguard infrastructure from cyberattack
Critical infrastructure
Operation technology sees rise in targeted remote access Trojans and ransomware
Critical infrastructure
Vehicle hacking: A history of connected car vulnerabilities and exploits
Critical infrastructure
Operational technology compromises: Low sophistication, high-frequency