This Tenable white paper, published in December 2020, discusses the need to update the current operational technology (OT) security paradigm. Some organizations wanting to be more efficient and cost-conscious buy into IT-OT convergence, while others deploy Industry 4.0 or IoT technology. These two initiatives yield massive benefits but can also open the door to new risks. A newer form of security takes both the network and both IT & OT devices—together—into account. This is called attack vectoring, which redefines how one can address attacks by identifying the high-risk pathways an attack may take if it were introduced to the OT environment. An important aspect to attack vectoring is running simulations that can best determine weak points and where security interventions will be needed before an attack is launched.
Key words: data networking security controls/systems, cybersecurity/privacy, large building controls/automation, installation equipment/diagnostics, operational technology