Separate OT Networks: The Future of Smart Building Security?

A canal divides two parts of a city.
Because OT devices have limited, specific, and predictable needs for Internet access, separation means OT networks can be aggressively firewalled, or even isolated entirely.

With the proliferation of smart devices in buildings around the world, cybersecurity is the concern of the day. There are many potent examples of smart buildings’ triumphs and follies: Target and Home Depot shocked the world with breaches a few years ago; universities, hotels, and others have followed suit. Growth in IoT can only mean increased security risks — right?

The problem isn’t always with smart devices themselves. While there are factory default passwords that often don’t get changed, many smart devices in buildings aren’t being secured the way they ought to be. Operational technology (OT) — including HVAC, lighting, and security — is regularly managed by IT departments alongside computers and phones. This is referred to as convergence, and it’s been seen as the simpler, cheaper approach to building management.

Convergence makes sense for devices with similar characteristics and management needs. This becomes difficult, though, as more OT devices are added to the building networks. Reports show that over 28 billion connected devices will be installed globally by the end of 2025. It’s harder for IT departments to manage hundreds of smart OT devices — which often don’t support traditional IT security methods — at this massive scale. OT devices have characteristic differences in management, Internet access, and update frequency. With OT devices left unsecured and connected to the IT network, hackers can target HVAC, lighting, and the like to reach IT devices and their data.

Of course, OT network security breaches are serious on their own; one Austrian hotel had to pay a ransom after hackers disabled all the doors that were accessible by electronic key cards, for example. Still, backdoor access through OT to supposedly secure data is seriously unsettling. What will hackers find, if they make their way into businesses’, universities’, or even governments’ IT networks? As hackers advance their techniques, it’s important to advance our defenses. Unfortunately, converged networks are an easy opportunity for criminal hackers.

Because OT devices have limited, specific, and predictable needs for Internet access, separation means OT networks can be aggressively firewalled, or even isolated entirely. The limited connection between IT and OT makes the OT network a less appealing target for hackers and mitigates attacks on IT. If the interconnection is necessary, it can be reduced to a single point and monitored closely for any signs of attack; this single point of connection can also be quickly and easily cut off in emergencies.

It’s not enough to only separate your IT and OT networks. If your OT network is not protected, hackers can still take your device systems hostage and demand a ransom. Disabling security systems can allow criminals to enter your building without physical detection. For a truly impenetrable system, you need to secure both networks properly. Intrusion detection monitoring, locked and disabled ports, and regular monitoring and auditing of the network; all help to ensure the building is running as it should, and the network is not vulnerable to outside interference.

Controlco and Optigo Networks are both advocates of separate OT networks. As smart buildings become increasingly common, separation is a best practice that cannot be ignored. We’re joining forces to advance the separation of OT networks, with a new primary distribution partnership of Optigo Connect.

Optigo’s suite of hardware products, Optigo Connect, offers easy-to-manage switches available with secure networks and a fraction of traditional infrastructure requirements. This partnership with Controlco makes these packages widely available in North America, with support from a leading operational technology distributor. This partnership makes integrating Optigo Connect and separating networks easier and more affordable.

Smart buildings are the future of where we work, play, and live. As we modernize our spaces, we must also modernize how we manage them.

Visit Controlco to buy Optigo Connect and keep your building secure. Watch our webinar on OT networks and this new primary distribution partnership.

This article was originally published on Automated Buildings.

Share This Post

Don't want to wait?

Sign up now to get posts delivered right to your inbox the moment they go live.

An overhead photograph of a solar farm in an urban setting, possibly a parking lot.

How OT Networks Drive Decarbonization and Energy Efficiency

Energy efficiency is at the heart of many organizations’ policies to address their overall carbon footprints. For facilities operators, campus managers, and their vendors, the drive to decarbonize falls under their purview. Let’s look at what exactly decarbonization is, what impacts this policy has on OT networks, and some of the ways facilities and systems integrators have begun to tackle the problem.

Read More »
A photograph of a blue pad lock on top of an open laptop

Is BACnet/SC the Key to Securing OT Networks?

The success of BACnet/SC will depend on how widely it is adopted and how well it integrates with other security technologies. That said, with the right implementation strategies, and a focus on maintaining flexibility and interoperability, BACnet/SC has the potential to play a central role in securing OT networks against future threats.

Read More »