Skip to content Skip to navigation Skip to footer

Cybersecurity for Operational Technology

The convergence of operational technology (OT) and information technology (IT) networks impacts the security of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. By designing security into complex infrastructure via the OT-Aware Fortinet Security Fabric, OT organizations have an efficient, non-disruptive way to ensure that the OT environment is protected and compliant.

scada ics ot report

2023 The State of Operational Technology and Cybersecurity

Protecting OT systems is now more critical than ever as more organizations connect their OT environments to the internet. Although IT/OT convergence has many benefits, it is being hampered and handicapped by advanced and destructive cyberthreats. The spillover of these attacks is increasingly targeted at OT environments.

Learn More

Fortinet Security Fabric for OT Environments

The Fortinet Security Fabric seamlessly enables security for converged IT/OT ecosystems. It provides OT-centric features and products to extend Security-Fabric capabilities to OT networks. To alleviate security risks across the organization, Fortinet has enhanced the OT security offerings. The innovations range from edge products to NOC/SOC tools and services to ensure efficient performance.

Watch Now
power utilities solution

A Solution Guide to Operational Technology Cybersecurity

With the acceleration of Digital Transformation (DX), it has become critical for organizations to understand the similarities and differences between IT and OT networks. The Fortinet Security Fabric protects the digital attack surface of OT and IT networks. Deploying the Fabric provides visibility, integration, automation, and resilience in your security environment.

Learn More

Challenges

Lack of Effective Security

Most industrial control systems lack security by design and are sensitive to change.

Expanding Attack Surface

The attack surface for cyber-physical assets is expanding as air-gap protection is diminishing.

IT-OT Networks

Digital transformation (Industry 4.0) initiatives are driving IT-OT network convergence.

Increasing Connectivity 

Technologies such as 5G, loT, and cloud add complexity and must be secured.

Expanding Secure Remote Access

Remote access requirements for third parties and employees cause additional risks.

Growing Skills Gap Risks

Asset owners' reliance on OEMs and Sls exposes critical systems to additional risks.

Fortinet's ICS/SCADA Solution

Protecting the cloud and external zones, including Internet, Cloud, and VPN. These zones are protected with Cloud Firewall, VPN gateway, Single Sign-On, and Multi-factor authentication

The Purdue Model

Fortinet uses the Purdue Model as a reference network architecture to differentiate between IT and OT solutions.  Fortunately, for customers seeking vendor consolidation and IT/OT convergence, the Fortinet IT Security Fabric and the Fortinet OT-Aware Security Fabric enable seamless network and security operations between both IT and OT.  Below is a breakdown of the Fortinet products and services that protect both IT and OT.

Protecting the cloud and external zones, including Internet, Cloud, and VPN. These zones are protected with Cloud Firewall, VPN gateway, Single Sign-On, and Multi-factor authentication

Cloud & External Zones

The Internet/WAN Zone delivers access to cloud-based services for compute and analytics to support ERP and MRP systems for an operational environment. For strong authentication, two-factor authentication and VPN tunnels are used to verify identity and keep data private.

Protecting the business and enterprise zones, which includes IT and converged IT and OT, the enterprise network (corporate systems and networks), and business planning and logistics (site systems and networks). These zones are protected by technologies including sandbox, deception, SIEM, SOAR, secure SD-WAN, privileged access management, web application firewall, and fabric-ready partners

Business & Enterprise Zones

The enterprise zone typically sits at the corporate level and spans multiple facilities, locations, or plants where the business systems work to perform operational tasks and includes an IT network and security operations center (IT NOC/SOC).

Between the enterprise and site operations zones is the Converged IT & OT zone, what is known as the Demilitarized Zone (DMZ). The DMZ allows the organization to securely connect networks with different security requirements. Security protection includes authentication and business segmentation to provide visibility, control and situational awareness to manage against known and unknown threats. Verify who and what is on the network, and provide role-based access control for users, devices, applications, and protocols. Address unknown threats with sandboxing and deception detection as well as provide industrial security information to the NOC/SOC.

Protecting the operations and control zones, which includes simulation, engineering, and testing. These zones are protected with segmentation firewall, network access control, centralized reporting, and centralized policy

Operations & Control Zones

Site Operations enables the centralized control and monitoring of all the systems that run the processes in a facility. This is where OT systems share data with IT systems. FortiGate next-generation firewall appliances are frequently deployed here for top-rated protection and segmentation, providing visibility and control.

Process Control Zones include area supervisory control (HMIs, historians), basic control (PLCs, RTUs, IEDs), and process (actuators, sensors). These zones are protected by technologies including transparent firewall, application control, intrusion prevention, endpoint detection and response, secure network switch, secure wi-fi access point, secure wireless extender, and zero trust network access.

Process Control Zones

The Industrial Zone is where the production takes place. This zone includes digital control elements like PLCs and RTUs that convert IP communication to serial commands, including additional networks such as networks to support IoT devices. Fortinet products in this zone include: FortiGate, FortiSwitch, and FortiAP.

Case Studies

With Fortinet, our team’s efforts can go further since we can automate many things. That means we can maintain the same team while providing much greater support to our educational community.”
- Humberto Vidal, IT Coordinator, FIEB
Our experience with the FortiGate Next-Generation Firewalls [NGFWs] has been great, and we were impressed by the level of integration enabled by the broader Fortinet Security Fabric, as well as Fortinet’s competitive pricing. Importantly, Fortinet could also provide the level of security required to access federal government and state funding and deliver against the NIST [National Institute of Standards and Technology] Cybersecurity Framework.”
- Eric Scholl, Chief Security Officer, GASD
Because of the amount of devices Fortinet looks at every single day, we get a fairly up-to-date snapshot of threats and [are] able to update our platform almost immediately. So having the FortiAnalyzer, and then actually looking at that threat landscape through the monitors, is amazing and our customer base loves it.”
- Dave Cahoon, Chief Technology Officer, Red Bison Technology Group
The company benefits from secure remote access to its rigs and complete visibility of all associated OT systems. With logging and indicators of compromise (IOC) fully integrated with the customer’s SOC, its internal security team is much better equipped to identify and mitigate threats.
- , Maritime Drilling Rig Operator
Now, network and security are in one place, one piece. You can't have one without the other.”
- Tri Nguyen, Director of IT, Waukesha-Pearce Industries
Our goal is to help our customers manage business risk and enhance value. Fortinet has played a key part in modernizing our OT network infrastructure and security posture.”
- Tarun Patel, Product Director, Oxford Properties Group

Related Products

Cybersecurity, everywhere you need it

Take a Tour

Take a self-guided tour to experience how the Fortinet Security Fabric addresses the cybersecurity challenges in Operational Technology.

Learn More

Resources

Analyst Reports
White Papers
Solution Briefs
eBooks
Checklists
Videos
Reference Guide
How to Use NERC-CIP: An Overview of the Standards and Their Deployment with Fortinet
How to Use NERC-CIP: An Overview of the Standards and Their Deployment with Fortinet »

This paper is a unique review of a few key products and how those products align with existing CIP regulation requirements. This paper also takes a look at how those products might aid an organization in the process of maintaining compliance and explores the product features that will help defend the organization’s program during an audit.

Effective ICS Cybersecurity: Using the IEC 62443 Standard
Effective ICS Cybersecurity: Using the IEC 62443 Standard »

IEC 62443 is a set of Industrial Control System (ICS) security standards written by ICS experts for ICS owners, manufacturers and integrators across a range of applications and sectors. Evaluating assigned security levels within identified security zones and conduits against functional and system requirements provides a cohesive approach to security. Fortinet teamed with the SANS Institute to review the standard and the needs from technology that support implementation. With guidance from IEC 62443 and implementation of Fortinet’s solutions, you can address the security of an ICS strategically.

2022 State of Operational Technology and Cybersecurity Report
2022 State of Operational Technology and Cybersecurity Report »

The 2022 State of Operational Technology and Cybersecurity Report, now in its fourth annual iteration, finds that organizations are still moving too slowly toward full protection of their operational technology (OT) assets.

Cybersecurity in Water Management Facilities
Cybersecurity in Water Management Facilities »

Fortinet surveyed water utility leaders during the fourth quarter of 2021 to understand utilities’ status and future needs for improved water system cybersecurity

A Solution Guide to Operational Technology Cybersecurity
A Solution Guide to Operational Technology Cybersecurity »

This comprehensive guide explains how Fortinet effectively provides security throughout the interconnected IT and OT infrastructure while fully enabling integration across Fortinet and partner security solutions and supporting security automation across the entire security ecosystem.

Effective Implementation of the NIST Cybersecurity Framework with Fortinet
Effective Implementation of the NIST Cybersecurity Framework with Fortinet »

This paper reviews the NIST-based approach to implementing security for an ICS/OT, referencing the NIST Cybersecurity Framework (CSF), the five cybersecurity Critical Controls from the SANS Institute that are most relevant to ICSes, and Fortinet Security Fabric technologies. We also examine how to effectively support and implement the NIST CSF and explore how some of Fortinet’s cybersecurity offerings can help an organization fulfill its ICS/OT security road map.

Enabling NIS2 Directive Compliance with Fortinet for Operational Technology
Enabling NIS2 Directive Compliance with Fortinet for Operational Technology »

The NIS2 Directive (NIS2) is an improved approach to cybersecurity controls, with an expanded scope and mandatory penalties.

Independent Study Finds That Security Risks Are Slowing IT-OT Convergence
Independent Study Finds That Security Risks Are Slowing IT-OT Convergence »

Aligning Your Security Program with the NIS Directive
Aligning Your Security Program with the NIS Directive »

Securing OT Systems in the Face of Rapid Threat Evolution
Securing OT Systems in the Face of Rapid Threat Evolution »

As organizations modernize and embrace efficiency gains from Industrial Internet-of-Things (IIoT) technologies, the air gap between IT and OT disintegrates, and the attack surface expands. OT sensors are increasingly being integrated into IT networks to interface with machine learning and big data technologies. This connectivity creates both competitive advantage for the company and an increased risk of cyber intrusion. The growing attack opportunities are especially problematic because “headless” OT devices were not designed with security in mind.

Simplifying SD-WAN Operations with Single-Pane Management
Simplifying SD-WAN Operations with Single-Pane Management »

Fortinet simplifies SD-WAN operations with network operations center solutions

Fortinet Secures OT Networks Against Advanced Threats
Fortinet Secures OT Networks Against Advanced Threats »

OT-specific threat intelligence provided by FortiGuard Labs and Fortinet partners delivers the insight and context required to identify and remediate OT-specific threats.

Securing OT Networks with Microsegmentation
Securing OT Networks with Microsegmentation »

Read how Fortinet microsegmentation it is possible to implement a zero-trust security policy and to scan all traffic within a VLAN using a next-generation firewall (NGFW)

Fortinet Provides Zero-day Protection in OT Environments
Fortinet Provides Zero-day Protection in OT Environments »

Sandboxing and deception solutions complement each other in detecting zero-day threats. To fulfill their role in the kill chain, each must then share detected threat intelligence with an integrated next-generation firewall (NGFW). The NGFW enforces internal network controls (via segmentation) and updates broader OT defenses to block any previously unknown forms of attack. FortiSandbox and FortiDeceptor support comprehensive OT security—including intelligence sharing for protection against zero-day threats.

Securing Open Platform Communications in OT Environments with FortiGate Next-generation Firewalls
Securing Open Platform Communications in OT Environments with FortiGate Next-generation Firewalls »

Fortinet FortiGate next-generation firewalls (NGFWs) are not only able to understand OPC but they also provide granular control of more than 250 standard OPC functions. Additionally, the FortiGate application control feature supports more than 30 different OT/ICS protocols.