Mr. Vaibhav Ranjan Rai,
Deputy General Manager(Cyber & OT Security),
Adani Group,
Cyber Physical systems, also referred as Operational Technology (OT) and Industrial Control Systems (ICS) forms the backbone of a nation's critical infrastructure and business unit Operations. These systems are crucial for the smooth operation of power grids, water treatment facilities, transportation networks, and production lines. However, the integration of digital technologies into OT/ICS has introduced numerous new vulnerabilities, making them prime targets for cyberattacks. As these systems become more interconnected and automated, they face increased risks from malicious actors seeking to exploit vulnerabilities. This heightened exposure necessitates robust security measures and constant vigilance to safeguard essential services and infrastructure. Failure to address these vulnerabilities could lead to severe disruptions and significant consequences for public safety and economic stability. This near-doubling of vulnerabilities (close to 57%) highlights a real growing need for robust security to protect these critical systems.
In recent years, new revelations have exposed the real danger that malware poses to OT/ICS systems. One concrete example is TRISIS, also known as Triton, and BlackEnergy, which are pieces of malware specifically designed to disrupt industrial processes and override safety mechanisms. These sophisticated threats highlight the evolving nature of cyberattacks and the need for advanced security measures. As attackers develop increasingly complex tactics to target critical infrastructure, it becomes imperative for public sector units to adopt a proactive and strategic approach to cybersecurity.
The strategy to secure OT systems revolves largely around following vital factors as depicted
Establish clear accountability and designate individuals responsible for overseeing OT security. Defining roles ensures coordinated efforts in maintaining and enforcing security protocols among multiple stakeholders when operating in CPS domain.
Regular training is crucial to ensure that personnel are well-versed in security policies, risks, and best practices, particularly in OT environments. This helps reduce human error and enhances the organization's ability to respond to incidents. In OT (cyber-physical systems), the establishment of on-the-ground response teams is critical for managing day-to-day operations and providing central monitoring teams with accurate information during incident responses. Unlike IT SOC and IR operations, OT SOC functions under a different model, where factors such as routine maintenance, operational disruptions, equipment failure, and safety considerations play a significant role. This necessitates a highly customized approach for OT SOC compared to traditional IT SOC operations.
Maintain secure and regular backups of critical OT systems. Having a robust recovery plan ensures minimal downtime and data loss in the event of a security incident.This is a critical requirement, as it's widely understood that our systems will likely face ransomware attacks at some point. What truly matters is how well-prepared we are to respond when that happens. The key to this preparedness lies in our backup strategy, which must account for ransomware scenarios.
In the realm of OT security, asset visibility is a critical component for effective risk management and threat mitigation. Achieving comprehensive visibility into all assets within an industrial control system is essential for identifying vulnerabilities, monitoring system health, and ensuring robust protection. This involves maintaining an up-to-date inventory of all devices, including hardware and software components, as well as understanding their configurations and interconnections. Effective asset visibility enables organizations to detect unauthorised changes, assess the security posture of each asset, and respond swiftly to any anomalies or potential threats.
Network segmentation is one of the most effective ways to protect OT/ICS systems from unauthorised access or lateral movement by threat actors. Public sector organisations can achieve major attack surface reductions simply by isolating zones of OT systems from corporate networks. This level of strategic separation not only limits the number of attack vectors a malicious actor can use but also isolates breaches from spreading across other areas within your network.
Control and monitor the use of portable media (e.g., USB drives) to prevent the introduction of malware and unauthorised access. Implement strict policies for usage and scanning of such devices.
Set up comprehensive logging and monitoring systems to detect anomalies or suspicious activities. Collecting and analysing logs helps in identifying and responding to potential security incidents in real time.
It is important to secure your critical systems using access controls and authenticate mechanisms. Access control: PSUs should install systems to prevent people who are not authorised from entering into the company´s OT/ICS environments. Examples of these safeguards include enforcing multi-factor authentication and regularly reviewing access privileges. These protections are necessary to reduce the risk of insider threats, however, only legitimate users should be able to interact with sensitive systems.
Ensure that all OT systems and devices are securely configured based on best practices. Regularly audit configurations to prevent unauthorised changes that could introduce vulnerabilities.
The practice of promptly applying security patches and firmware updates is critical to maintaining the resilience of OT/ICS systems. In particular, we are seeing a rise in vulnerabilities targeting legacy devices. There must be stringent patch management processes in place for public sector units so that systems never miss a critical update and are by and large protected against known threats.
An integrated IT and OT team approach is essential for a holistic cyber security strategy. Communication and staying together must be transparent with closer coordination in all public sector units to counter this changing threat landscape. When IT/OT security practices are aligned, organisations can improve overall readiness for, and protection from, evolving cyber threats on critical infrastructure.
As the digital transformation accelerates across industries, Operational Technology (OT) and Industrial Control Systems (ICS) face new security challenges and opportunities. The future of OT/ICS security is shaped by the convergence of these systems with traditional IT infrastructure, increasing the attack surface and the sophistication of cyber threats. Here the journey highlights the shift from security by isolation ("Security by Obscurity") to a more Asset centric, integrated, proactive, and layered defence approach necessary for modern OT systems. This progression highlights the importance of evolving security measures to match the increasing complexity and connectivity of OT systems.
Key trends and developments that will define the future of OT/ICS security are Zero Trust Architecture, AI & ML for Threat Detection, Secure Remote Access solutions, Digital Twin & virtual Patching, Edge Computing and Increased focus on Sector specific regulatory/Compliance with Increased focus on Supply Chain & product Cyber security.
The future of OT/ICS security will be defined by the balance between innovation and protection. As industrial systems become more connected and digitalized, organisations will need to adopt advanced security frameworks that can evolve with emerging threats. From AI-driven threat detection to Zero Trust models and digital twin technologies, the next generation of OT/ICS security will prioritise resilience, flexibility, and seamless integration between IT and OT systems. By staying ahead of these trends, organisations can ensure the safety and reliability of their critical infrastructure in an increasingly interconnected world.
Ltcdr Vaibhav Ranjan Rai (Retd.) is a distinguished leader in Cyber and OT/ICS Security, currently serving as the Deputy General Manager for Cyber & OT Security at Adani Group. With over 14 years of experience, Mr. Ranjan has demonstrated exceptional expertise across a diverse range of security disciplines, including IEC 62443, NIST frameworks, and Cyber Forensics.
Mr. Ranjan's career spans pivotal roles in both government and private sectors, showcasing his ability to spearhead complex security initiatives. Prior to his tenure at Adani Group, he served as Chief Manager of Cyber Security at State Bank of India, where he implemented ISO 27001:2013 certification and led risk assessments and security operations. His decade-long service with the Indian Navy as Deputy Director of Cybersecurity further underscores his deep-rooted knowledge in safeguarding critical defence systems.
At Adani Group, Mr Ranjan has been instrumental in transitioning Cyber Security Operations to an in-house model, establishing a comprehensive OT security practice, and leading technology implementations for secure remote access. His efforts have included pioneering 24x7 monitoring setups, conducting rigorous security audits, and implementing centralised patch management, solidifying his role as a key figure in advancing organisational security and resilience
