Operational Technology (OT) describes devices and protocols used to control real-world operations: factories, assembly lines, medical equipment, and so on.
For decades, this technology was isolated (more or less) from the wider world, using custom protocols and communications media. However, over the past 15 - 20 years, these devices have started using commodity protocols and media more and more. This means that these devices are now using the standard TCP/IP protocol suite, a concept referred to as "OT/IT convergence."
This convergence has obvious benefits, making these devices cheaper and more manageable. However, it also makes them more accessible to attackers, and their security posture has often not kept up.
As part of this convergence process, many devices are connected via protocol gateways. These gateways speak TCP/IP, and then translate communications to proprietary OT protocols (or simply provide a NAT-style private network within an OT device rack).
This talk discusses techniques for detecting devices on the "other side" of these gateways. It begins with a brief introduction to the history of OT, moving on to the OT/IT convergence phenomenon. It then discusses the issue of protocol translation and provides two practical examples of discovering assets across gateways: CIP (Common Industrial Protocol) message forwarding and DNP3 (Distributed Network Protocol, version 3) address discovery.
These techniques are provided as examples to illustrate the issue of OT device discovery, and to encourage the audience to perform further research in how these sorts of devices may be discovered on networks and, ultimately, protected.
Meet Our Speakers
Rob King
Director of Applied Research
Get the latest news and expert insights delivered in your inbox.
