In the world of operational technology (OT), we’ve all heard the tired tropes about old PCs running legacy operating systems tucked away in a cupboard somewhere which can’t be patched.

While this image might seem quaint and no doubt resonates with some people, it draws our attention away from the more significant challenges in designing and managing OT environments (namely, trust transition zones and the inadequacy of traditional controls such as firewalls) in addressing higher consequence risks, such as highly skilled adversaries.

The Real Issue: Trust Transition Zones

Trust transition zones are areas within networks where data and systems traverse between different security domains. In OT environments, no doubt you all recognise these zones being particularly vulnerable because they often involve interfaces with less secure networks, such as corporate and third party networks.

We all know from experience that these zones can include a mix of standard controls and multiple policy enforcement points, in addition to legacy systems and newer technologies. The challenges that we’re all facing as cyber defenders is that traditional security measures, such as firewalls, aren’t really designed to handle the complexity of modern cyber threats, especially those posed by adversaries with extended capabilites and resourcing to achieve an outcome.

These adversaries are difficult to detect and evict from networks, as these nation-state actors – even when faced with threat intelligence and multiple firewalls with application layer visibility – can’t address vulnerabilities such as latent issues within the protocols, and code that can also provide a threat vector.

Firewalls and Nation-State Risk

Firewalls are our ‘go-to’ for flow control. This remains a key control and will remain a foundation of network security, but we should be asking ourselves if they will remain effective as a sole network layer control.

Nation-State actors have the capability and resources to exploit most firewalls. There have been recent incidents that VPNs and firewalls have been exploited by groups such as HAFNIUM, which really should make us consider if our control sets are protecting us as we expect them to.

Secure Solutions at the Network Layer

One option to address these challenges is by implementing more secure solutions within our networks, in particular, for the interface points between our mission critical OT networks and less secure networks. We should be considering technologies such as cross-domain solutions (CDS).

CDS provide a greater challenge when it comes to bypassing their controls, as data can only move between each trusted domain and ensures that each domain remains entirely isolated from any potential threats.

Cross-domain solutions operate differently from traditional network controls as they integrate several key functions, such as secure data between networks, levels, control interfaces by enforcing security policies and by using high-assurance measures as part of product development.

CDS allow for the transfer of sensitive information across security domains without unauthorised access, so they essentially secure communication and data sharing between isolated networks whilst maintaining stringent security controls.

What role do guidance and standards play in recommending CDS?

There are several standards that allude to – or advise direct implementation of – CDS, depending on the need. As an example, the SANS Institute’s ICS Top 5 provides guidance for securing industrial control systems, emphasising the importance of network segmentation, continuous monitoring and incident response. Additionally, the IEC 62443 standard, which focuses on the security of industrial automation and control systems, has seen a significant update in 2024 which reflects the threat landscape and the need for more of an evolution in security controls.

Locally, the Australian Signals Directorate Information Security Manual (ISM) provides some key requirements for CDS, which advise that for networks and information with the relevant classification that ‘controlled interfaces are required to manage data flows between security domains’, high-assurance security measures must be provided to maintain data integrity and confidentiality, and must enable secure and reliable information sharing across isolated networks. Additionally, CDS must adhere to risk management principles and support the broader cyber security framework outlined in the ISM.

Conclusion

Protecting our OT networks will always remain complex, as they are high value targets. We should understand that the need to evolve our traditional control sets and underlying network designs will provide a more secure outcome. This approach, in addition to following key sources of authority, will ensure that we can all better understand the risks and protect these critical networks.

For more information on how Anchoram Consulting can assist with understanding the risks and applying a structured and achievable approach to risk reduction in OT environments, contact us today and we’ll provide actionable information based on operational experience.