Skip to content Skip to navigation Skip to footer

Cybersecurity for Operational Technology

The convergence of operational technology (OT) and information technology (IT) networks impacts the security of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. By designing security into complex infrastructure via the OT-Aware Fortinet Security Fabric, OT organizations have an efficient, non-disruptive way to ensure that the OT environment is protected and compliant.

Fortinet Security Fabric for OT Environments

The Fortinet Security Fabric seamlessly enables security for converged IT/OT ecosystems. It provides OT-centric features and products to extend Security-Fabric capabilities to OT networks. To alleviate security risks across the organization, Fortinet has enhanced the OT security offerings. The innovations range from edge products to NOC/SOC tools and services to ensure efficient performance.

Watch Now
power utilities solution

A Solution Guide to Operational Technology Cybersecurity

With the acceleration of Digital Transformation (DX), it has become critical for organizations to understand the similarities and differences between IT and OT networks. The Fortinet Security Fabric protects the digital attack surface of OT and IT networks. Deploying the Fabric provides visibility, integration, automation, and resilience in your security environment.

Learn More

Challenges

Lack of Effective Security

Most industrial control systems lack security by design and are sensitive to change.

Expanding Attack Surface

The attack surface for cyber-physical assets is expanding as air-gap protection is diminishing.

IT-OT Networks

Digital transformation (Industry 4.0) initiatives are driving IT-OT network convergence.

Increasing Connectivity 

Technologies such as 5G, loT, and cloud add complexity and must be secured.

Expanding Secure Remote Access

Remote access requirements for third parties and employees cause additional risks.

Growing Skills Gap Risks

Asset owners' reliance on OEMs and Sls exposes critical systems to additional risks.

Fortinet's ICS/SCADA Solution

Protecting the cloud and external zones, including Internet, Cloud, and VPN. These zones are protected with Cloud Firewall, VPN gateway, Single Sign-On, and Multi-factor authentication

The Purdue Model

Fortinet uses the Purdue Model as a reference network architecture to differentiate between IT and OT solutions.  Fortunately, for customers seeking vendor consolidation and IT/OT convergence, the Fortinet IT Security Fabric and the Fortinet OT-Aware Security Fabric enable seamless network and security operations between both IT and OT.  Below is a breakdown of the Fortinet products and services that protect both IT and OT.

Protecting the cloud and external zones, including Internet, Cloud, and VPN. These zones are protected with Cloud Firewall, VPN gateway, Single Sign-On, and Multi-factor authentication

Cloud & External Zones

The Internet/WAN Zone delivers access to cloud-based services for compute and analytics to support ERP and MRP systems for an operational environment. For strong authentication, two-factor authentication and VPN tunnels are used to verify identity and keep data private.

Protecting the business and enterprise zones, which includes IT and converged IT and OT, the enterprise network (corporate systems and networks), and business planning and logistics (site systems and networks). These zones are protected by technologies including sandbox, deception, SIEM, SOAR, secure SD-WAN, privileged access management, web application firewall, and fabric-ready partners

Business & Enterprise Zones

The enterprise zone typically sits at the corporate level and spans multiple facilities, locations, or plants where the business systems work to perform operational tasks and includes an IT network and security operations center (IT NOC/SOC).

Between the enterprise and site operations zones is the Converged IT & OT zone, what is known as the Demilitarized Zone (DMZ). The DMZ allows the organization to securely connect networks with different security requirements. Security protection includes authentication and business segmentation to provide visibility, control and situational awareness to manage against known and unknown threats. Verify who and what is on the network, and provide role-based access control for users, devices, applications, and protocols. Address unknown threats with sandboxing and deception detection as well as provide industrial security information to the NOC/SOC.

Protecting the operations and control zones, which includes simulation, engineering, and testing. These zones are protected with segmentation firewall, network access control, centralized reporting, and centralized policy

Operations & Control Zones

Site Operations enables the centralized control and monitoring of all the systems that run the processes in a facility. This is where OT systems share data with IT systems. FortiGate next-generation firewall appliances are frequently deployed here for top-rated protection and segmentation, providing visibility and control.

Process Control Zones include area supervisory control (HMIs, historians), basic control (PLCs, RTUs, IEDs), and process (actuators, sensors). These zones are protected by technologies including transparent firewall, application control, intrusion prevention, endpoint detection and response, secure network switch, secure wi-fi access point, secure wireless extender, and zero trust network access.

Process Control Zones

The Industrial Zone is where the production takes place. This zone includes digital control elements like PLCs and RTUs that convert IP communication to serial commands, including additional networks such as networks to support IoT devices. Fortinet products in this zone include: FortiGate, FortiSwitch, and FortiAP.

Case Studies

With Fortinet, our team’s efforts can go further since we can automate many things. That means we can maintain the same team while providing much greater support to our educational community.”
- Humberto Vidal, IT Coordinator, FIEB
Our experience with the FortiGate Next-Generation Firewalls [NGFWs] has been great, and we were impressed by the level of integration enabled by the broader Fortinet Security Fabric, as well as Fortinet’s competitive pricing. Importantly, Fortinet could also provide the level of security required to access federal government and state funding and deliver against the NIST [National Institute of Standards and Technology] Cybersecurity Framework.”
- Eric Scholl, Chief Security Officer, GASD
Because of the amount of devices Fortinet looks at every single day, we get a fairly up-to-date snapshot of threats and [are] able to update our platform almost immediately. So having the FortiAnalyzer, and then actually looking at that threat landscape through the monitors, is amazing and our customer base loves it.”
- Dave Cahoon, Chief Technology Officer, Red Bison Technology Group
The company benefits from secure remote access to its rigs and complete visibility of all associated OT systems. With logging and indicators of compromise (IOC) fully integrated with the customer’s SOC, its internal security team is much better equipped to identify and mitigate threats.
- , Maritime Drilling Rig Operator
Now, network and security are in one place, one piece. You can't have one without the other.”
- Tri Nguyen, Director of IT, Waukesha-Pearce Industries
Our goal is to help our customers manage business risk and enhance value. Fortinet has played a key part in modernizing our OT network infrastructure and security posture.”
- Tarun Patel, Product Director, Oxford Properties Group

Related Products

Resources

Analyst Reports
White Papers
Checklists
eBooks
Ordering Guide
Reports
Reference Guide
Solution Briefs
Videos
Webinars
Complexities in Deploying Zero Trust in Operational Technology
Complexities in Deploying Zero Trust in Operational Technology »

Collaboration and discussion between IT and OT security teams about actual barriers and boundaries can unlock apprehensions so that organizations can include OT networks in their comprehensive zero-trust security strategies.

Secure Access for Operational Technology at Scale
Secure Access for Operational Technology at Scale »

Enabling Remote Work and Ensuring Business Continuity

A Solution Guide to Operational Technology Cybersecurity
A Solution Guide to Operational Technology Cybersecurity »

This comprehensive guide explains how Fortinet effectively provides security throughout the interconnected IT and OT infrastructure while fully enabling integration across Fortinet and partner security solutions and supporting security automation across the entire security ecosystem.

Demystifying Zero Trust in OT
Demystifying Zero Trust in OT »

Going from implied trust to zero trust

Network Access Control in ICS/OT Using FortiNAC
Network Access Control in ICS/OT Using FortiNAC »

Secure IT/OT Convergence with the Fortinet Network Access Control Solution

Advanced Threat Protection for Industrial Control Systems and Operational Technology
Advanced Threat Protection for Industrial Control Systems and Operational Technology »

FortiGuard Industrial Security Service Secures ICS and OT With Application Control and Virtual Patching

Effective Implementation of the NIST Cybersecurity Framework with Fortinet
Effective Implementation of the NIST Cybersecurity Framework with Fortinet »

This paper reviews the NIST-based approach to implementing security for an ICS/OT, referencing the NIST Cybersecurity Framework (CSF), the five cybersecurity Critical Controls from the SANS Institute that are most relevant to ICSes, and Fortinet Security Fabric technologies. We also examine how to effectively support and implement the NIST CSF and explore how some of Fortinet’s cybersecurity offerings can help an organization fulfill its ICS/OT security road map.

Enabling NIS2 Directive Compliance with Fortinet for Operational Technology
Enabling NIS2 Directive Compliance with Fortinet for Operational Technology »

The NIS2 Directive (NIS2) is an improved approach to cybersecurity controls, with an expanded scope and mandatory penalties.

Securing OT, Remote Access, and Converged SOC Operations
Securing OT, Remote Access, and Converged SOC Operations »

New Strategies for Industrial CIOs and CISOs