Antoine d’Haussy, Head of OT – EMEA at Fortinet, delves into the growing cyber risks facing critical infrastructure, the convergence of IT and OT environments, and how AI is shaping the future of OT security.
Can you provide a bit of background on what led to the decision behind Fortinet’s involvement in OT security?
Fortinet has been involved in Operational Technology (OT) from the very beginning, over 20 years ago.
About 10 years ago, OT became a more strategic focus for us, and five years ago, it became a corporate priority. We’ve invested heavily in technology and subject matter expertise, and this has really paid off.
In regions like the Middle East, where there’s a large amount of critical infrastructure, there’s been growing demand for our solutions. That’s why we decided to participate in GITEX with a dedicated booth focused on OT. The level of interest has been high right from day one.
What are some of the primary risks currently facing the OT environment?
Cybersecurity revolves around three main components: people, processes, and technology. Of these, people are the most critical factor. While we develop technology, the human element is crucial, whether in IT or OT. In OT, there remains a significant lack of awareness and a knowledge gap, which is a primary risk. It’s essential to have personnel who understand OT networking and cybersecurity.
Additionally, we’re seeing an evolving threat landscape. Ransomware and wipers, particularly in critical infrastructures, are becoming more problematic. Many networks lack segmentation and visibility, remaining flat. There’s also a need for more secure remote access, especially since the onset of COVID-19, when remote access to physical infrastructure became necessary. Another challenge is supply chain vulnerabilities, especially with third-party vendors. These are some of the major risks facing critical infrastructure today.
The convergence of IT and OT has been discussed for years. What specific risks arise from integrating these two environments, and how is Fortinet helping organisations maintain security without compromising operational efficiency?
The main risk is the expanding attack surface. Traditionally, IT and OT environments were air-gapped or semi-isolated, but digitisation has eliminated that. This opens the door for ransomware and malware to move both vertically and laterally across systems, which is a serious concern. These threats can now directly target industrial environments, bypassing secure perimeters.
At Fortinet, we address this by ensuring there are unified security policies across both IT and OT, with shared management controls. A well-known example is the NotPetya ransomware attack, which managed to migrate from IT to OT at Maersk, causing significant damage. This could have been prevented with a solution like Fortinet’s Unified Secure Access Service Edge (SASE), which provides consistent security across both IT and OT environments.
What specific solutions is Fortinet offering to help organisations tackle these challenges?
Our solutions are organised around four main pillars, applying a defense-in-depth approach to both IT and OT environments.
- The first pillar is network security, which focuses on creating zones and segmentation using next-generation firewalls, industrial switches, and secure access points.
- The second pillar is unified SASE, which ensures secure remote access and brings zero trust principles into the OT domain, as well as Secure Service Edge (SSE) to securely connect plants.
- The third pillar is monitoring, with security operations centers (SOCs) for critical infrastructure. We offer solutions like FortiSIEM, FortiSOAR, FortiNDR, and FortiSandbox, all designed with OT-specific capabilities. For example, our OT-specific dashboards include frameworks like MITRE ATT&CK for ICS.
- The final pillar is shared threat intelligence for both IT and OT, ensuring coverage of vulnerabilities across a wide range of industrial protocols.
How can AI be leveraged to strengthen OT security? Are more organisations adopting AI, or is there still resistance due to uncertainty?
Cybercriminals are already using AI to enhance their attacks, so it’s crucial for defenders to do the same. At Fortinet, we’ve been leveraging AI and machine learning (ML) for a long time, especially in threat intelligence. Our extensive sensor network, which spans both IT and industrial environments, processes over a billion security events daily. AI and ML help us analyse this data and create the most effective threat intelligence.
We also use AI extensively in our SOC tools, helping customers analyse and understand security events, particularly given the knowledge gap in OT. AI can interpret OT-specific data, generate reports, and create playbooks for more effective responses.
Additionally, AI is integrated into secure networking tools such as AI-driven intrusion detection and prevention systems (IDPS) for SASE and secure SD-WAN. AI helps find the most secure routes and supports zero trust architecture. In short, AI is built into almost all of Fortinet’s security platforms and is used extensively across our product range.
Discussion about this post