Industrial Automation Security: Why Secure OT Protocols Struggle to Gain Traction

Post Views: 48

Industrial Control System Networks Remain Vulnerable

Industrial control system networks continue to rely on legacy communication protocols that prioritize reliability and uptime over authentication and data integrity. This vulnerability allows malicious actors with access to the OT network to impersonate devices, issue unauthorized commands, or modify messages without detection.

Challenges in Adopting Secure Protocols

A recent guidance document from the Cybersecurity and Infrastructure Security Agency (CISA) sheds light on the reasons behind the underutilization of secure versions of common industrial protocols, despite their availability since the early 2000s. The report highlights the gap between the technical capabilities of secure protocols and the practical challenges faced by operators in deploying and maintaining them across OT environments.

According to Joe Saunders, CEO of RunSafe Security, the mere availability of secure protocol options is not enough to drive adoption. “Operators need protections that work within real-world constraints, because if security is too complex or disruptive, it simply won’t be implemented,” Saunders emphasized.

Weaknesses in Legacy Industrial Protocols

CISA’s findings are based on interviews with OT asset owners and operators across various sectors, including Water and Wastewater Systems, Transportation Systems, Chemical, Energy, and Food and Agriculture. The guidance identifies three core weaknesses in legacy industrial protocols: lack of authentication, lack of integrity protections, and lack of confidentiality safeguards. These weaknesses enable attackers to exploit OT networks, impersonate devices, modify messages, or issue unauthorized commands.

Secure Protocol Options

Secure protocol options, such as DNP3 Secure Authentication, CIP Security, Modbus Security, and OPC Unified Architecture, have been available for decades. However, many OT systems still rely on outdated protocol implementations, leaving communications based on implicit trust. Security features that require complex workflows, extra licensing, or new infrastructure often lose out to simpler compensating controls.

Barriers to Adoption

Operators interviewed by CISA expressed a desire for the benefits of authentication and integrity checks, particularly message signing. However, many assumed that secure communication always means encrypting all traffic, which created concerns about monitoring and troubleshooting.

The guidance document clarifies the difference between signing and encryption, defining signing as providing integrity and authentication, and encryption as providing confidentiality. Signing can be deployed without encrypting traffic, and encryption often includes signing by default.

Cost and complexity are primary barriers to adoption, with operators reporting that upgrading a component to support secure communications can be as costly as the original component. Additional licensing fees, hardware upgrades for cryptographic workloads, training staff, integrating certificate management, and supporting compliance requirements further add to the costs.

Aaron Warner, CEO of ProCircular, noted that the findings reflect a larger coordination problem across OT environments. “Secure communications in industrial environments are an ongoing governance challenge,” Warner said. “Organizations must align engineering, IT security, and vendors around cost, change control, and uptime while taking a phased approach to modernization.”

Operational Challenges

Availability concerns, particularly in environments with older infrastructure, also slow adoption. Operators raised concerns around observability, latency, and bandwidth, and overall confidence that secure protocols will not disrupt operations.

Public key infrastructure (PKI) emerged as a major operational challenge, with most operators describing PKI deployment and maintenance as difficult. Certificate expiration was also identified as a practical risk, with operators worrying that expired certificates could cause critical safety messages to be dropped.

Recommendations

CISA’s recommendations emphasize phased approaches and operational realism. Owners and operators are advised to sign OT communications broadly, apply encryption where needed for sensitive data, and prioritize secure communication on remote access paths and firmware uploads. Manufacturers are urged to include secure communication capabilities by default, support crypto-agility, publish bandwidth and performance testing data, and provide clearer upgrade paths for legacy systems.

As post-quantum cryptography transitions increase pressure on OT environments to support crypto-agility and scalable key management, the need for secure-by-design technologies that are easier to adopt at scale becomes more pressing.

Note that