Why Secure OT Protocols Aren’t Widely Adopted Yet
▼ Summary
– Legacy industrial control protocols lack authentication and integrity, allowing attackers on OT networks to impersonate devices and issue unauthorized commands.
– Secure versions of these protocols exist but see low adoption due to high costs, operational complexity, and fears of disrupting system availability.
– A key barrier is confusion between signing (for integrity/authentication) and encryption (for confidentiality), with operators often assuming security requires encrypting all traffic.
– Public Key Infrastructure (PKI) management is a major operational challenge, creating responsibility gaps and concerns over certificate expiration disrupting operations.
– CISA recommends a phased, practical approach, prioritizing message signing and urging manufacturers to build easier-to-adopt, secure-by-design technologies.
Industrial control systems often rely on communication protocols designed decades ago, prioritizing operational reliability over modern cybersecurity needs. This foundational gap leaves critical infrastructure networks vulnerable, as these legacy systems typically lack authentication, integrity checks, and confidentiality safeguards. A recent analysis highlights the persistent challenges in adopting more secure protocol versions, revealing that technical availability has not led to widespread implementation due to real-world operational, financial, and technical constraints.
The core issue lies in the inherent weaknesses of traditional industrial protocols. Without built-in security features, malicious actors who gain network access can easily impersonate legitimate devices, alter messages in transit, or issue unauthorized commands. While enhanced protocol versions with authentication and encryption have existed for years, their adoption remains limited. Sectors like water, energy, transportation, and chemicals continue to operate on systems where communication is based on implicit trust.
Experts point to a significant disconnect between theoretical security capabilities and practical deployment. “Simply having ‘secure’ protocol options is not enough if those options remain too costly, complex, or fragile for operators to adopt at scale,” noted one cybersecurity CEO. The decision often comes down to choosing between implementing complex new protocols or relying on simpler, established compensating controls like network segmentation and monitoring.
A common point of confusion identified is the conflation of signing and encryption. Signing verifies a message’s authenticity and integrity, ensuring it hasn’t been tampered with and comes from a trusted source, while encryption provides confidentiality by scrambling the content. Signing can be deployed without encryption, which is crucial for maintaining network visibility for monitoring and troubleshooting. Many operators mistakenly believed that securing communications necessarily meant encrypting all traffic, raising legitimate concerns about operational visibility.
Cost and complexity consistently emerge as primary barriers to adoption. Upgrading a single component to support secure communications can sometimes cost as much as the original equipment, with additional expenses for licensing, hardware for cryptographic processing, staff training, and certificate management. Operators frequently compare these unpredictable and steep costs to more familiar investments in network segmentation tools, which are often seen as more justifiable and easier to manage.
The concern over system availability and performance is another major blocker, especially in environments with older infrastructure. Operators worry about three key areas: losing observability into network traffic, introducing unacceptable latency, and consuming excessive bandwidth. In high-speed industrial processes, even milliseconds of delay from cryptographic processing can be unacceptable. These availability fears often dictate how far an organization is willing to go with security changes, frequently prioritizing uptime over enhanced protection.
Managing the required public key infrastructure (PKI) presents a formidable operational hurdle. Most organizations find PKI deployment and maintenance difficult, often requiring external support. A clear responsibility gap frequently exists, where operational technology teams manage the field devices and IT security teams manage the PKI, leaving certificate lifecycle management in a precarious state. The risk of an expired certificate causing a critical safety message to be dropped is a serious concern that makes operators hesitant.
Recommendations for moving forward emphasize practicality and phased deployment. A suggested approach is to broadly implement message signing across OT communications to ensure integrity and authentication, while applying encryption selectively for highly sensitive data like passwords. Prioritizing secure protocols for remote access connections and firmware updates is also advised as a critical first step. For manufacturers, the guidance is to build secure communication capabilities into new devices by default, support crypto-agility for future cryptographic standards, and provide clear, cost-effective upgrade paths for legacy systems.
The transition to post-quantum cryptography will further intensify the need for crypto-agility and scalable key management in the coming years. Ultimately, adoption hinges on reducing friction. The goal must be to make resilient, secure-by-design technologies the straightforward choice, seamlessly integrating them into existing operational realities without disrupting the critical missions of industrial environments.
(Source: HelpNet Security)