In recent years, the situation in the area of cybersecurity for organizations using industrial automation has significantly improved. This involves many activities aimed at building awareness of threats in the OT area. These activities certainly include the introduction of the Purdue model (https://engineering.purdue.edu/VAAMI/ICS-modules.pdf) specifying how individual systems should communicate with each other. Attention has also been drawn to the fact that security in the OT environment should not be understood in the same way as security in the IT environment. While in IT the most important thing from a security point of view is confidentiality, for OT systems it is reliability and responsiveness.

Many changes in the functioning of the OT area result from successively introduced legal regulations aimed at improving its security. Until recently, the primary strategy for securing OT environments was isolation. OT systems and environments were built to operate without human intervention - "set it and forget it", which is why a significant number of these systems still use outdated solutions with many security gaps. New legal regulations introduced the need to implement mechanisms enabling remote updating and management of these systems. Such a drastic change in the approach to securing OT systems makes it extremely important to ensure comprehensive monitoring of these systems - and for this it is necessary to implement a SIEM class solution, supported by a solution such as Nozomi Networks Guardian or Radiflow iSID.

Nozomi Networks, manufacturer of one of the most recognized platforms ensuring visibility and security of OT infrastructure and critical infrastructure, in the latest report from August 2023 on the security of OT and IoT systems (https://www.nozominetworks.com/thank-you/iot- ot-cybersecurity-research-report-august-2023/) indicates that currently, in the face of the Russian-Ukrainian war, there are about a dozen groups focused exclusively on attacking the electricity subsector, and the most frequently attacked OT environments are, among others, in critical areas such as energy or water management. From the Nozomi Networks report, we can also learn that among the areas most affected by security vulnerabilities in OT solutions revealed in 2023, critical manufacturing is in the lead (188 vulnerabilities), while the energy industry is second (138 vulnerabilities). In third place, with a much better result (53 vulnerabilities), is water management.

Moving away from isolating OT environments to managing them remotely in a situation where the components that make up these environments do not meet modern security requirements involves the need to implement solutions that will allow for the visualization of events occurring in these environments and their in-depth analysis. These solutions certainly include - supported by technologies such as Nozomi Networks Guardian or Radiflow iSID - SIEM class solutions: IBM Security® QRadar® SIEM and Splunk Enterprise Security. These solutions - although not created with OT environments in mind - implemented by experienced specialists can detect attacks and failures in OT environments as efficiently as they do in IT environments, without negatively affecting the reliability and responsiveness of these environments. We believe that our experienced team will help build security also in your IT environment - regardless of whether it is an IT or OT environment. We invite you to familiarize yourself with our offer and contact us.