Operational Technology (OT) Security: Explained Simply

Q: What regulatory frameworks govern OT Security?

Key regulatory frameworks include the NIST Cybersecurity Framework, IEC 62443 for industrial automation, and the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) standards. Compliance ensures enhanced security measures.

Table of Contents

1. Introduction to Operational Technology (OT) Security

Definition and Importance of OT Security

Operational technology (OT) security, industrial cybersecurity focuses on protecting hardware and software that detects or controls physical devices and industrial systems. This includes systems like industrial control systems (ICS), supervisory control and data acquisition (SCADA), and other technology used in manufacturing, utilities, and transportation with security controls.

The importance of OT security has grown significantly. Cyber threats can disrupt operational technology cybersecurity strategies, leading to financial losses and safety hazards. For instance, a cyberattack on a power grid, operational technology threat prevention can cause widespread blackouts. In 2015, hackers breached the Ukrainian power grid, affecting over 200,000 people. Such incidents highlight the need for robust OT security measures.

OT security aims to ensure the integrity, availability, and confidentiality of these systems. Protecting these systems is crucial for maintaining operational efficiency. Organizations must prioritize OT security to safeguard their infrastructure against evolving cyber threats.

Differences Between IT and OT Security

IT security focuses on protecting data and networks in information technology environments. It deals with computers, servers, and networks that handle data processing. OT security, however, targets physical processes and devices that interact with the real world.

The main differences between IT and OT security include their objectives and risks. IT security emphasizes data protection and privacy. In contrast, OT security prioritizes system uptime and safety. A failure in an IT system may lead to data loss, while a failure in an OT system can result in physical damage or injury.

Furthermore, the technologies used in both fields differ greatly. IT often relies on traditional cybersecurity tools like firewalls and antivirus software. OT uses specialized equipment like sensors and controllers that require tailored security solutions.

Overview of OT Environments and Systems

OT environments encompass various industries such as manufacturing, energy, water treatment, and transportation in the context of cyber security. Each sector utilizes specific systems designed for operational efficiency. For example, manufacturing plants employ robotics and automated assembly lines. These systems rely heavily on real-time data to function effectively.

Common components of OT systems, such as PLCs (Programmable Logic Controllers), SCADA systems, and HMI (Human-Machine Interface), require cyber security. PLCs manage machinery operations based on programmed instructions. SCADA systems gather data from remote locations for monitoring purposes. HMIs allow operators to interact with machines easily.

Understanding these environments helps organizations develop effective security strategies. Each system has unique vulnerabilities that require different approaches to protect them from cyber threats.

2. OT Security Threat Landscape

Common Threats to OT Security

Operational technology (OT) security faces various threats. These threats can disrupt critical infrastructure. They can also cause financial losses and reputational damage. Understanding these threats is essential for effective security measures.

Malware and ransomware attacks are prevalent in OT environments. Malware can infiltrate systems through phishing emails or compromised devices. Ransomware encrypts data, making it inaccessible until a ransom is paid. In 2021, the Colonial Pipeline attack highlighted the impact of such incidents on OT systems. This attack caused fuel shortages across the East Coast of the United States.

Insider threats are another significant concern. Employees or contractors may intentionally or unintentionally compromise security. Human error can lead to data breaches or system failures. For example, a technician might accidentally misconfigure a control system, causing downtime. Organizations must train employees on security practices to mitigate these risks.

Malware and Ransomware Attacks

Malware poses serious risks to OT systems. It can disrupt operations by targeting specific equipment. For example, Stuxnet targeted Iran’s nuclear facilities in 2010. This sophisticated worm damaged centrifuges while remaining undetected.

Ransomware attacks have become more common in recent years. Attackers encrypt critical files and demand payment for decryption keys. The WannaCry attack in 2017 affected many sectors, including healthcare and transportation. Such incidents illustrate how ransomware can cripple OT networks.

Organizations must implement robust defenses against malware and ransomware. Regular software updates and patches help close vulnerabilities. Network segmentation can limit malware spread within an organization’s systems.

Insider Threats and Human Error

Insider threats remain a significant risk for OT security. Employees often have access to sensitive information and systems. Disgruntled employees may exploit this access maliciously. According to a report by IBM, insider threats account for around 30% of data breaches.

Human error contributes significantly to security incidents as well. Simple mistakes can lead to severe consequences in OT environments. For instance, an operator may fail to follow safety protocols during maintenance work. This oversight could result in equipment damage or accidents.

To address these issues, organizations should foster a culture of security awareness. Regular training sessions can educate employees about potential risks and best practices.

Emerging Threats

Emerging threats present new challenges for OT security. As technology evolves, so do the tactics of cybercriminals. Organizations must stay vigilant against these evolving risks.

Advanced persistent threats (APTs) are one such challenge. APTs involve prolonged and targeted cyberattacks aimed at stealing information or disrupting operations. These attacks often go undetected for long periods, making them particularly dangerous.

APT groups typically use sophisticated methods to gain access to networks. They might exploit zero-day vulnerabilities or employ social engineering tactics to trick employees into revealing sensitive information.

Advanced Persistent Threats (APTs)

APTs are increasingly concerning for OT environments. Attackers often target critical infrastructure sectors like energy and transportation. Once inside a network, they maintain access over time, gathering intelligence.

In 2020, the SolarWinds breach demonstrated how APTs operate at scale. Attackers infiltrated multiple organizations through compromised software updates. This incident underscored the need for enhanced monitoring and response strategies.

Organizations must adopt a proactive approach to defend against APTs. Continuous network monitoring helps detect unusual activity early on. Implementing threat intelligence feeds can provide insights into emerging threats.

IoT Vulnerabilities in OT

The rise of IoT devices introduces additional vulnerabilities into OT systems. Many organizations now rely on connected devices for monitoring and control functions. However, these devices often lack adequate security measures.

Insecure IoT devices can serve as entry points for attackers seeking access to OT networks. For instance, weak passwords or outdated firmware can expose vulnerabilities that cybercriminals exploit.

To mitigate these risks, organizations should enforce strict security policies for IoT devices. Regular audits can identify potential weaknesses in device configurations and firmware versions.

3. Key Components of OT Security

Network Segmentation

Network segmentation is crucial in operational technology environments. It involves dividing a network into smaller parts. This limits access and enhances security. By separating critical systems from less secure ones, organizations reduce the risk of attacks spreading.

Importance of Segmentation in OT Environments cannot be overstated. It protects sensitive data and systems. If an attacker breaches one segment, they cannot easily access others. This containment strategy is vital for minimizing damage. For instance, in 2010, the Stuxnet worm targeted specific industrial control systems by exploiting poor segmentation practices.

Effective segmentation also aids compliance with regulations. Many industries must meet strict security standards. Segmentation helps organizations demonstrate their commitment to security protocols. It shows that they consider potential threats seriously.

Strategies for Effective Segmentation

Organizations should adopt several strategies for effective segmentation. First, identify critical assets and their functions. Understanding what needs protection is essential. Next, create a clear map of the network architecture. This helps visualize where segments should be placed.

Implement firewalls between segments to control traffic flow. Firewalls can block unauthorized access while allowing legitimate communications. Regularly review and update these rules to adapt to changing threats.

Another strategy involves using virtual local area networks (VLANs). VLANs allow organizations to group devices logically, regardless of their physical location. This flexibility enhances security while maintaining operational efficiency.

Access Control Mechanisms

Access control mechanisms are fundamental to OT security. They determine who can access specific information or systems. Proper access controls prevent unauthorized users from compromising critical operations.

Role-Based Access Control (RBAC) is a widely used method. RBAC assigns permissions based on user roles within the organization. For example, an engineer may have different access rights than a maintenance worker. This limits exposure to sensitive areas based on job responsibilities.

RBAC simplifies management as well. When employees change roles, adjusting their access rights becomes straightforward. Organizations can quickly revoke or grant permissions as needed.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) adds another layer of security. It requires users to provide two or more verification factors before accessing systems. Factors may include something they know (a password), something they have (a token), or something they are (biometric data).

MFA significantly reduces the risk of unauthorized access. Even if a password is compromised, the attacker still needs additional information to gain entry. Implementing MFA can deter potential intruders effectively.

Organizations should ensure that all critical systems use MFA. This includes remote access points and administrative interfaces. The extra steps involved in MFA create hurdles for attackers.

Security Monitoring and Incident Detection

Security monitoring and incident detection are vital components of OT security strategies. These processes help organizations identify potential threats before they escalate into serious issues.

Intrusion Detection Systems (IDS) play an essential role here. IDS monitor network traffic for suspicious activities or policy violations. They alert administrators when potential threats arise, allowing for quick responses.

An effective IDS uses various detection methods, including signature-based and anomaly-based detection. Signature-based detection identifies known threats, while anomaly-based detects unusual patterns that may indicate an attack.

Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM) systems consolidate logs from various sources within the network. SIEM tools analyze this data to detect anomalies and respond to incidents effectively.

These systems provide a comprehensive view of the organization’s security posture. They help correlate events across different devices and applications, identifying potential threats more efficiently.

Regularly reviewing SIEM reports allows organizations to adjust their security measures proactively. Continuous monitoring fosters a culture of vigilance against evolving threats in operational technology environments.

4. Regulatory Frameworks and Standards for OT Security

NIST Cybersecurity Framework

The National Institute of Standards and Technology (NIST) developed a framework to improve cybersecurity practices. This framework provides guidelines for organizations to manage cybersecurity risks. It emphasizes the importance of identifying, protecting, detecting, responding, and recovering from cyber incidents.

NIST’s Cybersecurity Framework is widely adopted across various industries. Organizations in sectors like energy and manufacturing use it to enhance their operational technology security. The framework helps companies align their security measures with business goals. It also allows for better communication between technical and non-technical stakeholders.

Organizations can benefit from implementing the NIST framework in their OT environments. It offers a flexible approach to risk management. By following these guidelines, companies can establish a strong foundation for securing their systems. They can also adapt the framework as threats evolve over time.

Application of NIST Framework in OT Security

Applying the NIST Cybersecurity Framework in operational technology security involves several steps. First, organizations need to assess their current cybersecurity posture. This assessment identifies gaps in existing security measures.

Next, organizations should prioritize areas needing improvement. They can develop a roadmap to address these vulnerabilities. Regularly updating this roadmap is crucial as new threats emerge.

Training employees on the NIST framework is essential. Staff must understand their roles in maintaining security. Continuous education helps create a culture of security awareness within the organization.

5. Risk Management in OT Security

Conducting Risk Assessments

Risk assessments are vital for operational technology (OT) security. These assessments help identify potential threats and vulnerabilities. Organizations must evaluate their systems regularly. This process involves examining hardware, software, and processes.

A comprehensive risk assessment includes several steps. First, define the scope of the assessment. Next, gather information about the existing systems. This includes understanding how they operate and what data they handle.

After gathering details, organizations should identify potential risks. This includes both internal and external threats. Internal threats may come from employees or system errors. External threats often involve cyber attacks or natural disasters.

Identifying Vulnerabilities and Threats

Identifying vulnerabilities is a crucial part of risk management. Vulnerabilities can exist in software, hardware, or even human factors. For example, outdated software may have security holes that hackers can exploit.

Threats can be categorized into different types. Cyber threats include malware, ransomware, and phishing attacks. Physical threats may involve unauthorized access to facilities or equipment damage.

Organizations should use various tools to identify these vulnerabilities. Regular scans and audits can reveal weaknesses in systems. Penetration testing simulates attacks to assess security measures.

Mitigation Strategies

Mitigation strategies aim to minimize identified risks. These strategies can vary based on the specific needs of the organization. Implementing strong access controls is one effective approach. Limiting access helps protect sensitive areas of the OT environment.

Another strategy is to keep software updated. Regular updates can close security gaps that attackers might exploit. Training employees on security best practices is also essential.

Organizations may also consider network segmentation. This means dividing networks into smaller parts to limit potential damage from a breach. If one segment is compromised, others remain secure.

Risk Reduction Techniques for OT Environments

Risk reduction techniques are critical for securing OT environments. One technique is implementing redundancy in critical systems. Redundancy ensures that if one system fails, another can take over without disruption.

Regularly backing up data is another important technique. Backups protect against data loss from cyber incidents or system failures. Organizations should store backups securely and test them frequently.

Physical security measures also play a significant role in risk reduction. Installing surveillance cameras and access controls can deter unauthorized entry into facilities. Regular inspections of physical assets ensure they remain secure.

Business Continuity Planning

Business continuity planning (BCP) prepares organizations for unexpected events. BCP ensures that essential functions continue during disruptions. This planning becomes crucial when dealing with OT systems.

Developing an effective BCP involves several key steps. First, identify critical operations that must continue during a crisis. Next, establish recovery strategies for these operations.

Testing the BCP regularly is also necessary. Simulating various scenarios helps organizations understand their response capabilities. This practice ensures that employees know their roles during an emergency.

Importance of Continuity Planning for OT Systems

Continuity planning is vital for protecting OT systems from disruptions. Events like cyber attacks or natural disasters can severely impact operations. Without a solid plan, organizations may face extended downtime or financial losses.

Effective continuity planning enhances resilience against such events. It allows organizations to recover quickly while minimizing impact on services and customers.

Investing time and resources in continuity planning pays off in the long run. Organizations with robust plans usually experience fewer disruptions and faster recovery times.

6. Implementing OT Security Best Practices

Security Policies and Procedures

Organizations must establish clear security policies for operational technology (OT). These policies guide how to protect critical systems. They should outline roles, responsibilities, and acceptable use of technology.

Developing comprehensive security policies is essential. Policies should cover access controls, data protection, and incident response. Organizations need to regularly review these policies to ensure they remain effective.

A strong policy framework helps in compliance with regulations. It also supports risk management efforts. By having defined procedures, organizations can respond quickly to threats.

Developing Comprehensive Security Policies

Creating a security policy starts with identifying risks. Organizations should assess their unique environment and potential vulnerabilities. This assessment forms the basis for tailored policies.

Policies must address both technical and human factors. Technical measures include firewalls, intrusion detection systems, and encryption. Human factors involve training and awareness programs for employees.

Regular updates to policies are crucial. Technology changes rapidly, and so do threats. Organizations should schedule periodic reviews to adapt to new challenges.

Employee Training and Awareness

Employee training is vital for OT security success. Personnel must understand the importance of security measures. They play a key role in protecting systems from cyber threats.

Training programs should cover various topics. Employees need awareness of phishing attacks, password management, and secure practices. Regular training sessions keep security fresh in employees’ minds.

An informed workforce can significantly reduce risks. Employees who recognize potential threats can act swiftly to prevent incidents. Their vigilance is an essential layer of defense.

Importance of Training Programs for OT Personnel

Training programs specifically designed for OT personnel are critical. These programs address the unique challenges faced in operational environments. They provide knowledge on the specific technologies used in OT systems.

Hands-on training can be particularly effective. Simulations or tabletop exercises help personnel practice responses to incidents. This practical experience builds confidence in their ability to manage real-world scenarios.

Organizations should encourage a culture of continuous learning. This approach keeps all staff updated on the latest threats and best practices in OT security.

Incident Response Planning

Incident response planning is a core component of OT security strategy. A well-defined plan ensures organizations can respond effectively to incidents. It minimizes damage and recovery time when breaches occur.

Developing an incident response plan involves several steps. First, identify potential incidents that could affect operations. Next, establish roles for team members during an incident.

Testing the incident response plan is equally important. Regular drills help evaluate the effectiveness of the plan. Organizations can identify gaps and improve their response capabilities through these tests.

Developing and Testing Incident Response Plans

Plans should include detailed procedures for different types of incidents. For example, they may outline steps for dealing with malware infections or unauthorized access attempts. Each scenario requires a tailored response approach.

Testing incident response plans creates readiness within teams. Realistic simulations allow teams to practice their skills under pressure. Feedback from these tests leads to valuable improvements in the plans.

Regular updates to incident response plans keep them relevant. As technology evolves, so do threats and responses needed to combat them.

7. Challenges in OT Security

Legacy Systems and Technologies

Legacy systems present significant challenges in operational technology security. Many industries still rely on older equipment and software. These systems often lack modern security features. They can be vulnerable to cyber threats.

Security issues arise with aging infrastructure. Older systems may not receive updates or patches. This leaves them open to exploitation. Attackers can take advantage of these weaknesses. For example, a 2017 attack on a Ukrainian power grid exploited outdated technology. The attackers caused widespread outages. This incident highlighted the risks associated with legacy systems.

Organizations face difficulties when trying to upgrade these systems. Replacing legacy technology can be costly and time-consuming. Companies may hesitate to invest in new solutions. They fear disruptions to operations. However, failing to address these vulnerabilities can lead to severe consequences.

Integration of IT and OT Security

Integrating information technology (IT) and operational technology (OT) security is crucial. Both areas have different priorities and protocols. IT focuses on data integrity, while OT emphasizes physical processes. This difference creates challenges in ensuring comprehensive security.

Overcoming silos between IT and OT security teams is essential. Collaboration can enhance threat detection and response. For instance, sharing information about potential threats can help both teams prepare better. A unified approach can also streamline incident response efforts.

Organizations must foster communication between these teams. Regular meetings and joint training sessions can build trust. Establishing shared goals can align their efforts towards common objectives. This integration strengthens overall security posture against cyber threats.

Regulatory Compliance Challenges

Navigating complex regulatory environments poses another challenge for OT security. Organizations must comply with various regulations, such as NIST, IEC 62443, and others. Each regulation has specific requirements for security practices.

Compliance can be resource-intensive and confusing. Different regulations may conflict with each other or have overlapping requirements. Companies struggle to understand what is necessary for compliance. This confusion can lead to gaps in security measures.

Staying updated on regulatory changes is vital for organizations. Regulations often evolve due to emerging threats and technologies. Companies need dedicated teams to monitor these changes actively. This ensures that they remain compliant while maintaining robust security practices.

8. Future Trends in OT Security

Advancements in OT Security Technologies

OT security is evolving rapidly. New technologies are emerging to protect operational technology systems. These advancements focus on enhancing detection and response capabilities.

One significant trend is the integration of AI and machine learning. These technologies can analyze vast amounts of data quickly. They identify unusual patterns that may indicate a security threat. For example, if a device behaves differently than usual, AI can flag it for review.

Another advancement involves improved encryption methods. Stronger encryption protects data in transit and at rest. This helps prevent unauthorized access to sensitive information. As these technologies develop, they will become essential for securing OT environments.

Use of AI and Machine Learning in OT Security

AI and machine learning play crucial roles in OT security. They automate threat detection and response processes. This reduces the time needed to react to incidents.

These technologies learn from historical data. They adapt to new threats over time. For instance, if a specific type of attack occurs, AI can recognize similar attacks in the future. This proactive approach enhances overall security.

Organizations are increasingly adopting these technologies. They recognize the potential of AI to improve efficiency and effectiveness in security measures. The result is a more robust defense against cyber threats targeting OT systems.

Increased Focus on Resilience

Resilience is becoming a key focus in OT security strategies. Organizations must prepare for potential disruptions or attacks. Building resilience means ensuring systems can recover quickly from incidents.

This shift comes as threats grow more sophisticated. Cyberattacks can cause significant downtime and financial loss. Companies need to prioritize resilience to maintain operations during crises.

Investing in resilience includes regular testing of recovery plans. Organizations should simulate attacks to assess their response capabilities. By doing so, they identify weaknesses and improve their defenses.

Building Resilience in OT Environments

Building resilience requires a multi-layered approach. Organizations must implement various strategies to strengthen their defenses.

Regular updates: Keeping software up-to-date helps close vulnerabilities.
Employee training: Educating staff about security best practices reduces human error.
Incident response plans: Having clear procedures ensures quick action during an incident.

These strategies create a strong foundation for resilience in OT environments. A proactive mindset enables organizations to withstand attacks and recover swiftly.

Growing Importance of Supply Chain Security

Supply chain security is increasingly critical in OT security discussions. Vulnerabilities within the supply chain can expose organizations to risks. Attackers often target third-party vendors to gain access to larger networks.

As reliance on global suppliers grows, so does the need for robust security measures. Organizations must ensure that all partners adhere to strict security protocols.

This trend highlights the importance of collaboration among stakeholders. Companies should share information about threats and vulnerabilities across the supply chain.

Ensuring Security Across the Supply Chain

Ensuring security throughout the supply chain requires diligence and continuous monitoring. Organizations should conduct thorough assessments of their vendors’ security practices.

Vendor audits: Regularly review third-party security measures.
Contractual obligations: Include security requirements in vendor contracts.
Incident reporting: Establish clear communication channels for reporting incidents.

By implementing these practices, organizations can protect themselves from supply chain-related threats. A comprehensive approach fosters trust among partners while enhancing overall security.

9. Case Studies and Real-World Examples

Analysis of Major OT Security Incidents

Several significant incidents have highlighted the need for robust operational technology (OT) security. One notable event occurred in 2010 when the Stuxnet worm targeted Iran’s nuclear facilities. This sophisticated malware disrupted centrifuges, causing physical damage. It marked a turning point in how industries viewed cyber threats.

Another incident happened in 2015 with the Ukrainian power grid attack. Hackers gained access to the control systems, leaving over 200,000 people without power. This attack demonstrated vulnerabilities in critical infrastructure and emphasized the importance of securing OT environments.

In 2020, a ransomware attack hit a water treatment facility in Florida. Cybercriminals attempted to increase sodium hydroxide levels, posing risks to public safety. Fortunately, operators detected the intrusion quickly, preventing potential harm. These incidents show that OT security is essential for protecting both assets and human lives.

Lessons Learned from Real-World Breaches

Real-world breaches offer valuable lessons for improving OT security. First, organizations must prioritize regular software updates and patches. Many attacks exploit outdated systems. Keeping software current reduces vulnerabilities significantly.

Second, training employees on cybersecurity awareness is crucial. Human error often leads to breaches. By educating staff on recognizing phishing attempts and suspicious activities, organizations can create a more secure environment.

Lastly, developing an incident response plan is vital. Such plans prepare organizations for potential attacks. They outline steps to take during a breach, minimizing damage and recovery time. Learning from past incidents helps shape better security strategies for the future.

Successful OT Security Implementations

Various companies have successfully implemented OT security measures. One example is Siemens, which developed a comprehensive security framework for its industrial automation systems. The company emphasizes risk assessments and continuous monitoring to protect its infrastructure.

Another successful case involves Schneider Electric. They adopted a multi-layered approach to security by integrating IT and OT systems. This strategy allows for better visibility into potential threats while ensuring compliance with industry standards.

Furthermore, the energy sector has seen advancements in OT security through initiatives like the Industrial Internet Consortium (IIC). Their framework promotes best practices for securing connected devices in industrial settings. These implementations showcase that effective security strategies can significantly enhance overall resilience against cyber threats.

Case Studies of Effective Security Strategies

One compelling case study comes from a major oil and gas company that faced frequent cyber threats. They invested in advanced threat detection systems and employee training programs. As a result, they reduced incidents by 70% within two years.

A manufacturing firm also improved its security posture after experiencing a data breach. They implemented network segmentation to isolate critical systems from less secure ones. This move not only protected sensitive information but also minimized the impact of potential attacks.

Finally, a utility company adopted real-time monitoring tools to detect anomalies in their OT networks. This proactive approach allowed them to identify threats before they escalated into serious incidents. These examples illustrate that tailored security strategies can lead to significant improvements in OT environments.

Frequently Asked Questions

What is Operational Technology (OT) Security?

Operational Technology (OT) Security involves protecting hardware and software systems that detect or control physical devices, processes, and events in industrial environments. It ensures the integrity, availability, and confidentiality of critical infrastructure.

Why is OT Security important?

OT Security is crucial because it safeguards essential services, such as energy, water, and transportation. A breach can lead to significant disruptions, financial losses, and threats to public safety.

What are common threats to OT Security?

Common threats include malware attacks, insider threats, denial-of-service attacks, and vulnerabilities in legacy systems. These threats can disrupt operations and compromise sensitive data.

How does OT Security differ from IT Security?

OT Security focuses on protecting industrial control systems and physical processes, while IT Security primarily deals with information systems and data protection. The two domains have different priorities and risk profiles.

What regulatory frameworks govern OT Security?

Key regulatory frameworks include NIST Cybersecurity Framework, IEC 62443 for industrial automation, and the North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) standards. Compliance ensures enhanced security measures.

What are best practices for implementing OT Security?

Best practices include conducting regular risk assessments, segmenting networks, applying access controls, ensuring software updates, and training personnel on security protocols to mitigate risks effectively.

What challenges does OT Security face today?

Challenges in OT Security include outdated systems, lack of visibility into networks, limited budgets for security upgrades, and the convergence of IT and OT environments creating new