How is data integrity protected in OT data flows?

• A. Rely on encryption only without integrity checks.
• B. Only monitor data after it arrives at control center.
• C. Data integrity is not a concern in OT.
• D. Use checksums, digital signatures, and hash validation; implement redundant data paths and regular backups; ensure data in transit and at rest are protected.

Answer: (C)

In OT environments, keeping data trustworthy as it moves from sensors and controllers through networks to storage is essential because inaccurate or tampered data can lead to unsafe operations. Protecting data integrity involves several layers that work together. Use checksums, hash functions, and digital signatures to detect any changes to data in transit or at rest; these allow the receiving system to verify that the data received is exactly what was sent and to identify tampering or corruption. Pairing these with secure channels that provide integrity guarantees (often via authenticated encryption or message authentication codes) helps prevent undetected modifications while data is moving. Build in redundancy with multiple data paths so there are independent routes for verification and delivery, and maintain regular backups so you can restore from a known-good state if integrity is compromised. Protecting data both in transit and at rest, plus maintaining logs and audit trails, helps detect and respond to integrity issues promptly. Relying on encryption alone won’t catch all alterations, monitoring only after data arrives misses in-flight tampering, and claiming integrity isn’t a concern ignores the safety-critical need to trust OT data.