When it comes to industrial cybersecurity, one of the greatest gaps that exist is between Operational Technology (OT) and Information Technology (IT) cybersecurity. Due to differential evolution and operational goals, IT and OT have traditionally evolved in independent silos with some degree of dependency and collaboration. However, with the demolition of traditional silos, new opportunities for collaboration are now emerging that need to be tapped.
Digital transformation is the new frontier
In digital transformation projects, OT and IT are converging like never before. Through large-scale automation and the introduction of virtual machines, remote monitoring, and management of assets, and digitally supervised production processes, OT has become more integrated with mainstream IT. However, this integration is not complete and there are still aspects that run in siloes.
Consider the following:
- There are organizations running OT devices that were developed in the early 90s and they are not clear about what it is doing and how
- Visibility into networks connected with such devices is also abysmal. Since the devices are operating with minimal automation, the security teams consider the networks connected to them as an extension of these devices. They are thus accorded a lesser priority in the overall scheme of security
- While digital transformation has brought in new levels of automation, parts of the plant are sometimes left out of the overall automation roadmap due to various reasons. This leads to the prevalence of a diverse eco-system of devices, capabilities and connectivity which opens significant security gaps. In terms of priority, new and costly equipment receive the highest level of attention from a security and maintenance perspective
- The security teams are also not aware of the vulnerabilities associated with OT devices not are they aware of the patch status. In some instances, the companies that manufactured these devices would have been long shut or have stopped manufacturing or updating these devices
- While IT receives plenty of security attention, OT is often neglected. Also, OT is often equated with running operations only and thus the teams managing OT focus only on keeping the devices up and running unlike IT where teams focus on both operations and security. It is this difference that makes OT assets more vulnerable to a cybersecurity incident.
How to improve IT and OT synergy
- View IT and OT as extensions of the overall infrastructure and cover both through a unified security policy.
- The above policy should entail common goals for both IT and OT teams and milestones that they can work together to achieve
- For digital transformation projects or those involving phased transition to IIoT, OT teams should be roped in to develop a security roadmap that doesn’t end with the transition. Instead, the roadmap should cover long term operational security
- As part of the unified security, policy, an OT specific policy can also be developed to bring OT security on par with IT security
- Operate with OT-focussed threat intelligence to detect unique threats that may affect OT but not IT
- Vulnerability assessments and gap analysis should be conducted at regular intervals and such processes should be further documented through regular audits
- Cybersecurity for IT and OT assets should be owned by a joint team including members from both sides. This will ensure the evolution of a common minimum standard for security across the organization
For guidance on developing an OT specific policy under the overall enterprise security umbrella, you may wish to download this document for OT cybersecurity policy
For more information on identifying cybersecurity gaps in your IT and OT environments, talk to us.