Connect with us

Hi, what are you looking for?



Beyond the Pandemic: Far-ranging and Lasting Change Ahead for Industrial Networks

IT and OT Teams in Critical Infrastructure and Manufacturing Companies Must be Able to Proactively Manage Risk

IT and OT Teams in Critical Infrastructure and Manufacturing Companies Must be Able to Proactively Manage Risk

As IT and security professionals, we know that change is constant. In fact, part of what defines us is our ability to adapt to change and the faster we adapt, the more successful we will be. The change we encountered in 2020 was unprecedented and had a dramatic impact on our operational technology (OT) environments – accelerating and sometimes recasting how we address the following four key areas. 

1. Digital transformation. Well before the pandemic, companies in critical infrastructure and manufacturing sectors had already started to improve their traditional manufacturing processes and move to the cloud and SaaS applications. Many also had some type of remote access solution in place so that manufacturers of the industrial control systems that compromise OT networks could service existing machinery per their contracts. Then came the COVID crisis and digital transformation across all sectors accelerated significantly. Driven by the need to increase productivity and top line revenue to stay competitive, companies prioritized digitization and the convergence of IT and OT networks expanded dramatically. Supporting a surge in requests for remote access is the most obvious example – extending connectivity to additional user groups, including employees and third parties, who had previously provided critical services on-site. 

2. Business opportunities. We also saw an acceleration of business opportunities in critical infrastructure sectors such as life sciences and pharmaceuticals, and food and beverage. For companies in these sectors, the OT side is their business – it’s what drives revenue. To take advantage of these opportunities, organizations are increasingly looking for new ways to optimize processes and reduce costs through automation; Internet of Things (IoT) and smart devices are becoming essential to improving OT operations. 

3. Cyber threats. Another change is an increase in the number and types of cyber threats. Organizations in critical infrastructure sectors can’t risk downtime, which has contributed to the IT/OT security gap. Yet as their OT and IT networks converge, more legacy OT assets become internet-facing, and they introduce more IoT devices to their environments, the security gap widens and the door for attackers opens further. The U.S. National Security Agency (NSA) and Cybersecurity Infrastructure Security Agency (CISA) alert back in July and last month’s CISA warning of unknown cyber-threat actors targeting the COVID-19 vaccine supply chain, highlight the need to reduce exposure of OT environments, the increased capabilities of attackers, and the urgency and severity of the risk.

4. OT security. The connection between improving competitiveness and improving security is increasingly apparent at the board level. Business leaders in these sectors are becoming more educated on the prevalence and severity of these threats and are exploring new ways of mitigating risk and creating business continuity plans. They realize they have spent years protecting their IT networks, but as they look towards more IT/OT convergence to increase business performance and competitiveness, they recognize that their OT networks remain exposed. Just when they can least afford a compromise, they are most vulnerable. So, business continuity plans are number one on their list driven by a holistic approach to risk mitigation. 

As we start to see a light at the end of the tunnel with the pandemic, the way we manage our businesses will change permanently, and therefore the technology we use to support it will change permanently as well. To take full advantage of this confluence of changes and move forward securely, IT and OT teams in critical infrastructure and manufacturing companies must be able to proactively manage risk. 

Advertisement. Scroll to continue reading.

This starts with full visibility into all the assets in your OT environment and the function they perform, so that you can identify vulnerabilities and detect suspicious behavior more effectively and efficiently. Asset identification isn’t a one-time activity but must be a continuous process to understand new gaps and risks as they emerge. With a complete picture of asset information, agentless solutions that are purpose built for continuous threat monitoring can help you identify and track threats that cross the IT/OT boundary. IT and OT teams can then work together to secure the converged enterprise without risk to productivity or downtime. And to tackle one of the toughest challenges facing industrial cybersecurity practitioners today, secure remote access solutions with strict controls over sessions provide off-site access to OT environments while minimizing the substantial risks introduced by remote workers. 

The world will go back to some degree of “normal,” but it will not go back to the pre-pandemic baseline. How we work has changed forever. Fortunately, as security professionals, we know we can adapt to change and play a pivotal role in helping our organizations transition smoothly.

Learn More About Industrial Cybersecurity at SecurityWeek’s ICS Cyber Security Conference Series

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.