Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

The Future of Industrial Security – IT and OT Convergence

In industrial organizations, security is traditionally divided across three silos: physical security, IT security and operational  security (plant security and system integrity). This divide makes it more difficult for facilities operators to identify and respond to incidents.

In industrial organizations, security is traditionally divided across three silos: physical security, IT security and operational  security (plant security and system integrity). This divide makes it more difficult for facilities operators to identify and respond to incidents.

Also, modern-day operations often span complex IT (information technology) and OT (operational technology) infrastructures and typically include thousands of devices, which are increasingly being connected via the Industrial Internet of Things (IIoT). This creates new challenges for securing industrial environments, and makes cyber-physical security threats even more difficult to detect, investigate and remediate.

To protect this complex attack surface, many industrial organizations have devised ways to converge their IT and OT groups — or they are researching options for doing so. However, the ‘convergence challenge’ is truly a tough nut to crack as two main barriers exist.

IT and OT are Very Different

IT environments are very dynamic. For example, IT systems are patched, upgraded and replaced on a regular basis. IT staff are concerned about data confidentiality, integrity, and availability (aka CIA). They are very knowledgable about the latest IT trends and threats. However, IT personnel are typically not familiar with OT networks or industrial control systems, and few of them ever set foot on a plant floor.

In contrast, OT staff work in an operational environment where stability, safety and reliability are top priorities. Their jobs involve maintaining the stability of complex and sensitive environments such as oil refineries, chemical plants and water utilities that are populated with legacy systems that were implemented and haven’t changed for decades. The motto is: “if it works, don’t touch it”. OT engineers recoil at the thought of IT personnel being involved in the safety of their plants or tinkering with industrial control systems (ICS). 

IT and OT use Different Technologies

In general, IT people are used to working with the latest and greatest hardware and software, including the best security available to protect their networks. They tend to spend most of their time patching, upgrading and replacing systems.

Advertisement. Scroll to continue reading.

Meanwhile, OT staff are used to working with legacy technologies, many of which pre-date the internet era. These often use proprietary network protocols, and lack basic security controls like authentication or encryption. They also don’t have event logs or audit trails. As a result, incident detection and response in an OT environment is very different than in an IT environment.

C-Level Support is Key to Success

To bring IT and OT staff together, and unify security thinking and practices, organizations need to create a culture of collaboration between both camps for the common good of the business. Easier said than done, of course. 

Despite the challenges of bridging this divide, a number of organizations have achieved deep collaboration between IT and OT. The key to success is getting C-level support. 

Some organizations begin by creating a C-Level role to facilitate the convergence. For example, it’s quite common to find a Chief Digital Officer whose role is to bridge the gap between IT and OT, merge the culture divide, and establish incident response processes that span both groups.

The successful deployment of industrial cybersecurity projects must leverage resources from both IT and OT. Business-level oversight and leadership helps ensure that the two sides will collaborate effectively with each other.

To make this happen, more and more organizations are taking senior, experienced engineers from OT business units, and assigning them to support incident response within the Security Operations Center (SOC). This creates an environment where people, processes and technologies straddle and unify both sides of the IT/OT fence.

Related: Learn More at SecurityWeek’s ICS Cyber Security Conference

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights