Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

The Future of Industrial Security – IT and OT Convergence

In industrial organizations, security is traditionally divided across three silos: physical security, IT security and operational  security (plant security and system integrity). This divide makes it more difficult for facilities operators to identify and respond to incidents.

In industrial organizations, security is traditionally divided across three silos: physical security, IT security and operational  security (plant security and system integrity). This divide makes it more difficult for facilities operators to identify and respond to incidents.

Also, modern-day operations often span complex IT (information technology) and OT (operational technology) infrastructures and typically include thousands of devices, which are increasingly being connected via the Industrial Internet of Things (IIoT). This creates new challenges for securing industrial environments, and makes cyber-physical security threats even more difficult to detect, investigate and remediate.

To protect this complex attack surface, many industrial organizations have devised ways to converge their IT and OT groups — or they are researching options for doing so. However, the ‘convergence challenge’ is truly a tough nut to crack as two main barriers exist.

IT and OT are Very Different

IT environments are very dynamic. For example, IT systems are patched, upgraded and replaced on a regular basis. IT staff are concerned about data confidentiality, integrity, and availability (aka CIA). They are very knowledgable about the latest IT trends and threats. However, IT personnel are typically not familiar with OT networks or industrial control systems, and few of them ever set foot on a plant floor.

In contrast, OT staff work in an operational environment where stability, safety and reliability are top priorities. Their jobs involve maintaining the stability of complex and sensitive environments such as oil refineries, chemical plants and water utilities that are populated with legacy systems that were implemented and haven’t changed for decades. The motto is: “if it works, don’t touch it”. OT engineers recoil at the thought of IT personnel being involved in the safety of their plants or tinkering with industrial control systems (ICS). 

IT and OT use Different Technologies

In general, IT people are used to working with the latest and greatest hardware and software, including the best security available to protect their networks. They tend to spend most of their time patching, upgrading and replacing systems.

Meanwhile, OT staff are used to working with legacy technologies, many of which pre-date the internet era. These often use proprietary network protocols, and lack basic security controls like authentication or encryption. They also don’t have event logs or audit trails. As a result, incident detection and response in an OT environment is very different than in an IT environment.

C-Level Support is Key to Success

To bring IT and OT staff together, and unify security thinking and practices, organizations need to create a culture of collaboration between both camps for the common good of the business. Easier said than done, of course. 

Despite the challenges of bridging this divide, a number of organizations have achieved deep collaboration between IT and OT. The key to success is getting C-level support. 

Some organizations begin by creating a C-Level role to facilitate the convergence. For example, it’s quite common to find a Chief Digital Officer whose role is to bridge the gap between IT and OT, merge the culture divide, and establish incident response processes that span both groups.

The successful deployment of industrial cybersecurity projects must leverage resources from both IT and OT. Business-level oversight and leadership helps ensure that the two sides will collaborate effectively with each other.

To make this happen, more and more organizations are taking senior, experienced engineers from OT business units, and assigning them to support incident response within the Security Operations Center (SOC). This creates an environment where people, processes and technologies straddle and unify both sides of the IT/OT fence.

Related: Learn More at SecurityWeek’s ICS Cyber Security Conference

Written By

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.

ICS/OT

A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.

ICS/OT

Schneider Electric in recent months released patches for its EcoStruxure platform and some Modicon programmable logic controllers (PLCs) to address a critical vulnerability that...

ICS/OT

Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities.