Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

How to Find Success for IT in an OT World

The convergence of IT and operational technology (OT) is well underway, making IT’s influence on OT environments — both at the technological and personnel levels — critical to the future success of businesses. While these teams have not typically worked together and often find themselves at odds when it comes to networking, maintenance and ownership, the time for playing nice is now. Here are some critical factors for success in managing the meeting of these two worlds.

The convergence of IT and operational technology (OT) is well underway, making IT’s influence on OT environments — both at the technological and personnel levels — critical to the future success of businesses. While these teams have not typically worked together and often find themselves at odds when it comes to networking, maintenance and ownership, the time for playing nice is now. Here are some critical factors for success in managing the meeting of these two worlds.

When IT and OT Come Together

Security is often the first place IT and OT teams meet. There are always kinks to iron out, and ensuring a strong security posture is paramount regardless of the teams involved. It’s just a matter of helping these teams get on the same level for the greater goal. 

What are the red flags to keep an eye out for? Figuring out process and technology ownership is one of the first areas where issues arise. Not properly distinguishing ownership will lead to disjointed operations. Then there’s the problem of OT professionals thinking their IT counterparts don’t understand their systems. IT operators, on their part, don’t think OT teams have the expertise to manage the latest wave of connected devices. They’re both wrong — and right. The reality is they need to come together to overcome the barriers that could lead to increased risk. Both teams are needed for the most effective and secure IT/OT infrastructure. 

This is best accomplished when we stop isolating teams and have a CISO or other liaison managing overall operations from above. This leader will need to make it clear why OT can’t ride the Industry 4.0 wave without the help of IT, while also highlighting the importance of each team and the roles within them.  

Are There Downsides to the Shift?

There are always complaints about the effects of bringing IT and OT together. The primary one is that OT environments become exposed as they become more connected. But the risk is worth the benefit. New smart OT technology, and Internet of Things (IoT) as a whole has not had the rigorous regulation and oversight that IT assets have had up to this point. With new IoT assets, automation is tricky, lack of visibility makes it harder to investigate and remediate issues, and the usage of “shadow IT/OT” creates issues if left unchecked. The results are often disastrous, from halted operations in manufacturing to patient issues in medical environments. 

In short, it’s more dangerous to resist the shift in favor of maintaining the status quo. Amid rapid technological and organizational changes, not having insight into what’s happening at all levels of the tech stack is asking for trouble.

Another worry is the people problem. Smart technology means you need fewer people, right? Not necessarily. The same people can now handle more complex and creative tasks. No one wants to download reports from oil tanks on location day in and day out when smart technology could do this across numerous tanks across the country in a fraction of the time. The transition won’t happen naturally, but it’s a gamechanger with the right guidance from the business. Additionally, assuming technology will completely displace humans at the onset is naive. Humans will still be needed to usher in new technology as it makes its way into the enterprise. 

All organizations and their employees want the same thing — to deliver the best service while incurring the least risk. We cannot sacrifice the proper deployment of technology for the sake of speed or fear of change. A new era of industrialization is upon us, and it requires a new approach. 

Learn More About Convergence of IT and OT at SecurityWeek’s ICS Cyber Security Conference

Written By

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.

ICS/OT

A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.

ICS/OT

Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities.

ICS/OT

Researchers have demonstrated that threat actors could obtain global private keys that protect some of Siemens’ industrial devices, and the vendor says it cannot...