Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Study Analyzes Challenges, Concerns for IT/OT Convergence

A survey conducted by the Ponemon Institute on behalf of security solutions provider TUV Rheinland OpenSky analyzes the security, safety and privacy challenges and concerns related to the convergence between information technology (IT), operational technology (OT), and industrial internet of things (IIoT).

A survey conducted by the Ponemon Institute on behalf of security solutions provider TUV Rheinland OpenSky analyzes the security, safety and privacy challenges and concerns related to the convergence between information technology (IT), operational technology (OT), and industrial internet of things (IIoT).

Industrial systems are increasingly sophisticated and automation plays a critical role in ensuring efficiency, which has led to IT, OT and IIoT systems becoming increasingly integrated. However, there are several challenges and concerns that need to be addressed to achieve convergence.

The study conducted by TUV and Ponemon is based on responses from over 650 individuals from organizations of all sizes, representing sectors such as automotive, oil and gas, energy, healthcare, industrial manufacturing, logistics and transportation, consumer goods and retail, and telecommunications. A vast majority of the companies (99%) have employees in the United States, but many also have employees in Canada (67%), Europe (69%), the APAC region (58%), Latin America (54%), and the Middle East and Africa (35%).

Roughly two-thirds of respondents said they believe IT and OT convergence is a good thing and that it’s being driven by digitalization. Over 60% of respondents believe convergence is important for achieving a more mature security posture, and nearly half believe it’s an important factor for improving the trust and confidence of supply chain partners.

However, according to the study, many believe convergence cannot be achieved without support from the company’s chief information officer (CIO) and other C-level executives. At least half of respondents also said convergence is not possible without strict safeguards for critical operations data, and it’s not possible if the organization has a long history of silos and turf issues.

“Conflicts created by turf and silo issues are a significant organizational barrier to successful convergence. The creation of a cross-functional team to manage cyber risk across IT and OT systems will help eliminate this problem,” the report says.

At least half of respondents claimed their organization is highly effective in achieving various tasks that are crucial for convergence, including safety program management, cybersecurity planning, leadership and governance, security program management, awareness and training, incident preparedness, testing and assessment, and threat and risk analysis. Fewer companies claim to be good in areas such as third-party risk management, compliance with regulations and standards, and privacy program management.

Advertisement. Scroll to continue reading.

Respondents said they believe resilience, agility, a strong security posture, and expert staff are the most critical factors for ensuring a successful convergence process.

This process is in many cases managed through a combination of in-house and outsourced expertise (46%), followed by only in-house teams (34%), and only external service providers (20%).

When it comes to budgets allocated for convergence, 45% of respondents said they have a budget, but 50% said they do not have a budget for it.

The inability to overcome turf and silo issues has been cited by more than half of respondents as a barrier to the successful convergence of cybersecurity, functional safety and data privacy. Other barriers cited by a significant number of respondents include the inability to control security, safety and privacy initiatives, the inability to secure assets and infrastructure, the inability to ensure the free flow of information, and the lack of in-house expertise.

The lack of skilled employees is considered the most common problem for a strong convergence process, along with insufficient risk assessment.

Many organizations believe that mobile and IIoT devices have the most negative impact on convergence.

IT-OT convergence

The study found that while safety objectives are in many cases at least partially aligned with business objectives, privacy objectives and cybersecurity objectives are less likely to be aligned. On the other hand, over 70% said cybersecurity is the most influential to their company’s business strategy, while privacy is the least influential.

While security is considered important during the convergence process, many organizations don’t appear to be able to maintain a strong cybersecurity posture, but they are more confident in their ability to maintain a strong safety posture.

The complete report, “Safety, Security & Privacy in the Interconnected World of IT,OT& IIoT,” is available for download in PDF format.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.