Many industrial organizations still view IT and OT cybersecurity as unique issues to address, yet the need for convergence has never been more important. Attackers are able to exploit the security gaps between IT and OT technologies exactly because those responsible for their defense have different priorities and practices.
Successful IT/OT cybersecurity convergence requires close cooperation between previously siloed departments. While challenging to achieve, bringing IT and OT together under an integrated security strategy will eliminate security gaps and reduce the organization’s overall cyber risk.
Clear Boundaries Justified Existing Siloed IT – OT Programs
IT groups have traditionally taken care of critical business applications and related IT cybersecurity, while process control and OT cybersecurity were the domain of engineering and operations. Clear and understandable differences in technology and environmental constraints were used to justify siloed cybersecurity strategies.
The Industrial IT – OT Landscape is Rapidly Changing
Frustrated with high costs and innovation constraints, industrial companies are increasing their use of IT-based technologies within OT systems. Supervisory applications and historical data are being migrated to the cloud. Legacy proprietary process controllers and networks are being replaced with standards-based commercial hardware and software products.
Digital transformation initiatives are changing the nature of industrial IT. Asset management, supply chain, and production operations groups are leveraging powerful, cloud-based analytics and AI packages to drive improvements. Shadow IT efforts require new networking solutions with access to edge devices and deep connectivity into IT and OT systems.
These technology developments and new business initiatives are pushing the need for convergence to the forefront. IT is recognizing the need for greater OT support, while shifts in technology are forcing OT to seek out IT expertise. As you can see, the emerging IT/OT landscape increases the need for deeper collaboration and knowledge sharing between the two groups.
What Does a Converged IT / OT Cybersecurity Strategy Look Like?
Consolidating IT and OT cybersecurity efforts clarifies responsibilities and eliminates security gaps. It also ensures consistent security levels across the entire organization and reduces overall cyber risk.
To be effective, a converged IT-OT cybersecurity program should include centralized oversight of all the organization’s cyber security efforts with the authority to implement key objectives. This can be implemented through formal organizational changes or virtual teams of people who work in IT groups, OT groups, and security operations centers (SOCs). Integration of third parties with specific capabilities should also be anticipated to address the realities of ongoing shortages in cybersecurity professionals. The chief information security officer (CISO), or someone else in top management, should have responsibility for overall coordination and board of director (BoD) reporting.
Easing the Transition to a Converged IT / OT Cyber Security Strategy
While there are significant benefits to converging IT and OT cyber security strategies, don’t expect it to be easy. Organizations need to anticipate and prepare for changes in their existing people, processes, and technology practices. Here are some initiatives that companies can use to ease the transition:
- Establish cross-trained site teams to handle routine security hygiene
- Create a global support network with IT and OT experts to deal with more complex cyber issues like malware intrusions, and anomalous behavior
- Update key IT / OT cybersecurity processes from vulnerability management to incident management
- Ensure compliance with corporate policies
- Integrate cybersecurity technology to enable coordinated cybersecurity management
IT and OT may require different tools, but they need to be compatible and fully-integrated in key areas like asset inventories, endpoint and network protection, security monitoring and reporting, and secure remote access.
Beyond the technical challenges, cultural issues such as overcoming distrust between the two groups can be a big hurdle all on its own. Methods that might ease the transition include workshops designed to reconcile perspectives, and cross-pollination of groups to build bridges and re-establish trust.
To learn more about bringing IT and OT system security together, and what to watch out for when developing your own integrated IT / OT cyber security strategy, take advantage of the resources available below.
On Demand Webinar
Trends in OT Cybersecurity: IT/OT Convergence is here to stay
Watch this webinar, presented by ARC, FireEye and Nozomi Networks, to learn:
What’s driving IT/OT Convergence?
What are the cybersecurity implications?
What are example use cases?
How do IT/OT collaborations enhance cyber resiliency?
- ARC Report: IT-OT Cybersecurity Convergence
- Blog: Why Business Leaders Need to Focus on Industrial Cyber Security
- White Paper: Advancing ICS Visibility and Cyber Security with the Nozomi Networks Solution
- Solution Brief: Real-time Cyber Security and Operational Visibility for Industrial Control Networks
- Case Study: Regional Power Operator Improves ICS Cyber Security and Operational Efficiency