Information technology is a part of everyone’s life today. From local vendors to school children attending online classes during the pandemic, everyone has experienced how information technology works to make lives more comfortable. With that being said, IT security walks parallel to the field of information technology.
IT security is a well-established domain itself. It includes various solutions to protect against unauthorized access to organizational assets such as networks, computers, and data. The trend of the last two decades brings IT technologies advances into the Operational Technology (OT) systems, which indicates systems in industrial manufacturing and critical infrastructures.
Describing IT/OT convergence
The so-called “IT/OT convergence” works on improving the efficiency in slow OT systems used in industrial manufacturing and critical infrastructures by reducing their gap. The merger of the two streams opens the OT world to the cyber-threat landscape.
Now, let me help you understand, “What is OT?” It indicates technologies used for the industrial and operational processes, comprising sensors and field devices such as pumps, transmitters, and valves. They came into existence in 1960 to be robust and operate for long continuous hours. At that time, there was significant usage of proprietary and legacy hardware with limited resources such as CPU and memory, which are used in combination with software for performing the functionality.
“As more companies work toward IT/OT alignment, the CIO and the IT organization will be at the forefront of fostering relationships and changing the culture of the organization,” said Kristian Steenstrup, distinguished analyst and Gartner Fellow. “This will require a hybrid of traditional IT and OT skills and development of the new intellectual property, while experience external to the company will be tapped into to assist with cross-topic education.”
Best cybersecurity practices for IT/OT environment
As digital transformation continues to take shape with the convergence of IT and OT, it is essential to implement best security practices for organizations across all industries. The network architecture can be different, but the overall approach should be the same. Here’s are some essential points to optimize your planning:
- The strategy, vision, and execution of the business plan should include reliability, security, and safety. These factors should be imbibed in the business planning process at all levels of the organization.
- There should be a clear understanding of technologies and threats in the IT/OT environment. The tools and technologies that work in the IT environment may not work in the OT environment. Also, the risk may be different in IT and OT environments.
- Every organization should have a threat intelligence framework prepared so that organizations have access to the latest information on threats and be prepared for dealing with them. Also, baseline security controls should be deployed across all layers of the organization’s environment.
- There should be a timely risk assessment within the environment as it helps identify vulnerabilities and check whether the appropriate security controls are in place.
- Establish the patch management or update it as it helps in addressing vulnerabilities. It also creates a requirement for patch management for control systems.
- Develop specific policies and procedures consistent with IT security, business continuity, and physical safety.
“A Gartner survey found that organizations are keen to integrate IoT and IT technologies (such as sensors, data stewardship, security, and analytics) into OT systems. However, IoT deployment is still in the early stages, and most organizations don’t yet have the skills, expertise, or time to drive the IT/OT alignment requirements.”
To implement these twin capabilities in the environment, organizations need to reach out for external help. The enterprises will feel the need to seek external service provider with proven experience in OT. According to Gartner, By 2020, 50% of OT service providers will readily collaborate with IT-centric providers’ IoT offerings.
To gather more information on this topic, check out our latest whitepapers on cybersecurity.