Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Advertisement

×

Message

EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

You have declined cookies. This decision can be reversed.

IT and OT Integration: The Future of Industrial Security

Written by  Simone Dresler Nov 02, 2017

In industrial organizations, security is traditionally divided across three silos: physical security, IT security and operational security (plant security and system integrity).

This divide makes it more difficult for facilities operators to identify and respond to incidents.

Also, modern-day operations often span complex IT (information technology) and OT (operational technology) infrastructures and typically include thousands of devices, which are increasingly being connected via the Industrial Internet of Things (IIoT). This creates new challenges for securing industrial environments, and makes cyber-physical security threats even more difficult to detect, investigate and remediate.

To protect this complex attack surface, many industrial organizations have devised ways to converge their IT and OT groups — or they are researching options for doing so. However, the ‘convergence challenge’ is truly a tough nut to crack as two main barriers exist.

IT and OT are Very Different

IT environments are very dynamic. For example, IT systems are patched, upgraded and replaced on a regular basis. IT staff are concerned about data confidentiality, integrity, and availability (aka CIA). They are very knowledgable about the latest IT trends and threats. However, IT personnel are typically not familiar with OT networks or industrial control systems, and few of them ever set foot on a plant floor.

In contrast, OT staff work in an operational environment where stability, safety and reliability are top priorities. Their jobs involve maintaining the stability of complex and sensitive environments such as oil refineries, chemical plants and water utilities that are populated with legacy systems that were implemented and haven’t changed for decades. The motto is: “if it works, don’t touch it”. OT engineers recoil at the thought of IT personnel being involved in the safety of their plants or tinkering with industrial control systems (ICS).

Also see: 90% of Consumers Mistrust the Security of IoT Devices, Dutch Firm Gemalto Study Finds         

IT and OT use Different Technologies

In general, IT people are used to working with the latest and greatest hardware and software, including the best security available to protect their networks. They tend to spend most of their time patching, upgrading and replacing systems.

Meanwhile, OT staff are used to working with legacy technologies, many of which pre-date the internet era. These often use proprietary network protocols, and lack basic security controls like authentication or encryption. They also don’t have event logs or audit trails. As a result, incident detection and response in an OT environment is very different than in an IT environment.

C-Level Support is Key to Success

Advertisement
Gearbest Gearbest Tablets - Up To 75% OFF promotion
Gearbest Tablets - Up To 75% OFF

To bring IT and OT staff together, and unify security thinking and practices, organizations need to create a culture of collaboration between both camps for the common good of the business. Easier said than done, of course.

Despite the challenges of bridging this divide, a number of organizations have achieved deep collaboration between IT and OT. The key to success is getting C-level support.

Some organizations begin by creating a C-Level role to facilitate the convergence. For example, it’s quite common to find a Chief Digital Officer whose role is to bridge the gap between IT and OT, merge the culture divide, and establish incident response processes that span both groups.

The successful deployment of industrial cybersecurity projects must leverage resources from both IT and OT. Business-level oversight and leadership helps ensure that the two sides will collaborate effectively with each other.

To make this happen, more and more organizations are taking senior, experienced engineers from OT business units, and assigning them to support incident response within the Security Operations Center (SOC). This creates an environment where people, processes and technologies straddle and unify both sides of the IT/OT fence.

Sponsored link: 10 of the Best European Cities for Art Deco Designs

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Red Hot Deals at Amazon

Latest News

Artificial Intelligence: The next phase of human evolution

Nov 24, 2017 39

Artificial Intelligence: The next phase of human evolution

I think we’re missing the bigger picture when it comes to AI.

  1. Popular
  2. Trending
  3. Comments

Checkout The Deals

Calendar

« November 2017 »
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      

Apple Mac Tips

apple mac tips