In the current technological landscape, organizations must balance competing demands. There is the conventional physical world, which is made up of machines, electromechanical devices, production systems and other business equipment. Then there is the digital world, which employs servers, storage, networking and other tools to process data and operate programs. These two areas have traditionally been separate domains, which exchange scant (if any) useful information or authority, and require radically dissimilar skill sets.
But the worlds of OT and IT are beginning to merge, creating many benefits. Technology advancements like the industrial internet of things (IIoT) and big data analytics are enabling IT teams to “see” and “take the pulse” of machines and other OT devices in the physical world. This allows the CISO or the security team that owns the responsibility of securing OT systems to implement appropriate measures to protect OT environments, systems and the data they handle.
A single, unified approach to IT and OT security processes such as this enables collaboration between IT and OT teams and combines business operations, insights and controls.
However, in today’s landscape, converging OT and IT is more of a theory than a practice. The goal is to maintain security continuously throughout the production process, without any disruptions. But in many cases such as ransomware or cybersecurity attacks on manufacturing or industrial companies, it results in being shut down.
IT/OT alignment challenges
Most industrial firms struggle with a lack of security coordination between their operational teams and IT-SOC analysts. Simply put, operational technology units are not cybersecurity experts, and cyber teams don’t necessarily understand machinery and devices. However, businesses are much better equipped to reduce and manage OT security risks swiftly and proactively when these groups collaborate.
Security teams such as the security operations center (SOC) are responsible for monitoring and responding to security threats and incidents, and they require trustworthy, data-driven insights into how different risks can affect operations. The SOC team should aim to identify and respond to potential security threats before they can cause harm to the organization. This may involve the use of tools and techniques such as intrusion detection systems, firewalls, malware scanners, operational security solutions and more. OT teams need to understand how to triage risk mitigation without downtime.
Both teams must be able to identify high-priority OT security warnings and have the same mitigation playbooks to contain risks. All key data, high-priority risks and mitigation requirements must be transparent for both teams so that the left hand knows what the right hand is doing.
IT/OT alignment provides the data necessary to guide actions for all pertinent teams. And it also provides real time visibility into all devices, networks and systems that are critical for both IT and OT. Combining real-time visibility and a database of information over time opens the door to predictive risk management.
IT/OT collaboration
The goal of IT/OT technical collaboration is to integrate analog (OT) technology into digital (IT) systems. This is enabled by developments like machine-to-machine (M2M) communication and highly advanced IoT sensors and actuators installed on the equipment. They allow physical systems to wirelessly communicate key data back to a central server for monitoring and analysis.
The results of this analysis can then be fed back into the physical system, enabling a more autonomous operation, improving accuracy, assisting with maintenance and increasing uptime.
Enhanced security with IT/OT collaboration
IT/OT security collaboration requires clear communication and coordination between the IT and OT departments to ensure that the organization's critical infrastructure and systems are properly protected. This includes regularly sharing information and updates about security threats, vulnerabilities and incidents, as well as working together to develop and implement effective security controls and strategies.
Collaboration also requires the establishment of clear roles and responsibilities for each team. When an organization connects its OT environment and IT network, it enables decision makers across the entire company to act on data — eliminating siloed responsibility for risk mitigation and enabling preemptive risk identification and reduction. A unified dashboard provides centralized visibility of all assets and related data for more effective coverage of OT/IT network environments.
Another important aspect of good IT/OT collaboration is the development and maintenance of effective security protocols and policies. This includes clear guidelines for the handling of sensitive data, as well as procedures for responding to security breaches and other incidents. By working together, the IT and OT teams can develop and implement comprehensive security protocols that address the unique needs of the organization's critical infrastructure and systems.
OT, IoT and IIoT technologies are here to stay, and IT and OT teams must work together to keep them functioning. The collaboration of IT and OT must be a high priority for organizations that want to be resilient and secure.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.