Bridging tech divided: the power of IT-OT unification in enhancing industrial security systems
In the rapidly evolving landscape of industrial operations, cybersecurity has become a top priority for most operators. With the threat landscape expanding as bad actors grow more sophisticated, and newer technologies like 5G and the cloud expanding the attack surface, it's crucial that Operational Technology (OT) and Information Technology (IT) teams work together to strengthen security.
A recent survey revealed some challenges in achieving this collaboration. The decision-making process regarding OT cybersecurity purchase decisions is highly divided, with just 40% of respondents saying that responsibility is shared between OT and IT. This divide is further exacerbated by cultural gaps and differing priorities. While IT security teams focus on confidentiality, frequent patching, and quick updates, OT teams prioritize uptime, safety, and reliability.
This cultural divide makes collaboration difficult. OT environments are intolerant of downtime, and IT-style security practices like patching or rebooting can cause operational chaos. Additionally, OT systems are often legacy infrastructures not designed with cybersecurity in mind, making them incompatible with many modern security tools and techniques favored by IT teams.
Another challenge is the lack of mutual understanding and skills between the two teams. With distinct skill sets and experiences, it's challenging to develop a cohesive security strategy that covers both domains without integrated training or shared knowledge.
Complexity in risk management is another hurdle. The convergence of IT and OT networks introduces new cybersecurity risks which require comprehensive, systematic risk management strategies that account for the unique criticalities and tolerances of OT environments. Organizations often struggle with risk treatment options suitable for combined IT-OT systems.
Communication barriers and siloed structures also pose a significant challenge. Historically, responsibility for OT cybersecurity resided with control engineers or plant managers, but as CISOs and enterprise security teams take over, coordination and accountability are still being redefined, causing friction.
Insufficient visibility and threat intelligence sharing are also issues. IT/OT integration demands strong visibility of network boundaries and threat sharing between teams, which is often lacking due to disconnected tools, processes, and cultures.
Despite these challenges, there are promising signs of progress. Over half of respondents intend to use the same Managed Security Service Provider (MSSP) for both OT and IT security. Over 76% of organizations in the industrial sector have been victims of cyber-attacks, yet 75% of respondents report attacks happening on a monthly, weekly, and even daily basis against industrial organizations. This underscores the need for improved cybersecurity measures.
The long-term goal is for OT and IT security to be seamlessly integrated and managed by the same solutions. 70% of respondents plan to consolidate IT and OT solutions from the same cybersecurity vendor. Both IT and OT teams should have a seat at the table when creating integrated security policies and practices.
Improving cybersecurity for industrial operations requires bridging the gap between OT and IT teams, as the bulk of OT attacks come in from the IT environment. This is a long journey, as both technical and cultural changes are needed for resilience against increasingly sophisticated cyber threats in industrial environments. It's a collaborative effort that requires breaking down traditional silos and creating a cooperative approach between OT and IT teams.
- The lack of unity between OT and IT teams in decision-making processes regarding OT cybersecurity regulations is a significant challenge (regulations, cybersecurity). This divide can further be worsened by cultural gaps and contrasting priorities (culture).
- The collaboration between OT and IT teams is crucial for strengthening cybersecurity, especially with the rising threats in the rapidly evolving industrial technology landscape and the increasing attack surface caused by new technologies like 5G and the cloud (cybersecurity, technology).
