How IT/OT convergence has changed the cybersecurity game

Information technology (IT): it’s an umbrella term for all the computer hardware and software that every business uses to support its operations. Then there is operational technology (OT), the technology that manufacturers, processing plants and utility providers use to monitor and control many aspects of their operations.

Less than a decade ago, these were two separate worlds. They used quite distinct technologies with no interconnection, no means of transferring data between them and were managed by totally different teams. Most importantly, OT networks were not connected to the internet.

In recent years, that has all changed, driven by digital transformation, the emergence of Industry 4.0 and the increasing digitalisation of various manufacturing technologies and processes.

The administrative side of a company wants real-time information on what is happening in its manufacturing and industrial processing plants and wants to be able to control these to meet evolving business priorities. But this means the hitherto disparate worlds of OT and IT must be intimately connected so that data, and in some cases control signals, can pass from one to the other.

The benefits of OT/IT convergence are plentiful

The business benefits from such integration can be significant: increased production efficiency, elimination of waste, more timely delivery of products, reduced human error and streamlined operations.

Organisations can also gain deeper insights into their operations and make more informed decisions with enhanced visibility into their data. OT/IT integrations is a key component of digital transformation and can have a very significant impact on the way a business operates.

Underpinning all of this transformation is the extended Internet of Things (XIoT): an umbrella term that encompasses all cyber-physical devices connected to the internet. But this advanced connection also brings considerable risk. It exposes the formerly isolated world of operational technology to all the threats of cyberspace; threats it is in many cases ill-equipped to face.

Given their age and creation long before the internet emerged, many OT systems and devices are proprietary and often use legacy software that has never been subjected to a regime of regular patching to eliminate vulnerabilities, because connection to the internet was not anticipated when they were developed.

Securing hybrid IT/OT environments requires collaboration

Then there is the organisational challenge of securing an integrated IT/OT environment. IT teams are primarily focused on protecting sensitive digital information, such as personal contact information, medical records and confidential business documents, whereas OT teams are concerned with protecting physical processes and systems that enable critical infrastructure to operate reliably. IT teams are likely to have no familiarity with the technologies of OT, but despite this gulf between them, both teams must collaborate and cooperate effectively to ensure the security of integrated IT and OT networks: especially when real-time response to an attack is required.

Of particular concern are the OT systems used to control power generation and distribution, water and sewage, health care and transport. A successful attack on these can have devastating impacts well beyond reputational and financial damage, including widespread disruption and even fatalities.

There are a number of issues that can increase the vulnerability of an integrated IT/OT system.

• If the network is not well segmented, an attacker gaining access to one specific part of the network will likely be able to move laterally through the rest of the network.
• Many OT devices run legacy software that has not been updated in years and is no longer supported, which leaves plenty of time for vulnerabilities to be discovered and their details to be disseminated among cybercriminals.
• Many OT networks, such as those monitoring and controlling processing plants and production lines, are required to operate in near real time. Any IT security tool or security measure that increases latency can be a problem.
• Poor password management is another problem common to OT — given they were formerly isolated from the internet, the rigorous password management regimes common in the IT world today were simply not applied to OT systems.
   

Every device should have a strong password and there should be systems in place to log all access data. Tools are available that are purpose-built for providing and managing secure access to OT networks. They enable the provision, monitoring and control of role-based access to ensure all users, including third-party users, have access only to the level of information required for them to perform their assigned roles. These tools allow administrators to monitor all activity on the network in real time and quickly respond to any attempts at unauthorised access.

Visibility is essential

Before the security of an IT/OT system can be beefed up, its current status must be well understood. This means a comprehensive, current inventory of all assets attached to the network, which must be checked against a comprehensive and detailed list of vulnerable protocols, misconfigurations and more so security flaws can be accurately and comprehensively identified.

Tools are available that can give organisations visibility into their critical assets and their behavioural patterns, and automatically define and recommend network communication policies. These capabilities enable organisations to develop and implement zero-trust practices, significantly boosting their cybersecurity posture.

Securing an integrated IT/OT network also requires a collaborative approach by disparate teams that have never previously worked together and have little understanding of each other’s technologies. To overcome this hurdle, it is optimal to have one IT/OT cybersecurity program manager — ideally, one with expertise in both IT and OT— overseeing security for both of the networks.

Image credit: iStock.com/D3Damon