Converge, collaborate and conquer IT and OT security risks

Threats to critical infrastructure and operational technology

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

As the world transitions towards Industry 4.0, cyberattacks are no longer limited to theIT infrastructureof organizations. Threat actors are increasingly targeting critical infrastructure and operational technology (OT) in organizations from different industries. For instance, The European Union Agency for Cybersecurity (ENISA) has warned thatransomwaregroups will likely target and disrupt OT operations in the transport sector, in the foreseeable future.

One reason is that IT and OT networks have historically operated in siloes with limitedcollaboration. This has resulted in the lack of a cohesive strategy for organization-widesecurityrisk management. While IT security teams are often adept at handling the latest threats, risks on the OT plant network side usually go undiscovered and unnoticed.

Industrial Control Systems (ICS) often prioritize the ability to deliver uninterrupted services and lack security by design. Sectors such as oil and gas, transport, energy, and maritime tend to rely on legacy OT systems with outdated hardware and software. They grapple with issues ranging from dated and insecurepasswordsto a lack of remote monitoring to detect suspicious behavior.

The lack of integration between OT and IT means that OT systems are deprived of the benefits of mature IT security controls that enable swift risk management, leading to severe business losses in several cases.

A comprehensive and integrated security risk management strategy requires the convergence of security technology operations and collaboration between IT and OT teams to conquercybersecuritythreats together.

Global Delivery head of the CyberSecurity Practice at Infosys.

A case for IT-OT convergence

The adoption of Industry 4.0, digitization, and stringent regulatory norms and compliances are strengthening the case of IT and OT convergence. Such a convergence can potentially deliver a host of benefits around automation, data exchange, and smart decision-making capabilities.

When integrated, OT systems can tap into IT security solutions such as Security Information and Event Management (SIEM), log management, firewalls for segmentation, security service management, and directory systems. Organisations can benefit from improved mean-time-to-detect (MTTD) and mean-time-to-respond and resolve (MTTRR). The convergence of IT and OT systems delivers long-term benefits of improved efficiency and reduced costs of operations.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Cracking the IT-OT Collaboration code

The convergence of IT and OT systems can be challenging due to factors such as the vulnerability of OT systems, the complexity of legacy networks, and cultural differences and skills gaps between IT and OT teams. OT teams must bear the additional burden of complying with more stringent regulatory compliance.

Here are some ways to overcome these challenges:

Organizations must also assign dedicated leaders and establish governance structures that can oversee the convergence process while keeping the organizational goals and objectives in mind. A phased implementation can help reduce complexity and mitigate risks.

Conquer and amplify ability to mitigate risks

According to an Applied Risk survey of IT and OT security practitioners in the United States and Europe, 63% of respondents believe that the integration of IT and OT security operations centers (SOCs) will have the biggest impact on the management of cyber security risks.

The report also noted that nearly half of the respondents believe that a limited cybersecurity culture among key stakeholders is an impediment. Hence, organizations must ensure effective change management by addressing the cultural and organizational aspects of the convergence journey, including communication, stakeholder engagement, training, and addressingemployeeconcerns and resistance to change.

Also, organizations must appraise and implement important regulations such as Network and Information Security (NIS) by supplementing them with additional features, like strong authentication, access controls, network segmentation,encryption, intrusion detection and prevention systems, and regular security monitoring and updates.

Amid escalating cyberattacks and geopolitical upheavals resulting in losses worth millions of euros, the convergence of OT systems with IT is a crucial step to safely transition into Industry 4.0

To conclude

With the convergence of technology and Ops and collaboration between IT and OT teams, an organization can strengthen its overall security posture, quickly mitigate threats, and minimize overall security risks proactively.

We’ve featured the best business VPN.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:https://www.techradar.com/news/submit-your-story-to-techradar-pro

Shambhulingayya Aralelemath (Shambhu) is the Global Delivery head of the CyberSecurity Practice at Infosys. He has expertise in information technology and cybersecurity across various industries.

This new malware utilizes a rare programming language to evade traditional detection methods

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time