- Cybersecurity threats are increasing.
- Overcome IT/OT barriers to augment cybersecurity.
- Identify vulnerabilities set roles, redefine processes.
Not long ago, operational technology (OT) and information technology (IT) were demarcated as separate functional areas. Digital transformation initiatives, however, are fast blurring the lines between them. As an increasing number of businesses deploy IIoT devices such as sensors, smart energy management systems and remote temperature monitors to optimize productivity and improve efficiency, the cybersecurity risks facing the OT environment continues to grow.
Cybersecurity threats increase to OT networks
Over the last decade, malware encryptions such as NotPetya, Stuxnet, Aurora, and Havex have exposed the vulnerabilities of organizations to cyber threats stemming from breaches in OT networks. The bad news is the threats are still prevalent.
According to a survey conducted by Ponemon Institute and Tenable, 90% of IT security decision-makers admitted their organizations suffered at least one cyber-attack in the past two years. Another 66% were hit at least two times within the same period.
Cybersecurity stance in the OT applications
While IT cybersecurity has historically been concerned about data integrity, availability and confidentiality, things are slightly different in OT environments. Here, the priorities often revolve around reliability, availability, maintainability, and safety (RAMS) of mission-critical systems such as industrial control systems (ICS), supervisory control and data acquisition (SCADA), and distributed control systems (DCS). OT systems clearly represent distinctive cybersecurity challenges that are beyond the scope of traditional cybersecurity measures. The impact of threats associated with OT failure or malfunction needs no elaboration.
It is for this reason that original equipment manufacturers (OEMs) are striving to improve OT safety, reliability, and overall equipment effectiveness/efficiency (OEE) by leveraging enterprise IT and the internet. While this convergence has the potential to help organizations build a resilient stance against cyber threats, it also presents a series of risks if not managed properly.
Overcoming three OT/IT cybersecurity barriers
As business leaders focus more on integrating OT and IT infrastructures, there are three main cybersecurity barriers they must consider:
- Continuity of operations running on legacy technologies
- Different security stance of IT and OT teams
- Lack of security expertise in the OT environment.
Besides this, the distribution of responsibility and the lack of skill and tools also are something organizations need to take into account. According to an online survey conducted by security firm NTT Security, the skills gap is one of the biggest challenges facing businesses trying to mitigate OT security threats. What’s even worse is the majority of IT decision-makers are confused about whom is responsible for being at the helm of OT security.
Towards cyber-resiliency: Three cybersecurity steps
Plugging in security loopholes and improving an organization’s overall stance towards OT cybersecurity requires the implementation of a joint IT/OT cybersecurity strategy. While it’s difficult to achieve this right away because of the boundaries between IT and OT, it is essential for enterprises to figure out a combat plan while bringing the right technologies in place. Since IT/OT convergence is not an industry-specific phenomenon, the cybersecurity strategy will vary from industry to industry. Every organization, however, must take certain measures to lay the foundation for a larger and more specific cybersecurity plan. They are:
- Identifying threats and vulnerabilities: The effectiveness of a cybersecurity plan rests on how exhaustively IT/OT risks been identified. Since these two independent environments have different technology stacks, separate vulnerability analyses for IT and OT will never yield the correct picture. Organizations need to facilitate seamless knowledge-sharing between the two groups for a better understanding of each other’s domains. In this regard, cross-training IT and OT teams oneach other’s strengths and vulnerabilities is essential to pinpoint the scope of threat in the converged environment.
- Setting clear roles and responsibilities: IT and OT staff members have traditionally had different roles. As the two landscapes merge, the confusion and uncertainties surrounding each members’ responsibilities in the new environments can culminate into a threat in itself. Defining the roles and responsibilities of the staff members at the nascent stage of IT/OT convergence is crucial for a smooth transition as well as setting a solid foundation for the cybersecurity strategy. IT/OT security must be recognized as a single practice and led by someone who understands IT and OT equally well.
- Redefining the processes: The reasons mentioned in the previous point also necessitate redefining of the processes. In the converged landscape, since IT will be leveraged to make optimum use of OT, the data supplied by the latter can be a boon or a bane depending upon the processes in place. Without the right or clearly defined processes, the risk of data theft will loom continuously. However, the same data can help pave the way for improving the overall IT/OT cybersecurity strategy.
Real-time data analytics and the subsequent ability of informed decision making is an IT-enabled advantage organizations will no longer ignore with respect to their OT environment. IT/OT convergence will increase as organizations across industries realize the potential and scope of IT-enabled OT optimization. The security challenges that will occur as a result of this can only be mitigated if IT and OT teams work collaboratively and complementarily.
The OT landscape focuses on zero failure due to the risks that an equipment malfunction/breakdown may pose to humans, property, and the natural environment. The onus will mostly be on the IT providers to think beyond data security and make RAMS of OT systems an integral part of the development and testing model.
Amir Sobol is site leader Israel and head of LTTS Security Center of Excellence (CoE), Israel, and Yaron Pass is head of Engineering and Security CoE, LTTS. L&T Technology Services is a CFE Media and Technology content partner. Edited by Mark T. Hoske, content manager, Control Engineering, CFE Media and Technology, firstname.lastname@example.org.
KEYWORDS: Industrial cybersecurity, IT/OT convergence
Have you moved past legacy systems as a way to lower cybersecurity risk?
IT/OT collaboration must drive digitalization
Cybersecurity needs understanding and communication to work effectively
Physical and cybersecurity are converging
Original content can be found at Control Engineering.