Information technology (IT) and operational technology (OT) convergence continues to be a topic of conversation among industry experts. Theoretically, it’s a good idea, however, IT/OT convergence isn’t as simple as one may be led to believe. Fundamental organizational challenges need to be addressed to achieve convergence, from political and cultural barriers to technical complexities.
IT/OT convergence is about building the relationship between information technology and operational technology to gain clear insights to improve efficiency, enhance operations and metrics, and harden a business’ security posture. In reality, one of the groups is overhead and administrative and relies on OPEX, and the other defines why the business exists, is revenue generating and relies heavily on CAPEX.
These groups are siloed, working with minimal communication, creating a political and cultural indifference toward each other. The key is defining and aligning the needs of OT, the revenue-generating side of the business, by collaborating and creating seamless communication and transparency. OT, with the assistance of IT, will need to lead the party out of the OT cybersecurity wilderness to create a more seamless and secure plant floor.
Being proactive with IT/OT convergence
Every business and plant is unique, with its own set of challenges, priorities, equipment and technology. In most instances, each manufacturing site is its own kingdom and operates independently of corporate governance groups, such as IT. This means there’s no standard approach to IT/OT convergence, and therefore a one-size-fits-all solution doesn’t exist. IT and OT departments don’t operate the same, and they shouldn’t. However, to improve functionality between IT and OT departments within organizations, it’s essential to encourage deeper conversations and collaborations between the disciplines to help bridge the gap.
Instead of pointing fingers or continuing to foster a culture of indifference, there should be a shared commitment to determine where they are and how they can come together to secure the overall business. One way to foster this newfound culture is through educating each other regarding process, people and technology. They should work together on joint technology decision-making and determine which group has ownership as well as responsibility and governance of people, process and technology. Whether it’s purchasing maintenance support or planning for digital security, a combined perspective with well-rounded expertise will benefit the business and begin to move the needle toward convergence.
Being proactive with convergence offers significant security benefits. In an increasingly digital manufacturing world, businesses can’t afford to keep a line drawn in the sand between the two departments. It also needs to be understood that IT cannot own the plant floor industrial control systems (ICS), for obvious reasons including safety, operation and production. When it comes to risks and threats, cyber crime now has an $8 trillion price tag, according to a recent Security Intelligence report. That’s another reason why IT/OT convergence is imperative.
When IT and OT work together, businesses can gain a comprehensive view of their operations that can help identify security risks and vulnerabilities. This visibility is crucial, as key manufacturing industries continue to be a target for cyberattacks and ransomware due to a variety of issues from software misconfigurations to unknown assets on the plant floor. Being proactive with collaboration across disciplines creates an opportunity to get safer sooner rather than waiting until it’s too late, which can result in lost data, costly downtime and physical safety hazards.
How can tabletop exercises help?
At Velta Technology, we’ve introduced a tabletop exercise to improve collaboration and identify vulnerabilities in an organization’s ICS environments. The tabletop exercise includes step-by-step methodology that displays how vulnerable your organization is to an adverse cyber event. This exercise typically involves the C-Suite, risk management and employees from the IT and OT disciplines.
A tabletop exercise is vital and beneficial in establishing ownership of ICS security. A defined plan and ownership over digital safety and security can offer much-needed clarity. By facilitating this comprehensive conversation and bridging the gaps between the two groups, improvements can be made to internal communications and ownership of security across the organization. This ultimately can help with convergence by breaking down the silos that have historically kept the departments separate.
Additionally, a tabletop exercise can help eliminate the “not invented here” syndrome often found in business. You’ll commonly see this when a preference exists for an established approach or way of doing things, even when it may not be the best approach across every department within the business.
Businesses may see the need to standardize their practices, but if a company has a large number of plants, it can be a challenging task to create a plan that will work for everyone. Often, each individual plant may have different equipment and separate management teams. A standard approach may not be practical or work for all of them. By having an open dialogue about unique solutions, this problem can be resolved.
Working together for IT/OT convergence
Another way to foster collaboration between IT and OT departments is through hands-on experience. By working directly together on the manufacturing side or spending a little time on the plant floor, IT can gain a deeper understanding of the challenges of physical equipment directly from engineers. This shared experience can help break down barriers between the departments and nurture an environment where IT and OT are aligned with priorities, goals and ways to accomplish them.
IT/OT convergence better prepares businesses for the continuously evolving manufacturing landscape. By prioritizing convergence and a strong digital safety and security posture, businesses can get ahead of the curve and be ready to take advantage of new developments in manufacturing as they emerge.
As Industry 5.0 and the Internet of Things (IoT) continues to evolve and shape the manufacturing space, IT and OT must prioritize working together. By working as equal partners and leveling the playing field, they can improve processes, increase operational efficiency and achieve well-defined metrics that are in alignment. They may also uncover security issues that previously have gone undetected. By having an open mind with IT/OT convergence and making it a priority within their business, businesses can effectively position themselves for greater digital and cyber safety and security.