Industrial Cybersecurity Pulse
  • SUBSCRIBE
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
SUBSCRIBE
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
Industrial Cybersecurity Pulse
Subscribe
Industrial Cybersecurity Pulse
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • IT/OT

Three ways IT/OT convergence is critical to industrial cybersecurity success

  • Rick Kaun
  • September 16, 2021
machinery
Courtesy of CFE Media
Total
0
Shares
0
0
0
0

One of the most common questions I get asked while I am on a panel or after a conference presentation is on the topic of information technology/operational technology (IT/OT) convergence. A lot has been written on it, from how should we manage it, to how we can avoid it, to everything in between. One industry peer, upon seeing this article, will likely remind me (again) that even talking about it or giving it a label is dangerous. He would contend that IT is merely a supporting or tangential component of an otherwise purely engineering environment, and to suggest that IT should ever be involved in anything to do with how OT functions (read: engineering principles of temperature, pressure, etc.) is missing the point. However, I strongly believe IT/OT convergence is fundamentally required and needs to be embraced.

I have written on this topic before (as have many others), so if you are looking for my pitch to OT types, read this blog post. Or if you wish to learn about how you can get IT and OT to work together, read my colleague John Livingston’s article “Four key steps to help your organization achieve IT-OT convergence.”

Now, I am going to offer three day-to-day functions where IT/OT convergence — or, more appropriately, IT and OT working together — is not only better for risk reduction, but also required to achieve any modicum of success. The alternative is to have your offshore IT support inadvertently reboot a seemingly innocuous firewall that just happened to be shuttling critical safety information to an automatic shutdown command. Yes, it is 2021, and, yes, we still have these situations.

There are three obvious scenarios where IT/OT convergence is critical to success: vulnerability mapping/identification, patching (or not) and threat/incident detection.

Vulnerability mapping/identification for IT/OT convergence

It seems straightforward. We all want to know about the vulnerabilities that exist in our operational environment. While IT prefers to use scan-based tools, in OT, there are two very real restrictions on scans:

  1. They can knock fragile systems offline
  2. They don’t get data on embedded assets (relays, PLCs, etc.).

As such, we are not getting the full vulnerability picture, which means we are ill-equipped to protect ourselves. What we really need is OT-safe tools for vulnerability identification, which would mean IT needs to abandon their preferred method for an alternative one. This is not typically how things unfold. Nonetheless, this is where I share my mantra with IT: We will collectively get OT to where it needs to be security-wise, but we are going to take a different path and will likely need different tools. The reality is, we need IT to help us track, decipher and understand the risk once identified.

To patch or not to patch

Patching or, more likely, compensating controls (because patching is not always an option in OT) is where IT knowledge really benefits OT in risk reduction. When something like BlueKeep comes out (wide in scope, high risk, not a lot of time to test), the clock is ticking, and the stakes are high. Most OT types can and will likely patch some systems (e.g., those that are low impact, like DMZ-based domain controllers). But what about the crown jewels? Like the laboratory information management system (LIMS) server, the safety system, critical human machine interfaces (HMIs) or the Layer 2 file server with all our programmable logic controller (PLC) ladder logic copies and backups?

This is where IT and OT must work together, because if we cannot patch, we want to provide second or third line of defense protections like disabling a remote desktop. Without a thorough consultation between IT and OT —  OT showing which systems need the patch, and IT helping to provide technical analysis and offering suggestions for Plan B or Plan C alternatives — we are left with either patching and crossing our fingers, or not patching at all. I don’t like the odds of either approach.

Threat/incident detection

Many companies have bought into the lofty promises of anomaly or threat detection tools to both inventory AND protect OT environments. Others are looking to get all OT data into existing (and capable) security operations center (SOC) instances. The challenge with either technology is that you are only as effective as the technician looking at the data. In both cases, you will absolutely need an OT review of what either technology might flag as problematic. Finding system-specific (read: proprietary OT behavior) indicators to ignore or escalate can only come from IT and OT actively working together on inbound data to properly tune your monitoring program.

To me it is clear: From initial discovery and identification, to proactive patching and risk reduction, through to live events, IT and OT need one another to be able to navigate their respective domains. Suggesting OT has the time or resources to duplicate IT skill sets in detail, or that an IT skill set can fully understand the nuances and fragilities of a complex OT environment, is inviting a major incident into your facility. To truly be successful, you must marry the two disciplines to foster collaboration in day-to-day management, maintenance and response activities. It is the fastest, most effective path to significant risk reduction and security maintenance in OT available to you.

– Verve Industrial is a CFE Media content partner.

Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.

Rick Kaun

Rick Kaun is the VP Solutions at Verve Industrial Protection.

Related Topics
  • CFE Content
  • Featured
Previous Article
  • Threats & Vulnerabilities

Albert Rooyakkers Interview: Expert advice on securing industrial control systems

  • Gary Cohen
  • September 15, 2021
Read More
Next Article
Test 2 Alt Text
  • Hacks & Attacks

Throwback Attack: ILOVEYOU, a love letter no one wanted

  • Christina Miller
  • September 16, 2021
Read More
You May Also Like
Richard Robinson, CEO of Cynalytica Inc.
Read More

Using Machine Learning to Protect OT: Expert Interview Series, Richard Robinson, Cynalytica

Courtesy: Industrial Defender
Read More

Six ways to strengthen OT security

Courtesy of: Verve Industrial
Read More

Four benefits of OT endpoint security asset management

Courtesy: CFE Media
Read More

Adapting XDR for OT cybersecurity

Read More

How Conti ransomware took down operational technology

As threat increases, college cybersecurity programs are more in demand
Read More

Dragos YIR report shows rise in threat groups, vulnerabilities and ransomware

Courtesy: CFE Media
Read More

Using defensive deception to prevent IT/OT manufacturing threats

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.
Read More

How ‘Think Global: Act Local’ can help manage OT security through COVID-19

SUBSCRIBE

GET ON THE BEAT

Keep your finger on the pulse of top industry news

SUBSCRIBE TODAY!
VULNERABILITY PULSE
  • Mitsubishi Electric - June 14, 2022
  • Meridian Cooperative - June 14, 2022
  • Johnson Controls - June 14, 2022
  • Microsoft - June 14, 2022
  • Citrix - June 14, 2022

RECENT NEWS

  • Protecting the power grid through cyber-physical threat response
  • How to secure Industry 4.0 in a highly connected world
  • Managing external connections to your operational technology (OT) environment
  • Webcast: Addressing Cybersecurity Challenges in Industry 4.0
  • How a desert water utility helped protect critical infrastructure

EDUCATION BEAT

Introduction to Cybersecurity within Cyber-Physical Systems

Cyber-physical systems serve as the foundation and the invention base of the modern society making them critical to both government and business.

REGISTER NOW!
HACKS & ATTACKS
  • Ron Brash Interview: Expert advice on finding the root of the ransomware problem
  • Throwback Attack: How the modest Bowman Avenue Dam became the target of Iranian hackers
  • Minimizing the REvil impact delivered via Kaseya servers
  • Key takeaways from 2020 ICS-CERT vulnerabilities
Industrial Cybersecurity Pulse

Copyright 2022 CFE Media and Technology.
All rights reserved.


BETA

Version 1.0

  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions

Input your search keywords and press Enter.

By using this website, you agree to our use of cookies. This may include personalization of content and ads, and traffic analytics. Review our Privacy Policy for more information. ACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT