Fighting the common enemy: OT/IT cybersecurity convergence

Much discussed in recent years, OT/IT convergence is aimed at creating a synergy that provides businesses with strategic insights that can significantly improve internal processes, business decisions, productivity and competitiveness.

However, with the spread of IT functions and technologies into OT environments — and the subsequently enhanced interconnectivity — some of the cybersecurity risks associated with IT systems can seep into OT networks. Some companies are already experiencing a systemic interdependent cyber risk between the OT and IT sides of the business.

Operational friction between OT and IT

OT and IT personnel come to the table with different agendas, with different operating procedures and roles to play. OT engineers and plant managers are all about keeping the production going, and making sure it is safe, while trying to increase productivity and output. In relation to cybersecurity, system availability is their highest concern.

The IT cybersecurity view is all about protecting the company’s IP, information systems, customer data and business transactional data. In relation to cybersecurity, system confidentiality is their highest concern, over system and data availability or integrity.

As edge computing moves into the industrial environment and industrial process data is connected to external or in-house cloud technologies, the lines of responsibility for cybersecurity become blurred. Even if a company can maintain an effective air-gap between OT and IT environments (through effective firewall and edge gateway strategies for example), production and asset data is now moved into a realm where concerns of confidentiality may become more important. Conversely, traditional IT cybersecurity strategies cannot be realistically employed in OT environments, for technical and business reasons that have been described exhaustively elsewhere — and as is well recognised by every OT engineer.

Achieving a common cybersecurity viewpoint

Ultimately, it is to the benefit of both the OT and IT sides of the business that comprehensive and unified visibility of both OT and IT environments is achieved. This will give OT and IT teams the ability to isolate issues and reduce the friction involved in the activities required to mitigate cyber risk, as well as during incident response.

Even in OT systems that are still air-gapped, many still use IP-based control networks and operators still install software updates provided by the manufacturer, and will not be patched and updated regularly. This leaves open security vulnerabilities that can be exploited, typically by inadvertently introduced malware. Such infiltrations can cause costly disruptions and safety issues.

One way such risks can be mitigated is through the use of next-generation firewalls (NGFW) that can track network activity, accompanied by comprehensive cybersecurity tracking and reporting, as well as AI-powered threat intelligence.

The corporate IT infrastructure also needs a broad, integrated and automated cybersecurity technology that meets the same objectives of risk mitigation and reduced time to detection and response.

In the past, the IT side of the business has been well served by tools and techniques to achieve such goals. Similarly, over recent years the operational side of the business is also presented with many techniques and tools to achieve its cybersecurity goals, through industry standards and the support of those standards by large automation industry players.

However, as good as both the OT and IT solutions to the common cybersecurity threat are, this still leaves an OT/IT divide, with differing or disparate solutions to the problem.

A solution in common to a common problem

What is needed today, to reduce or eliminate operational OT/IT cybersecurity friction, is a way to give a comprehensive and common view of assets from a cybersecurity standpoint and a common infrastructure to respond to cyber threats. Such a common security fabric, utilising common NGFWs as well as integrated supporting software tools and threat intelligence, makes it possible to achieve broad visibility into who is on the network and what they are doing, and whether systems and devices are behaving within their normal operating parameters.

The alignment of cybersecurity risk mitigation and response strategies is key to minimising the risk associated with the alignment of business and operational goals through OT/IT integration. Only in this way can the friction between the aims of OT and IT teams be reduced, and the mean time to detection and response in the case of a cybersecurity incident be minimised.

Michael Murphy is the head of operational technology and critical infrastructure for Fortinet in Australia. His focus is on helping organisations build cyber resilience for OT and understanding how to achieve strong outcomes for OT security. Michael has held roles as a cybersecurity practitioner and senior sales engineer and has built OT incident response teams in Australia, New Zealand, London, Hong Kong and Singapore.

Image credit: ©stock.adobe.com/au/Ivan Traimak