Over the past three decades, companies have witnessed the gradual merging of IT and operational technology (OT) -- better known as IT/OT convergence. Thanks to the advent of initiatives like Industry 4.0, and technology advances in 5G and IoT, convergence timelines have accelerated in recent years. This provides companies with an open exchange of data between IT and OT systems and, as a result, greater insight into real-time processes and increased business value.
However, these convergence journeys are not without their road bumps. In the past year, the world witnessed a series of highly publicized cybersecurity breaches originating from mismanaged IT/OT convergences. In many of these attacks, hackers gained access by infiltrating organizations’ OT domains, allowing them to control digitally enabled equipment and seize proprietary data. These highly skilled cyber criminals identified and exploited the security gaps that IT/OT convergence notoriously creates within nearly every organization -- namely, IT’s lack of visibility into OT systems and an inadequate set of security controls within both IT and OT domains.
Although the public may not have understood the correlation between these attacks and properly integrated IT and OT operations, business leaders certainly took note. And now, across industries, companies are accelerating their IT/OT convergence strategies and prioritizing cybersecurity measures to prevent future threats.
Here are four steps enterprises can follow to bolster their cyber defenses as they drive convergence agendas:
Assess IT and OT domains
To successfully merge IT and OT domains, start with an upfront assessment of all IT, OT and cloud connections and data flows. This will help establish a clear definition of the business demand as well as defense and operating goals that will be used to guide future deployment strategies. Once the foundation of the convergence agenda has been set, enterprises can dig deeper into their security practices and assess their existing architectures to identify connection dependencies between enterprise systems and operational systems, as well as cloud and third-party connections. This architectural approach is essential to enable IT security teams to have visibility of OT systems and associated “zoned” OT production architectures. When centralized data becomes available through secure connectivity and trusted access to OT systems, organizations then can leverage the opportunity to converge typically disparate IT and OT security resources to identify business, operational and security improvements.
Determine network boundaries and assign assets
After IT and OT security teams align and attain visibility into their respective systems, they will determine network boundaries and assign assets, or more specifically data connections, to define security zones. And while this step may seem simple, isolating critical production systems while providing limited or controlled access from IT systems is not trivial. To achieve these segmentation goals while keeping business impact top-of-mind, enterprises will likely require a range of tools, including secure network isolation software for cloud services and hardware-based isolation and application-specific firewalls.
Employ monitoring capabilities, defensive controls, and policy servers
Achieving asset visibility is crucial to securely converge IT and OT domains -- like the old cybersecurity adage states: “You cannot protect what you cannot see.” To overcome the notorious visibility issue, organizations will employ both active agent-based and passive monitoring capabilities within their OT domains. These tools can be integrated with existing IT security operations and can even identify business use cases to improve the value of investments made in OT monitoring beyond security. Organizations should also utilize and align domain-based defensive controls and policy servers as a part of their monitoring strategies.
Deploy an identity and access management model
Identity and access management (IAM) is the new cybersecurity perimeter. Many leaders are turning to the IAM model to support their convergence strategies as it allows an enterprise to control access to both IT and OT systems.
Traditional “isolated” OT systems are increasingly connecting to enterprise infrastructure due to technology dependencies and the need to connect to data. OT “Identity” programs have always been a way to minimize risk to operations by only allowing “qualified”, “certified” and fully “trusted” resources to gain physical access to critical systems, while remote digital access was not feasible nor permissible.
However, as the doorways to data are implemented, access controls have not been “regulated” across many industries, so security controls have lagged technology. Connected devices have continued to connect to both IT and OT infrastructure without fully “trusted” cyber security Identity and Access Control measures in place. remain neglected at times. Typical enterprise IAM integrations with operational systems can be implemented securely to manage some devices on distributed OT networks, but many systems have factory-built and proprietary communication protocols and cannot be “managed” using enterprise IAM technologies.
With digital transformation agendas taking off, and the inevitable blending of IT and OT as a result, leaders will increasingly need to revamp their cybersecurity strategies to align their teams and close any gaps created by IT/OT convergence. Beginning this process by assessing IT and OT domains, assigning security assets, employing new technologies, and deferring to an overarching IAM model will allow companies to holistically manage IT and OT security and minimize the damage that can be caused by attackers.