none

CONVERGENCE OF OT AND IT

26-04-2019
by 
in 

As organisations seek to maximise their investments and leverage common infrastructure the days of isolated and independent networks for the operational technology (OT) and information technology (IT) are disappearing. This convergence is driving some significant challenges to the businesses trying to lead the way in an already complex landscape.

The first challenge is to ensure that the gap between the IT and OT teams can be bridged to build a cohesive strategy and to eliminate any security gaps through a common framework to drive a reduction in the organisations cyber risk. Quite often this process requires a level of rebuilding trust between teams or - in some cases in larger environments - introducing the key members from both teams.

Generally while there may be a common business goal for both teams, it is likely that they have very different missions and paths to achieve the business goals. It is important that up front the organisation outlines the key reasons and goals for the convergence that are likely to be centred on:

• enhanced revenue generation or protection of existing revenue

• cost savings that impact the bottom line or

• performance improvements created by company-wide visibility or innovation.

Once the bridge has been formed the teams then need to focus on leveraging their combined skills – from a security perspective this can be a steep learning curve on both sides.

OT Security generally covers security controls related to process control systems (PCS) and supervisory control and data acquisition (Scada) environments collectively referred to as industrial control systems (ICS). These systems come with a level of complexity and teams will be challenged by issues such as the different communication protocols compared to the IT environments.

There will however be elements that are very common to the IT teams (and where the expertise can be found) including firewalls, switches, workstations which run the software for managing the ICS environment. Generally these devices will have a much longer expected lifespan than their IT counterparts and therefore it is likely that these systems contain a greater number of inherent vulnerabilities and pose a greater risk to the converged environment.

So where do I begin in protecting these systems?

Many of the approaches are consistent between IT and OT and you will find common themes within the Australian Cyber Security Centre’s Essential Eight – the strategies to mitigate cyber intrusion.

The key elements to focus on include:

• Restricting network connectivity of the OT environment with IT environments and with the Internet

• Implement network-level encryption such as a VPN

• Introducing multi-factor authentication and a strong policy ensuring default vendor passwords are changed and stored securely

• Implementing application whitelisting to ensure that only authorised code can be executed.

Application whitelisting has traditionally been one of the more difficult strategies to implement however with recent advances this has become realistic to achieve in short timeframe and in a cost-effective manner.

Remember that driving change through convergence will be a journey involving the building of trust, a common strategy and implementing controls. None of these occur overnight, but with some careful planning and execution there can be significant benefits to your organisation.

Simon Masters is the Cyber Practice lead for Logi-Tech, where he manages the portfolio of products and services, security strategy, customer support and holds responsibility for security governance, risk and compliance programmes.

 

Related news & editorials

  1. Labour Senator Kim Carr
    06.04.2021
    06.04.2021
    by      In
    When the pandemic forced the Morrison Government to accept the importance of manufacturing, we began to hear a lot about the need to build sovereign capabilities in Australian industry.
    The Government still uses that rhetoric. The problem is that it doesn’t seem to be happening.
    One of the most... Read More
  2. Karen Andrews, Minister for Industry, Science and Technology
    02.03.2021
    02.03.2021
    by      In , In
    We make great things in Australia and we make them well. 
    And as the Prime Minister and I have been saying, we want to continue to make great things here. 
    That belief is central to our Modern Manufacturing Strategy, and indeed all of the policy decisions we make to support our manufacturers.
    When ... Read More
  3. Brendan O'Connor, Shadow Minister for Defence and former Shadow Minister for Industry and Innovation.
    01.03.2021
    01.03.2021
    by      In , In
    Since I last wrote for Industry Update Manufacturing Magazine there have been some significant changes to my role within the Federal Labor Party. 
    In January I changed portfolios to become the Shadow Minister for Defence and Ed Husic has now become the Shadow Minister for Industry and Innovation. ... Read More
  4. Kim Carr, former Minister for Innovation, Industry, Science and Research
    01.03.2021
    01.03.2021
    by      In , In
    As Australian industry clicks back into gear after the lockdowns and disruption of 2020, it is important to reflect on the way the pandemic has changed the way we are governed.
    Governments have played a vital role in suppressing community transmission of Covid-19, thereby making a safe return to... Read More
Products
Suppliers