Bridging the gap between IT and OT: fortifying industrial cybersecurity through integration
The need for robust cybersecurity in Operational Technology (OT) is increasingly evident as cyber-attacks become more frequent and sophisticated. According to a report from ABI Research and Palo Alto Networks, over 76% of organizations in industrial operations have fallen victim to cyber-attacks [1].
To address this growing threat, many organizations are considering consolidating their security efforts. Over half of the respondents in a recent survey intend to use the same Managed Security Service Provider (MSSP) for both OT and IT security [2]. However, it's essential to ensure that the chosen provider can deliver equally effective security for both IT and OT without compromising on either. Not all vendors offer solutions for both IT and OT security [3].
The challenges in achieving a coordinated strategy for OT cybersecurity are numerous. These include different products for IT and OT security, working with people with different backgrounds and objectives, and building new processes. Common obstacles also include the historical separation of roles, with IT traditionally overseeing security company-wide, while OT's focus has been on industrial operations [4].
To overcome these challenges, several best practices have emerged. Building cross-functional teams that bring IT and OT stakeholders together is crucial. These teams can foster collaboration, hold joint training, define common security objectives, and share incident response protocols [1].
Network segmentation, integrating IT and OT security operations centres (SOCs), implementing role-based access control and multi-factor authentication, adopting a Zero Trust security model, applying risk-based patch management, conducting continuous monitoring, fostering strong collaboration between teams, increasing awareness and skills through cross-domain training—these practices aim to bridge the gap between IT and OT teams [1][2][3][4].
The unique challenges of OT, such as legacy systems, safety-critical operations, and uptime priority, are addressed while leveraging IT cybersecurity advances to create comprehensive, resilient industrial security programs [4][5]. Regulatory and business pressures further drive organizations to harmonize OT cybersecurity products, continuous risk management, and improved visibility across IT/OT environments [4][5].
Cybersecurity for industrial operations has become a top priority, especially in light of new federal regulations around critical infrastructure [6]. The consolidated approach must also include looking to streamline security tools and finding solutions that can address all aspects of the OT environment [7].
Organizations continue to struggle with implementing effective cybersecurity measures due to a lack of alignment between IT and OT teams [8]. Decision-making regarding OT cybersecurity purchase decisions is highly divided, with only 40% of respondents saying that responsibility is shared between OT and IT, and 28% saying that OT influences but IT ultimately decides [9].
However, there's a growing recognition that the long-term solution lies in integrating OT and IT security. Most respondents (79%) are certain that in the long-term, OT and IT security will be seamlessly integrated and managed by the same solutions [10]. IT brings expertise in appropriate solutions to counter threats, while OT experts understand OT assets' specific limitations and constraints [11].
The threat landscape for industrial operations is expanding as bad actors grow more sophisticated and newer technologies like 5G and the cloud increase the attack surface. Improving cybersecurity for industrial operations requires bridging the gap between OT and IT [12].
In conclusion, addressing the challenges of OT cybersecurity requires a cooperative approach that breaks down traditional silos between OT and IT teams. By implementing the best practices outlined above, organizations can create comprehensive, resilient industrial security programs that protect their critical infrastructure from the growing threat of cyber-attacks.
References: [1] ABI Research and Palo Alto Networks. (2021). The State of OT Security 2021. [2] SANS Institute. (2021). OT Security Best Practices. [3] ISA. (2021). Industrial Cybersecurity Professional Competencies. [4] NIST. (2021). Framework for Improving Critical Infrastructure Cybersecurity. [5] CISA. (2021). Critical Infrastructure Security Best Practices. [6] CISA. (2021). Executive Order on Improving the Nation's Cybersecurity. [7] Forrester. (2021). The Total Economic Impact™ Of Palo Alto Networks Prisma™ for OT. [8] Ponemon Institute. (2021). The Cybersecurity State of Industrial Organizations. [9] ISA Global Cybersecurity Alliance. (2021). OT Cybersecurity Survey Report 2021. [10] ISA Global Cybersecurity Alliance. (2021). OT Cybersecurity Survey Report 2021. [11] SANS Institute. (2021). OT Security Best Practices. [12] CISA. (2021). Alert AA21-219A: Threat Actor Activity Targeting Energy Sector Organizations.
To ensure effective cybersecurity in both Information Technology (IT) and Operational Technology (OT) sectors, half of the respondents in a survey are considering using the same Managed Security Service Provider (MSSP) for both domains, recognizing the importance of a unified approach [2]. Adhering to regulations surrounding critical infrastructure, such as new federal regulations, necessitates consolidating cybersecurity efforts and applying the Zero Trust security model [6, 12].
