7 strategies to Improve IT/OT Cybersecurity

How can organizations protect both information technology (IT) and operations technology (OT) from malicious actors and escalating cyber threats?

These threats fundamentally require that IT and OT teams collaborate and work together. However, the convergence of IT and OT has been a challenge across industries. To better understand this phenomenon, let’s first highlight the main areas of difference between them:

• Focus: IT focuses on managing and processing data and information to support business systems and objectives. OT focuses on monitoring and controlling physical industrial/operational processes and equipment.
• Systems: IT systems include computers, networks, software and data centers. OT systems include industrial control systems, SCADA systems, sensors and actuators.
• Purpose: The purpose of IT is handling information. The purpose of OT is controlling and automating industrial processes. IT systems enable communication, data analysis and software applications while OT systems control and automate physical processes in industrial production environments.
• Operation: IT systems mainly operate in an office environment. OT systems operate in industrial plant environments and interact with physical industrial processes.
• Performance metrics: Key metrics for IT include system uptime, response time and data accuracy/integrity. For OT the key metrics are system reliability, availability, safety and output capacity.
• Security: IT prioritizes data security, confidentiality and privacy. OT prioritizes availability, integrity and reliability of control systems. Security strategies differ due to their differing requirements.

In summary, IT deals with information flow and processing. OT deals with physical process operation and automation through control systems and sensors. As facilities become more digitized, IT and OT systems are increasingly integrated requiring a unified IT/OT approach to cybersecurity and data management.

Given their inherent differences, following are seven strategies and tactics that can help IT and OT work better together to protect organizations against cyberattacks and maintain a state of preparedness:

1. Improve communication and collaboration between IT and OT teams. Embark on a joint IT/OT exercise working through the response to a simulated cyber attack.
2. Leverage security strategies across IT and OT. Share policies, best practices, threat intelligence and technology requirements unique to each part of the business that maximizes security for each part of the business.
3. Segment IT and OT networks properly to limit lateral movement of data and communication between disciplines and parts of the organization. Deploy demilitarized zones (DMZs), firewalls, etc. to create an optimal balance between connection and isolation.
4. Understand security risks across the unified IT/OT environment. Audits, risk assessments, vulnerability scans and asset visibility studies are common in IT and should also be done in OT. Based on the results from both, develop holistic remediation roadmaps.
5. Deploy complementary security monitoring and analytics with centralized visibility across IT and OT. Use cybersecurity technologies to detect anomalies and cyber intrusions rapidly.
6. Control remote access to OT systems tightly. Limit connectivity privileges. Monitor third-party vendors. Authenticate strictly through multi-factor authentication with an audit trail.
7. Provide integrated security awareness and training to IT and OT staff at all levels of the organization. Update skills through continuous training.

What OT needs

IT has a 20-year headstart on the discipline of cyber protection. Therefore, given the differences between the disciplines and what IT has discovered over the past 20 years, what can OT learn from IT?

OT needs to follow IT’s lead or develop an NIST framework that addresses identification, protection, detection, response and recover activities or MITRE ATT&CK or something similar for the OT enviroment.

There should also be clear lines of demarcation established and understood between OT and IT. Even within the same organization, IT and OT are basically third parties to each other with completely different roles, responsibilities, applications, systems and technologies. OT should take the same position as IT with other third parties with regard to installing and managing their own firewalls.

Just as IT would, without question, say they are responsible for enterprise systems such as ERP, email, corporate data centers, infrastructure and business networks, OT must assume a similar level of ownership over their environment from a cybersecurity perspective.

To do this, visibility into plant floor networks is as important for OT as it is for IT to accurately determine what devices exist on their network. This is critical to asset inventory and use of configuration management tools to access up-to-date information on the network as it relates to software levels, installed programs, patch levels, etc. OT needs to take the same steps with asset detection, monitoring and remediation that IT has had in place for years.

By learning from and replicating the relevant processes and approaches to resources, funding, role definition and oversight that IT has successfully put in place over time, OT will be in a greater place of strength to monitor and manage their operations.

Dino Busalachi is chief technology officer and co-founder of Velta Technology, a certified member of the Control System Integrators Association (CSIA). For more information about George T. Hall Company, visit its profile on the CSIA Industrial Automation Exchange. 

Original Article: https://www.automationworld.com/cybersecurity/article/33037631/7-strategies-to-improve-cybersecurity