Getty Images
Getty Images 923872402

IT/OT Convergence is Here, But Are You Secure?

April 6, 2020
As these two disparate worlds converge, cybersecurity is no longer simply an IT problem. With the rise of IoT, manufacturers face a much wider, and less controlled, threat landscape.

Cybersecurity threats are nothing new for most organizations. And, unfortunately, far too many threats ultimately result in breaches with the ability to put companies in the headlines for all the wrong reasons. According to a recent research report by Risk Based Security, the number of reported breaches increased by 33% over 2018 numbers, with a total of 7.9 billion exposed records—making 2019 one of the worst years in history.

However, headline-worthy breaches have historically—and almost exclusively—shined a spotlight on IT issues. That’s not the case anymore. With the rise of the Internet of Things (IoT), the operational technology and information technology environments are converging and the threat landscape has grown significantly.

Simply put, digitalization is introducing a dramatic increase in risk of production disruption. OT networks no longer benefit from a limited attack surface. IoT devices and cloud computing capabilities are now playing a key role in manufacturing processes, and it’s a game changer, explains Siemens USA Chief Cybersecurity Officer Kurt John.

“This can be reflected in some of the latest malware, which is able to seamlessly move from IT environments to OT networks and back,” says John. “This confluence of technologies has resulted in more exposure, and manufacturers should start thinking about IT and OT as one instead of two distinct environments. Developing a holistic technology and security roadmap is the first step to combating the threats that face them.”

Convergence prompting rapid evolution

Fortunately, manufacturers are starting to realize there is a significant gap between the priorities of OT and IT teams, which has a major effect on cybersecurity initiatives, explains Alan Mindlin, technical manager at Morey.

“Manufacturers on the OT side are mainly focused on available services. Production must continue because any interruption could result in increased downtown or even ceased operations—dramatically impacting a company’s bottom line,” he says. “IT, on the other hand, may not necessarily be as worried about product availability, but instead focused on securing computer network security to avoid potential breaches that could wipe out critical data.”

Unfortunately, the amount of production processes connected to the internet is rarely transparent to manufacturing leaders. And as such, one data breach can cause significant manufacturing defects, explains Mindlin.

“Breached IoT devices have the potential to introduce defects into manufactured products without the manager’s knowledge,” he says. “This can result in products that do not function correctly, losing customers’ trust. With the growth of IoT connected devices, cybersecurity risks are escalating. Manufacturers and IT teams should focus on designing sophisticated systems that are robust and safe and secure.” 

In many instances, today’s OT environments resemble IT spaces from years past. “IT has, over the years, developed a robust process for identifying and eliminating vulnerabilities from the landscape. In some parts of IT, this is even fully automated,” says Siemens' John. “Contrast that with OT, which has a much longer lifecycle and does not have the same technological advancements in identifying and eliminating vulnerabilities and we have a perfect storm for bad threat actors to take advantage of these unprotected systems.”

John sees two fundamental challenges in OT—protecting existing older (yet still mission critical technologies) and integrating cybersecurity into the digitalization journey as manufacturers add new pieces.

“Addressing these topics will move OT protection closer to IT, where one day, because cybersecurity is so fundamental, manufacturers can deploy new technologies without having to be concerned about arbitrarily creating risks,” says John.

Interested in learning about the keys to success? The second half of this IndustryWeek print feature dives into the keys to securing this new reality.  

Popular Sponsored Recommendations

Navigate Complex Cybersecurity Requirements With Purpose-Built Technology Solutions

Dec. 6, 2023
The CMMC represents a critical mandate from the U.S. DOD. Aerospace & Defense manufacturers that handle controlled unclassified information (CUI) must comply with CMMC requirements...

Gain a competitive edge with real-world lessons on private 5G networks

Nov. 16, 2023
The use of private networks in manufacturing applications is rapidly growing. In this paper, we present valuable insights and lessons learned from the field with the goal of enhancing...

An Executive’s Guide to OT Cyber Incident Response

June 28, 2023
Learn what it takes to develop effective and rapid OT incident response capability to meet your organization’s unique needs.

Why DataOps may be the key to unlocking the full potential of digital transformation

Nov. 3, 2023
Read the 2023 market survey conducted by IndustryWeek

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!