• 6842633f6676f7c65b133012 Dreamstime S 34807465

    IT and OT: Stronger Together in the Battle Against Cyber Threats

    June 6, 2025
    Strategies, principals and responses must be aligned between the two, or the business is at risk.

    Securing both information technology (IT) and operational technology (OT) in manufacturing isn't just a technical challenge; it's a shift in mindset.

    IT has long been responsible for protecting data and preventing cyber threats, while OT has focused on uptime and reliability. However, with the rise of industrial IoT, these once-separate domains are now connected, exposing industrial control systems (ICS) to new cyber risks.

    If IT and OT do not learn to work as a team, organizations risk fumbling critical operations, turning small mistakes into major losses—just like a poorly executed play can cost a team the game.

    Understanding the IT-OT Gap

    IT and OT operate like quarterback and a kicker, respectively—both vital to winning the game but with different strategies and priorities.

    • IT is the quarterback—fast, adaptable, and constantly scanning the field for threats. It reacts quickly, updating security controls and defenses in real-time to keep the company ahead of attackers.
    • OT is the kicker—precise, steady, and focused on execution under pressure. When called upon, OT must deliver flawlessly to keep operations running without disruption as livelihood of entire cities, diverse populations of people and industries rely on always-reliable execution. .

    A quarterback can make all the right calls, but without a reliable kicker, a team misses opportunities to secure the win. Similarly, a kicker can be the best in the league, but if the quarterback doesn't set up the right plays, the entire team suffers.

    Without alignment, IT and OT put the business at risk—whether that's a cyber breach, operational downtime or even regulatory penalties.

    Steps Toward IT-OT Integration

    1. Build a cross-functional security team

    A football team spends hours reviewing plays, understanding strengths and ensuring each position works toward the same goal. IT and OT teams need the same approach. IT professionals should understand the constraints of industrial environments that limit the ability to, for example, simply switch out an operating system, and OT teams should be familiar with modern security risks. A shared security strategy ensures policies protect both data and uptime without conflicts.

    2. Implement network segmentation and zero-trust principles

    A quarterback wouldn't leave his blind side unprotected, and organizations shouldn't leave industrial networks open to attack.

    Network segmentation—the act of splitting a computer network into separate zones—keeps threats from spreading across IT and OT environments. Zero-trust principles assume that no connection can be trusted and must reauthenticate, enforcing strict access controls.

    By committing to these fundamentals, organizations prevent a single weakness from leading to a total system failure.

    3. See everything, secure everything

    A quarterback needs a clear view of the entire field—where defenders are moving, who's open and where risks might emerge. The same applies to IT and OT security.

    Organizations must have full visibility into their network—both IT and OT—before a cyber incident takes them by surprise. Asset discovery tools, an application that helps detect hardware and software across an environment, and SIEM (security information and event management) solutions, collect security event data (logs) from systems, helping detect anomalies before they become threats. The sooner a team spots a problem, the faster it can adjust to avoid disaster.

    4. Lock down remote access without compromising stability

    IT wants security, while OT needs uninterrupted access. The key is making sure only the right people can enter the system while keeping threats out. Organizations can achieve this by:

    • Requiring multi-factor authentication (MFA): Ensuring only verified users can gain access.
    • Encrypting communication channels with HTTPS or VPN: Protecting sensitive data in transit.
    • Implementing privileged access management (PAM) to ensure that higher privileged identities, like administrative accounts, have access and credentials only when needed: Limiting access to only those who absolutely need it.

    With the right safeguards, IT can call secure plays and OT can focus on execution.

    5. Rethink patch management

    Timing is everything in patching. IT (the quarterback) wants to move fast, applying updates as soon as they are available. OT (the kicker) prioritizes precision, ensuring nothing disrupts industrial processes.

    A successful patching strategy requires balance between the two.

    • Prioritize high-risk systems: Focus on patching the biggest vulnerabilities first, for example closing publicly facing remote code execution.
    • Schedule maintenance windows: Time updates strategically to minimize downtime; this can be done by planning ahead and communicating outages months at a time.
    • Use virtual patching: Deploy security controls like firewalls and intrusion prevention systems (IPS) when direct updates aren't feasible, for example when Windows 10 cannot be upgraded due to operational software dependencies..

    When done right, patching strengthens security without causing the equivalent of a game-losing turnover.

    6. Strengthen incident response

    A team doesn't wait until game day to practice two-minute drills—they prepare for worst-case scenarios. IT and OT teams need to do the same by:

    • Defining clear roles for both teams.
    • Running attack simulations to test response readiness.

    When a cyberattack happens, a well-prepared team responds instantly, avoiding costly delays.

    Why IT-OT Integration Matters

    When IT and OT play as a team, organizations gain:

    • Stronger security: A unified strategy reduces vulnerabilities and strengthens defenses.
    • Greater stability: Faster threat detection and response minimize operational disruptions.
    • Regulatory compliance: A cohesive security framework ensures compliance with standards like NIST, IEC 62443 and ISO 27001.

    Moving Forward

    Merging IT and OT isn't just about adding new technology; it requires cultural change, collaboration and a long-term commitment to securing both data and operations.

    By taking a unified approach today, manufacturers can prevent costly fumbles, eliminate unnecessary risks and build a security posture that stands the test of time—no matter how tough the competition gets.

    About the Author

    Heather Case-Hall | Senior Security Solutions Architect, Myriad 360

    Heather Case-Hall is a senior security solutions architect at Myriad360, a global systems integrator specializing in data center modernization, cloud, cybersecurity, and artificial intelligence solutions. With over 26 years of experience, she has led enterprise security initiatives spanning penetration testing, incident response, and risk management. A CISSP-certified expert with multiple GIAC accreditations, Heather is known for bridging technical solutions with strategic business goals to help organizations strengthen their security posture.

    Continue Reading

    Sponsored Recommendations

    Voice your opinion!

    To join the conversation, and become an exclusive member of IndustryWeek, create an account today!

    New

    Photo Illustration by Robert Schoenberger with file images from Kraft Heinz, Pepsico and General Mills
    mergedrenamedbrandskraftheinz

    Mithy Evans
    abb_robotics_burgerbots_launch_dualarm_yumi_puts_t
    1000037279
    ID 149466428 © Bjorn Wylezich| Dreamstime.com
    dreamstime_xxl_149466428

    Most Read

    Sponsored