Cybercriminals are posing a growing danger to industrial operations. A recent study from ABI Research and Palo Alto Networks found that over 76 percent of organizations experienced cyberattacks. A quarter of those surveyed said that a successful attack had forced them to halt operations at least once in the previous year. With emerging technologies like 5G and the cloud broadening the attack surface and bad actors becoming more skilled, the risk of an attack keeps growing.
Cybersecurity has become a priority for most industrial operators with AI assisting cyber criminals with codes, yet organizations are still having difficulty putting this technology into practice. Lack of coordination between the IT and OT teams is one of the main challenges. Since IT is the source of the majority of OT attacks, this disconnect is a serious issue. Closing the OT-IT divide is necessary to improve cybersecurity for industrial processes.
OT cybersecurity: Whose job is it anyway?
Determining who is in charge of OT security is critical as cyber-attacks against industrial organizations keep coming faster; 75 percent of respondents report attacks happening on a monthly, weekly and even daily basis.
Most industrial operators today understand the importance of cybersecurity for OT environments, but part of the challenge is that 72 percent of attacks against this area originate from the IT environment. That means OT and IT teams can’t work in isolation to strengthen security; it must be a collaborative effort.
However, there are common obstacles to achieving the necessary coordinated strategy, especially when it comes to security investment. The slow convergence is due to three primary reasons: there are different products for IT and OT security, it requires working with people with different backgrounds and objectives and there’s a need for building new processes.
Currently, when it comes to who’s responsible for OT cybersecurity purchase decisions, it’s highly divided. Just 40 percent of survey respondents said that responsibility is shared between OT and IT; 28 percent said that OT influences but it’s ultimately IT that decides. Decision-making is another challenge; only 12 percent of respondents said the two teams were aligned in decision-making and 39 percent categorized the situation as frictional.
These discrepancies stem from the historical roles of both teams. IT has traditionally overseen security company-wide, while OT hasn’t focused on that until recently; these teams’ efforts were centered on industrial operations.
Closing the gap for better cybersecurity
Addressing the friction and the disconnect between IT and OT is imperative to better OT security. With the ongoing convergence of IT and OT systems and technology within modern industrial organizations, security must be holistic and address the vulnerabilities and risks inherent in both environments.
Coordinating the decision-making process requires more communication between IT and OT. IT brings expertise in the appropriate solutions to counter threats, while OT experts understand the specific limitations and constraints of OT assets. Both must have a seat at the table when it comes to creating integrated security policies and practices and making critical security purchase decisions. That includes working together on things like tabletop exercises to gain a better understanding of potential security scenarios and how to solve them.
As IT and OT teams increase coordination of strategy and decision-making, they’ll also look to consolidate their security tools and products. For example, 70 percent of respondents said they plan to consolidate IT and OT solutions from the same cybersecurity vendor. And over half said they intend to use the same Managed Security Service Provider (MSSP) for both OT and IT security.
This process will take work. Not all vendors offer both IT and OT security solutions, and organizations will need to really ensure they’re choosing an option that can provide both equally without needing to compromise on either IT or OT security. Still, most respondents (79 percent) are certain that in the long term, OT and IT security will be seamlessly integrated and managed by the same solutions.
Toward a more unified approach
The need for stronger cybersecurity in OT isn’t in dispute as cyber-attacks grow in both volume and sophistication. Addressing this challenge requires coordination and consolidation between IT and OT teams. The two teams can’t work in isolation. OT and IT security are intrinsically linked, and that requires breaking down the traditional silos and creating a cooperative approach. That consolidated approach must also include looking to streamline security tools and find solutions that can address all aspects of the OT environment.