Bridging the Gap Between IT and OT: What Matters Most for the Future?

IT and OT industries are experiencing a digital transformation that’s shaking up the way they do business. According to the most recent edition of SANS ICS/OT Cybersecurity, the #1 factor businesses are concerned with is the reliability and availability of their control systems. But when non-traditional attacks are plaguing enterprise networks, where are businesses turning to for help?

Among other options, enterprises are turning to the cloud for data storage and resource safety. This digital shift means that IT and OT operations must begin to work more cohesively to detect network threats. But there’s a catch: IT and OT industries operate using vastly different resources and organizational infrastructure – which means much like pineapple on pizza, they don’t go together. Or do they?

While digital transformation continues to shift the operating environment, IT and OT must learn to work together and understand their different, but cohesive roles. But how should enterprises start bridging this gap between IT and OT to build higher reliability and risk management? Kevin Kumpf, Chief OT & ICS Security Strategist with Cyolo, shares his insight on the importance of understanding how bridging the gap between IT and OT can change the future.

Kevin’s Thoughts:

“Today I’m here to talk to you about a recently published report in the area of industrial control systems and OT cybersecurity, stating that ensuring reliability and availability of the control systems is the number one factor that businesses are concerned about. Now, coupled with that is safety, as we all know, safety for these systems is paramount.

But what is leading the change in the industry today? That is digital transformation. Digital transformation is the taking of these systems and breaching that quote-unquote air gap boundary and placing data and other resources and management in the cloud, or bridging that boundary between IT and OT.

That is truly important today for businesses that are trying to look for efficiency, more data analytics, and better performance from their supply chain and factories, and other resources. But one of the key things we have to consider here is the cost of this. And as we look at the layers of this problem, One of the biggest areas is the difference in technologies and staffing between the IT and OT resources.

If you look at IT organizations overall as a whole, organizations are fully staffed with IT resources that have areas of security. Cloud, application management, vulnerability management, and things like that, as pillars that have been done for many years. If you look at the OT space, they’re definitely filled with contractors or smaller segments of the staff and patching and vulnerability management and things have only become important when systems have now breached that air gap boundary or life safety or other things, were at risk. So if we look at the reality of where we are going with the future, we can clearly see technologies such as SOAR, such as patch management software, as we’re seeing today and vulnerability scanning coming into this space.

The challenge is gonna be taking IT staff, and getting them to understand the nomenclature and the severity of risk if systems within the OT space come down as they’re working on them. And the other side of the coin is the OT staff trying to understand the IT technology that is being put into their place and working more cohesively with IT entities.

So the report that you’re about to look at here truly should give you some information and understanding about where these lie and how together we can bridge this gap with technology from Cyolo, other vendors, and IT and OT resources working to ensure the reliability and availability of the control systems.”