AS CYBER THREATS EVOLVE, IT’S CRUCIAL TO SAFEGUARD OPERATIONAL TECHNOLOGY
CEOs must prioritize cybersecurity and take proactive steps to protect their Operational Technology systems, writes Dónal Munnelly (right) of BT Ireland
In the fast-evolving landscape of global business, CEOs have an ever-growing list of risks, and in 2024, cybersecurity should be at the top of that list. Operational Technology (OT), the backbone of many industries such as manufacturing, utilities, and food production, has grown to become a major target for cyber attacks.
A 2023 study by Rockwell Automation revealed a startling statistic: over 80% of OT cybersecurity incidents originate from compromises in IT systems. This statistic alone underscores the urgency of the matter. 2023 has seen major attacks in the utilities and manufacturing area that have crippled companies’ operations and resulted in halted production as well as supply chain issues.
BLURRED LINES
What is behind this growing trend? The convergence of IT and OT two historically distinct domains, is a significant contributing factor. Traditionally IT and OT teams have operated in silos, each with its own culture and set of priorities. However, the increasing integration of IT into OT systems, due to the drive to interconnect operational technology, has blurred the lines between the two, creating a new set of challenges that must be addressed.
This integration of IT and OT is often seen as part of the broader Industry 4.0 movement, which emphasizes automation and data exchange in manufacturing and production. As a result, legacy OT systems are now connected to the internet, expanding the threat surface for cyber attacks. This interconnectedness challenges the traditional hierarchical structure for industrial communications known as the Purdue Model, which has historically kept computing and networks deterministic by having devices operate at separate layers.
CULTURAL DIVIDE
The cultural divide between IT and OT presents another significant challenge. IT professionals who are accustomed to dealing with cyber threats must navigate a new world when it comes to securing OT environments. OT professionals on the other hand, are more focused on safety, availability, and performance than on security. The language of cybersecurity with terms like ‘threats’, ‘vectors’, ‘exploits’ and ‘vulnerabilities’ may be unfamiliar to many OT professionals. So how can companies address these challenges and safeguard their
OT systems? A comprehensive approach is an essential one that incorporates both cultural and
technical solutions. Workshops and off-site meetings can help foster communication and collaboration between IT and OT teams, helping to bridge the cultural divide.
At the same time companies must implement robust technical measures to protect their OT systems from cyber threats. This includes segmenting IT and OT networks using endpoint protection, enforcing stronger authentication measures, gaining more visibility into the OT network, and adopting a zero-trust security model, to ensure that the company’s critical business operations are secure.
IT/OT CONVERGENCE
Ultimately the responsibility for addressing these challenges falls to CEOs, who must prioritize cybersecurity and take proactive steps to protect their OT systems. This may include investing in cybersecurity training for employees, establishing clear security policies, and allocating resources to implement technical security measures.
With the IT/OT convergence this may now mean that the CISO is responsible for OT networks and needs to work in tandem with the manufacturing leads to secure production facilities without impacting productivity or safety.
The importance of cybersecurity cannot be overstated. As OT systems become increasingly interconnected and vulnerable to cyber threats, the risk of a major cyber incident grows. CEOs must recognize the importance of cybersecurity and take action to ensure that their organizations are adequately protected.
By addressing both the cultural and technical challenges associated with IT/OT convergence, companies can better position themselves to defend against cyber threats and safeguard their critical OT systems.