Critical Points of Intersection for IT and OT Security in the Energy Sector

The energy sector is experiencing significant digital evolution to accommodate rising demands for data center power, renewable energy generation expansions, and modernized distribution systems. These new connected infrastructures that enable distributed grid architectures intensify the need for the integration of information technology (IT) and operational technology (OT). This convergence broadens the threat landscape, heightening the risk from cyber and kinetic attacks that can yield extensive damages.

A crucial factor in securing both IT and OT landscapes, according to Joe Doetzl, Head of Cybersecurity at Hitachi Energy, is the use of integrated tools and methodologies. Historically viewed as distinct segments, IT and OT environments are increasingly being protected through unified strategies. The Zurich-based technology firm ensured a cohesive approach years ago by appointing a single leader for its IT-OT frameworks.

“As a security professional, proximity to your business operations translates to greater success. Despite differing mandates for IT and OT security, shared aspects allow for a cohesive application across the service portfolio,” Doetzl explained.

Doetzl also noted that the synergy in cybersecurity tools enhances their efficacy across the enterprise landscape. “We can leverage the same tools to assess cybersecurity risks and craft actionable strategies,” he stated. “The Governance, Risk, and Compliance (GRC) aspects align similarly. Our cyber defense center synthesizes information from our OT and IT environments, utilizing a unified technology stack for risk management and alert triage, employing the same personnel for incident response.”

In a recent video interview with Information Security Media Group, Doetzl addressed several critical issues including the advantages of threat intelligence sharing, strategies for supply chain risk mitigation, and evolving security regulations within the energy sector.

Joining Hitachi Energy’s predecessor in 2014, Doetzl possesses over 25 years of experience in securing IT and OT systems. He has spearheaded enterprise-wide cybersecurity and compliance initiatives tailored for the energy industry, showcasing leadership through crisis management, incident responses, and the securing of industrial control systems. As a Certified Information Systems Security Professional, he has developed cybersecurity programs for electric utilities and conducted audits for numerous North American utilities, ensuring compliance with NERC-CIP standards.