Is IT-OT Integration Essential?

The divide between IT and OT teams can be likened to two groups speaking entirely different languages. While IT departments focus on data integrity and cybersecurity, OT teams prioritize systems availability and safety. Despite these differences, both teams are increasingly being encouraged to unify under the banner of digital transformation. The practical implications of this convergence raise questions about operational integrity and security.

See Also: AI vs. AI: Leveling the Defense Playing Field

Maryam Shoraka, head of OT cybersecurity operations at Sydney Trains, emphasizes the necessity for a “bridge” rather than a complete merger between IT and OT frameworks. While she supports shared cybersecurity intelligence and coordinated incident response, she cautions against pushing IT policies onto OT systems, which handle crucial processes like chemical management. The assumption that IT and OT are simply two names for the same function is flawed and often leads to complications.

CISOs and other executives advocating for merging cybersecurity practices for IT and OT frequently overlook the unique priorities that each team upholds. IT security tends to focus on the confidentiality and availability of data, while OT security prioritizes physical safety and operational reliability. This conflicting focus can lead to inadequate solutions during efforts to converge procedural areas like patch management and risk assessments.

Tanvinder Singh, director of cybersecurity and privacy at PwC South East Asia Consulting, notes that IT teams often lead cybersecurity efforts without fully grasping the challenges specific to OT environments. Such misunderstandings can disrupt operations and create frustration, as IT-led decisions may not account for the realities of continuous process industries where downtime is not an option.

For instance, Shoraka highlights issues stemming from IT policies that propose maintenance windows which do not exist in continuous process environments. This disconnect has tangible repercussions as organizations navigate increasing threats, including rising ransomware targeting OT systems. PwC reports indicate that targeted attacks originating from IT environments have financial consequences, with nearly 72% of incidents reporting significant losses.

Recent findings, including a report by Microsoft, identified unpatched, severe vulnerabilities impacting 75% of the most common industrial controllers. Such oversights can lead to successful lateral movements from compromised IT networks to OT environments, as noted in research by SentinelOne indicating that 25% of breaches involve such tactics.

Experts advocate for a structured approach that fosters coordinated autonomy, enabling IT and OT teams to manage risks collaboratively without compromising operational efficacy. This strategy involves understanding each other’s constraints and jointly overseeing incident responses. As AJ Eserjose of OT-ISAC recounts, efforts to bridge these worlds can lead to improved collaboration and a deeper appreciation of each team’s expertise.

Ultimately, while complete separation between IT and OT is impractical in a digital landscape, organizations must recognize the importance of maintaining distinct operational frameworks. Disregarding these differences could jeopardize security efforts and operational success amid evolving cyber threats.