Imagine smart sensor data alerting you that a machine on the factory floor will break down after 48 more operating hours. Or it could be as simple as the conference room getting too warm during a board of directors meeting, so the sensor data automatically triggers the air conditioning to run cooler.
This is the reality of IT/OT convergence. IT networks and operational technology networks are combining forces in an IoT-enabled world to boost revenue, cut operating costs and optimize business processes.
However, adding internet connectivity to anything inevitably increases its cybersecurity vulnerabilities, and a hack of an IoT environment can be crippling. Seemingly innocuous sensors monitoring temperatures across a farmer’s fields or connected cameras surveying building entryways can become backdoors to full-scale attacks if the proper precautions aren’t taken. A factory taken offline for even an hour could cost millions in lost production. Even worse, such attacks could be life-threatening in the case of smart grids, connected utilities or other critical infrastructure.
Properly securing IoT requires historically siloed IT and OT teams to stop, collaborate and listen. Key to this is creating a strategy for who handles what and how. The SANS 2019 State of OT/ICS Cybersecurity survey found that 20% of organizations have an IT/OT convergence plan in place, while 64% are developing or implementing one. The remaining 16% having no plans in place, and enterprises lacking a formal strategy were unsurprisingly more prone to risks.
The benefits of IT/OT convergence are clear, and so too should be the need for IT/OT security. It isn’t the easiest task, but it’s a necessity to remain safe and compliant. This handbook outlines best practices for building a secure IT/OT convergence and integration strategy, as well as insights into why people may just be the most critical piece of the IT/OT convergence security equation.