Closing the IT/OT security gap

May 25, 2018

A joint effort against a constant threat. 

In manufacturing environments, IT and OT have traditionally been like oil and water—they simply haven’t

Indegy's Mille Gandelsman

mixed well. This is changing, however, as manufacturers begin to see the benefits of connecting the two environments: improved product quality, better maintenance procedures, tighter inventory control, the ability to customize production, and of course, cost savings. Thus, today’s goal for smart manufacturing is all about IT/OT alignment.

Across the manufacturing landscape, as thousands of devices on the production floor get connected via the IIoT, the OT side of the house is quickly catching up to the IT side as a lightning rod for cybersecurity attacks and security concerns. This creates new challenges in securing the production environment, specifically by making cybersecurity threats even more difficult to detect, investigate and remediate.

Two worlds must become one

Because these two very different worlds are now connected, an attack that starts on an IT environment can quickly move to an OT environment, and vice versa. Lateral movement is almost always the preferred attack methodology among hackers because of the relative ease of finding a weak link in one system, leveraging it as the point of entry, and then quickly owning the entire network.

Few organizations currently manage IT and OT with the same staff and tools. Nevertheless, in order to address this new complex threat and to protect this broader attack surface, many manufacturers have begun converging IT tools with OT solutions, while aligning the strategic goals of two sides of the technology equation.

But this is only the beginning of the challenge.

There are great disparities between IT and OT environments and the people who run them. IT environments are dynamic, and the IT staffers are primarily concerned with data confidentiality, integrity and availability. Because of their role on the front line in identifying, mitigating and reporting threats, they oversee a fluid IT environment that is constantly evolving. Contrast that to an OT staff that works in an operational environment where stability, safety and reliability are top priorities. They rule over legacy systems that rarely change and which, until recently, were largely immune to cyber-threats.

The cultural gap between these groups is wide. Nevertheless, whatever technology is deployed, and regardless of the mindset that the individual has been used to, IT and OT professionals must come together to address security threats on both sides of the network. Further, they must collaborate to stop lateral creep of attacks that may have started in one environment and successfully spreads to the other.

Best security practices

One thing that can be agreed on are the key elements in establishing a robust security posture for manufacturing systems security. They include:

  • Threat detection and mitigation that combine behavioral anomalies with policy-based rules 
  • Asset tracking that includes dormant devices and goes as deep as PLC backplane configurations
  • Vulnerability management that tracks and scores patch and risk levels of ICS devices
  • Configuration control that tracks all changes to code, OS and firmware, regardless of whether they are done through the network or locally
  • Enterprise visibility to ensure that all data collected integrates to a single pane of glass

The impetus for IT/OT alignment

Security threats are (almost) constant and successful attacks occur regularly. Some industries are under regulatory or compliance drivers to ensure OT security. For example, regulations pertaining to industrial deployments and critical infrastructure specifically call for an environment in which there is the ability to conduct forensics across both networks in order to identify, thwart and report on incidents that can disable significant industrial controls. In manufacturing, a key driver is that production environments are essential to revenue and profits. To the extent that cyber-events can disrupt safety or availability, companies are prioritizing cybersecurity across the two environments.

Another impetus for IT/OT alignment is the business element. Organizations that fail in either area must answer hard questions posed by the board, shareholders and customers. Shaken customer confidence directly translates to the bottom-line and manifests both in the form of shareholder value or in revenue. This largely can be avoided by de-siloing the IT/OT systems and applying a robust security solution across these intercoupled environments.

Despite the challenges of bridging the divide, a number of organizations have achieved deep collaboration. The key to success is getting C-level support. Some organizations begin by creating a C-level role, such as the chief digital transformation officer, whose role is to bridge the gap between IT and OT, diminish the cultural divide, and establish incident-response processes that span both groups.

Creating true alignment between the worlds of IT and OT can reap significant operational benefits, but perhaps the most important benefit is to get better positioned for sustained success in a competitive business world.

Behind the Bio

Mille Gandelsman is CTO of Indegy, where he leads the company’s technology research and product development. Prior to Indegy, he led engineering efforts for Stratoscale and spent several years managing cybersecurity research for Israel’s elite intelligence corps. Mille is an IDF Talpiot graduate with more than 15 years of experience in ICS and cybersecurity.

Join hundreds of IT and OT pros at the 2018 Smart Industry Conference. Click here to learn more.