Home »  blog »  Establishing-a-Unified-defense-strategy-for-Converging-IT-and-OT-Environments---Pritam-Shah--Global-Practice-Head-----OT-Security--Inspira-Enterprise

Establishing a Unified defense strategy for Converging IT and OT Environments - Pritam Shah, Global Practice Head – OT Security, Inspira Enterprise


The interconnected world of today is juggling tasks across the two domains of physical or operational and digital.  In the past, technologies such as ICS or PLC under the umbrella of Operational Technology (OT) across the sectors of manufacturing, utilities, and transportation, among others, were not exposed to cyber threats in the absence of their connection to the internet.  Since these OT systems remained away for remote accessibility, the connectivity risks were also not taken into consideration.  With no connection to the internet and air-gapped, they were considered safe and faced less downtime, critical to the manufacturing sector.  On the other hand, IT landscapes were on the frontline facing growing cyber-attacks.

However, with digital transformation across all sectors and the growing emphasis on IoT and the flavors of IoT such as IIoT (Industrial), IoMT (Medical), and others, OT environments are left with no choice but to adopt Internet-based technology.  The risks of cyber-attacks on the OT systems are high and in this age of unprecedented technological advancements, the line between OT and IT is also blurring posing high security risks for organizations.  In such a scenario, effectively maintaining security and network operations across both domains is a challenge and their convergence is inevitable. This IT/OT convergence/Industry 4.0 began to take shape with machine-to-machine communication and IoT sensors.  This development established business continuity enabling operators to remotely access OT systems by bringing OT into IT networks. Industry 4.0 also enabled organizations to leverage data and connectivity, analytics, human-machine interaction, and improvements in robotics, to name a few.

IT/OT convergence – the dilemma

The merits of IT/OT convergence are undeniable. In this new approach, improved visibility, better collaboration between IT and OT teams, and enhanced risk management efforts are seen.  With the integration of the two technologies, organizations have the advantage of enhanced efficiency, higher productivity, cost-effectiveness, and faster time to market.  Both departments get less siloed as they are compelled to collaborate.

Despite the several benefits delivered, the convergence of IT and OT also presents complex security challenges.  Traditionally, IT security is more mature with active solutions, focusing on confidentiality, integrity, and availability, whereas OT solutions are passive in nature placing paramount importance on availability and safety.  In the OT environment, loss of production will have a direct impact on revenues. Furthermore, typical IT solutions cannot be deployed in the OT environments making it difficult to protect the IT/OT environment with traditional controls.

OT devices act on several different protocols that many IT systems do not understand and OT departments have limited knowledge of security aspects, thereby creating a dangerous security gap with IoT deployments.  The network behaviors vary too.  Moreover, multi-vendor systems and multiple protocols further complicate the environment.

IT/OT Convergence Strategies – the need of the hour

Threat actors are increasingly targeting the convergence point of IT and OT prompting the need for a unified defense strategy that can bridge the gap between IT and OT security.  With several industries having the potential to opt for convergence, the need to address the challenges with different strategies is high, enabling organizations to boost their possibilities of success.

Define Roles and Responsibilities: 

Generally, IT Security teams do not have access to OT assets as there is physical or logical isolation between the two.  It is crucial to appoint, dedicated OT/IoT security managers for each plant to manage the security programs.  Outlining the duties, roles, and responsibilities of both IT and OT teams and exploring opportunities for collaboration between them is essential.  It is equally important for both teams to communicate regularly and exchange knowledge, which will help them understand the challenges faced by each domain and to develop a proactive approach to security.

Awareness and Training: 

Educate all team members with access to OT/IoT networks about cyber security practices and the ability to recognize risks.  Security awareness training and cross-training are required for both IT and OT personnel at all levels where they develop a thorough understanding of all the risks associated with IT/OT convergence.  They will then be in a better position to understand each other’s needs as well.  All dos and don’ts of cybersecurity aspects must be shared with both teams.

Compliance and Regulatory Requirements:

Innovations and the advent of new technologies are introducing new challenges and risks which have to be taken into consideration.  IoT/OT security teams should have a deep understanding of the benefits and risks of new technologies and be able to implement strategies to maintain security and meet compliance requirements.  Assessments should be made for relevant regulatory and/or compliance requirements such as NIST, IEC62443, CEA, and others.  With new technologies, new regulations are introduced, so the teams must stay informed and establish compliance reporting.

Asset Visibility and Inventory: 

IT solutions are unable to identify all the OT/IoT devices that are deployed because the former can understand only IT protocols.  With OT solutions, there are 100s of protocols that exist and are used widely which typical IT security controls do not understand. Both security teams have to be able to identify, classify, and inventory all the systems/assets on the network.  By leveraging a single centralized dashboard, visibility into all assets and continuous monitoring for multiple OT/IoT systems is possible.  The networks have to be assessed for known vulnerabilities, which can be easily accomplished with innovative technologies. 

Network Behavior Mapping:

After the visibility is achieved, it is critical to map all communications between IT applications and OT systems where the interaction must be understood to safeguard the OT environment from outages or disruptions.  Monitoring of variables on the OT/IoT network, and visibility into all protocols, access ports, and links have to be established for identifying anomalous behavior. Understanding networks or behavior mapping is key and unified dashboards can be leveraged for the same as in an IT/OT hybrid SOC, where all alerts can be monitored with appropriate remediation measures applied.

OT MSSP/Managed Services:

Once OT Asset visibility and IDS solution are deployed, it is imperative to monitor alerts that may get generated for expedited remediation, operating round the clock. OT Managed Services such as OT/IoT Monitoring and Remediation, Incident Response and Vulnerability Management, Digital Forensics, Threat Intelligence advisory etc. play a very crucial role in making your OT systems Cyber-ready.

With the utilization of customized strategies and approaches for assessment, controls, and OT solutions implementations, organizations can traverse the complexities and challenges associated with IT/OT convergence.  With the utilization of customized strategies and approaches for assessment, controls, and OT solutions implementations, organizations can traverse the complexities and challenges associated with IT/OT convergence. By ensuring the continuous monitoring of alerts and anomalies for both digital and physical assets, along with complete visibility of assets and enhanced incident response capabilities, organizations can establish a robust OT/IoT cybersecurity posture.