Industrial operations are increasingly under threat from cybercriminals, with over 76% of organizations falling victim to cyber-attacks according to a recent report from ABI Research and Palo Alto Networks. A quarter of respondents reported having to shut down their operations at least once in the past year due to a successful attack. Meanwhile, the threat landscape continues to expand as bad actors grow more sophisticated and newer technologies like 5G and the cloud expand the attack surface.
While cybersecurity has been pushed to the top of the agenda for most industrial operators, especially in light of new federal regulations around critical infrastructure, organizations continue to struggle with implementation. One of the biggest challenges is a lack of alignment between IT and OT teams. Given that the bulk of OT attacks come in from IT, this disconnect is a major problem. Improving cybersecurity for industrial operations requires bridging the gap between OT and IT now.
OT cybersecurity: Whose job is it anyway?
Determining who is in charge of OT security is critical as cyber-attacks against industrial organizations keep coming faster; 75% of respondents report attacks happening on a monthly, weekly and even daily basis.
Most industrial operators today understand the importance of cybersecurity for OT environments, but part of the challenge is that 72% of attacks against this area originate from the IT environment. That means OT and IT teams can’t work in isolation to strengthen security; it must be a collaborative effort.
However, there are common obstacles to achieving the necessary coordinated strategy, especially when it comes to security investment. The slow convergence is due to three primary reasons: there are different products for IT and OT security, it requires working with people with different backgrounds and objectives, and there’s a need for building new processes.
Currently, when it comes to who’s responsible for OT cybersecurity purchase decisions, it’s highly divided. Just 40% of survey respondents said that responsibility is shared between OT and IT; 28% said that OT influences but it’s ultimately IT that decides. Decision-making is another challenge; only 12% of respondents said the two teams were aligned in decision-making and 39% categorized the situation as frictional.
These discrepancies stem from the historical roles of both teams. IT has traditionally overseen security company-wide, while OT hasn’t had much call to focus on that until recently; that team’s efforts were centered on industrial operations.
Closing the gap for better cybersecurity
Addressing the friction and the disconnects between IT and OT are imperative to better OT security. With the ongoing convergence of IT and OT systems and technology within modern industrial organizations, security must be holistic and address the vulnerabilities and risks inherent in both environments.
Coordinating the decision-making process requires more communication between IT and OT. IT brings expertise in the appropriate solutions to counter threats, while OT experts understand the specific limitations and constraints of OT assets. Both must have a seat at the table when it comes to creating integrated security policies and practices and making critical security purchase decisions. That includes working together on things like tabletop exercises to gain a better understanding of potential security scenarios and how to solve for them.
As IT and OT teams increase coordination of strategy and decision-making, they’ll also look to consolidate their security tools and products. To streamline, 70% of respondents said they plan to consolidate IT and OT solutions from the same cybersecurity vendor. And over half said they intend to use the same Managed Security Service Provider (MSSP) for both OT and IT security.
This process will take work. Not all vendors offer both IT and OT security solutions, and organizations will need to really ensure they’re choosing an option that can provide both equally without needing to compromise on either IT or OT security. Still, most respondents (79%) are certain that in the long-term, OT and IT security will be seamlessly integrated and managed by the same solutions.
Toward a more unified approach
The need for stronger cybersecurity in OT isn’t in dispute as cyber-attacks grow in both volume and sophistication. Addressing this challenge requires coordination and consolidation between IT and OT teams. The two teams can’t work in isolation. OT and IT security are intrinsically linked and that requires breaking down the traditional silos and creating a cooperative approach. That consolidated approach must also include looking to streamline security tools and find solutions that can address all aspects of the OT environment