Today’s Risks Demand an Integrated Industrial IT-OT Cybersecurity Strategy
Industrial organizations have traditionally viewed security from a siloed perspective. This was based on the unique challenges of IT and OT systems that demanded different security people, processes, and technologies.
The benefits of managing similar technologies with similar security methods were discounted in the belief that unique domain concerns and constraints take precedence. While domain differences need to be acknowledged, the inefficiencies and ineffectiveness of current approaches can no longer be tolerated. Many OT systems remain at risk of serious incidents. Security inconsistencies between IT and OT systems are enabling cross-domain attacks.
To address these critical issues, organizations need to adopt a more logical, functional view of cybersecurity and recognize that risks are the same regardless of where or how a cyber device is used.
Today, IT and OT systems require the same level of security support from people with specific expertise in PCs, servers, cloud applications, networks, mobile devices, and embedded systems that underlie modern IoT devices. Experts in specific application areas, like OT and cloud, can provide guidance regarding the appropriateness of various defenses and practices. But security management is best left to specialists.
Efficient and effective industrial cybersecurity requires a comprehensive strategy that includes:
- a cross-trained team of cybersecurity professionals
- a common set of security management processes, and
- a shared security technology portfolio that supports cross-domain management of endpoint protection, network security, and threat detection and response.
Visibility of all assets is essential and requires solutions that respect domain constraints.
Implementation of a modern continuous OT network monitoring solution can help organizations meet these requirements and give industrial security teams the broad AND deep information they need to handle today’s and tomorrow’s threats.