Logo Intuity

Cybersecurity and industrial systems: the gap between IT and OT

Share article

Is there a different perception of cyber risk in the OT world compared to IT? Are the security countermeasures the same? Where is Cybersecurity positioned in the convergence process between OT and IT?

Industry 4.0 relies on a primary requirement: the interconnection of corporate assets and the continuous exchange of data. Such business context presupposes that IT and OT are no longer two divergent domains. On the contrary: the process of convergence of these two worlds is becoming increasingly necessary so that the company can successfully implement the now necessary digital transformation.

For the optimization of business processes, IT and OT must know how to talk stably. The fact that they have to do it safely is almost obvious in the IT world. Instead, it is less felt by those who come from a world that, until a few years ago, was “safe by definition” as isolated and inaccessible by external agents. The increase of the exchange of data between these two worlds, the communication telematic to and from external suppliers to the company, for remote maintenances for example, has contaminated the world OT with vices to which it was not prepared, one among all the security of the entire supply chain.

It is clear that the main gap to be filled both cultural and technological. Acquiring a correct perception of risk also becomes a fundamental element for an adequate defensive strategy. Perception difficult to create in a context where the “cyber” risk has become a problem for too little time.

Report SANS 2019 State of OT/ICS Cybersecurity Survey

This feeling of risk is slowly maturing as evidenced by the new edition of the “SANS 2019 State of OT/ICS Cybersecurity Survey” published in June. Over 50% of the 338 companies surveyed globally assessed their company’s cyber OT risk level as critical.

These data show how companies are becoming more sensitive to cybersecurity even in the OT. In particular, in the SANS report, about 62% of the companies surveyed attributed to the human factor the greatest danger for the compromise of OT/ICS systems, including both external and internal actors. 22% are attributable to technology and 14% to business processes

The report “SANS 2019 State of OT/ICS Cybersecurity Survey” highlights some challenges for those involved in improving OT cybersecurity. First, the awareness of how it is unthinkable to address the security of industrial systems with the same methods used in the IT world.

The governance of the latter’s risk is focused on the reputation of the business, confidentiality, integrity and availability of the data. While for the OT area, safety countermeasures focus on the reliability and continuity of production processes.

The need to ensure business continuity is therefore the goal, but also the limit in addressing the cybersecurity issue in the OT mode. We want to make the environment safe, but at the same time there is a fear that the actions taken may themselves have an impact on the reliability of production systems.

We believe that, although the objectives are different and some methods are applicable, in one context and not in the other a shared approach to security is appropriate because there are many more common problems than specificities.

Case study

From our recent experience with an important company in the Italian agro-food sector, it emerged that the management systems of production machines were accessible from the inside and outside with a banal authentication.

The example shows that, in IT/OT convergence, the problem of password management is a problematic point of contact. The technological theme is once again marginal compared to the need to acquire a correct perception of risk.

Despite the different objectives of these two business areas, convergence between the IT and OT worlds is now inevitable. A cybersecurity breach could easily spread and also have repercussions on production department supervision systems.

In this process of convergence between IT and OT, what are the cybersecurity countermeasures that companies are focusing more on?

In order of importance, the survey shows:

  • Equip yourself with tools to increase visibility on OT/ICS asset and system configurations (45.5%).
  • Do security assessment and/or audits on OT/ICS systems and networks (37.3%).
  • Invest in cybersecurity awareness/training programs that include OT/ICS (29.5% and 29.1%).
  • Install anomaly/intrusion detection tools on OT/ICS networks and systems (28.3%).

Interestingly, among the first needs perceived by companies is to focus on a change of general culture through security awareness and training, This demonstrates that the human component and the perception of risk are also essential elements in OT to effectively address the present and future challenges related to cybersecurity.

For sure, and the data shows it, the time has come when the IT and OT world could remain two separate, non-communicating spheres. We need an organic approach to cybersecurity and the creation of a shared culture is in this sense the necessary glue to protect companies in all aspects of their business, Digital Transformation makes less and less sense to consider them as separate worlds.