Increasing threats in industrial environments require a more integrated approach to OT security

In IT environments, the focus is on safeguarding data and its integrity. Updates are common and typically installed overnight to avoid disrupting users, with backup systems often in place to take over in case of downtime. While digital twins, which simulate production scenarios, are becoming more common in the industry, there is little room for experimentation or security testing.

When examining how organizations approach OT security, the strategy is often the same. A “moat and castle wall” approach is adopted, keeping everyone out of the OT network. At the same time, remote access is needed for monitoring production and for maintenance, often handled by third-party specialists. This creates additional risks, as these external organizations are attractive targets for attackers. Managing the various points of entry becomes increasingly difficult, making it harder to secure them effectively and raising the risk of intrusion.

The OT network is often not publicly accessible but is connected to the company’s IT domain. This is the core challenge of effective OT security, highlighting the need for integrated protection. By implementing rigorous detection within the IT domain, you can prevent attackers from even reaching the OT network, and vice versa. The Colonial Pipeline ransomware attack a few years ago painfully demonstrated the interdependence of IT and OT. The pipeline was shut down not because the OT system was directly compromised, but because the hacked billing system prevented the company from operating effectively. Targeting a part of the IT system can be enough to disrupt OT operations.

In addition to detection within the IT network, all access points to the OT network must be mapped and monitored. This requires closer cooperation between IT and OT disciplines. Rather than addressing security in silos, a more integrated strategy where OT and IT work together is essential.

While this might seem straightforward, a recent Cisco study shows that 41% of companies in EMEA still have OT and IT teams operating independently. These teams also tend to have different backgrounds, with OT teams often evolving from technical services with more mechanical engineering expertise. Nearly 40% of organizations, however, believe that better collaboration between OT and IT could improve security. Integration is inevitable, and OT and IT security will increasingly be seen as a unified whole. Only then can governments and companies effectively respond to growing threats that could disrupt vital processes.