The worlds of IT and physical-equipment-oriented technology (dubbed operational technology, or OT by Gartner) are converging. Operational technology within industrial companies has traditionally been developed, implemented, and supported separately from IT systems. Now OT is beginning to align with IT around standards, enterprise architecture, security models, software configuration practices, and information and process integration. IT teams across many industries (e.g. healthcare, transportation, defense, energy, aviation, manufacturing, engineering, mining, oil and gas, natural resources, and utilities) are converging, aligning and integrating their IT and OT environments, organizing their people, tools, and resources to manage both technology areas.
In-Depth Security Becomes Paramount as IT and OT Converge
Cybersecurity is mission-critical for manufacturing. If production systems are hacked, it can affect product quality, business profitability, and even safety. In the past, manufacturers have relied on “security through obscurity” for machines on the factory floor, since typical operational technology platforms have been proprietary systems that had limited connection to IT.
Today’s operational technologies, though, use generic infrastructure that runs alongside existing information- and administration-focused IT systems. Benefits of linking the machines on the factory floor to the network include data analysis to reduce downtime, increase operational efficiency, and improve safety and product quality. This new change, combined with an increased prevalence of cybersecurity threats in general, requires a new approach to security. The old security through obscurity approach is no longer valid. Today’s solutions must connect networks, enable monitoring, and secure data flows. They must deliver defense-in-depth features to organize, harden, defend, and respond to threats.
Avoiding Unintended Consequences
To ensure adequate cybersecurity in this environment, IT security experts must be involved in planning and implementation. According to Gartner, the key for CIOs is moving beyond IT to leading the exploitation of business assets of processes, information, and relationships across all technologies in the enterprise. Implementing a new approach to cybersecurity in manufacturing requires a deep understanding of cybersecurity protocols and policies, as well as experience in managing implementation and ensuring compliance.
IT Pros Know Encryption’s “Key Role”
As IT has traditionally worked from the top down, deploying and maintaining infrastructure for the management side of business, OT has built from the ground up, from machinery, equipment, and assets to monitoring and control systems. Now the two are colliding.
While IT/OT convergence undeniably makes cybersecurity more challenging, one thing is certain: encryption solutions should be applied to operations technology in industrial infrastructures to secure data at rest and in motion. Encryption provides the highest level of security—but the way encryption is achieved matters vitally. Many IT leaders are familiar with how hardware-driven encryption protects data, securing it even in cases where hackers successfully break in to the system. Hardware encryption can neutralize the most commonly executed breach techniques that threaten software-only encryption solutions.
Thus, it is crucial that managers of IT/OT convergence pay attention and assess how hardware-based encryption can provide virtually unbreachable protection for a whole new class of cyberattack targets.