Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mind the Gap: How to Align Your IT and Operational Technology Teams

With the rise of connected devices, industrial environments are no longer safe from cyberattacks. Here’s how to bridge your IT and OT efforts and enhance your organization’s security posture before the next threat emerges.

The industrial landscape is evolving rapidly. Modern-day operations span complex IT (information technology) and OT (operational technology) infrastructures. In many factories and plants, thousands of devices are increasingly connected via the industrial internet of things (IIoT). This convergence between IT and OT systems creates new challenges in securing industrial environments by making cybersecurity threats even more difficult to detect, investigate and remediate.

Adding to this challenging endeavor is the fact that IT and OT teams typically inhabit different parts of the organization, and with good reason. Until recently, IT infrastructure was the main battleground in terms of ensuring complete visibility, security and compliance, mostly because this was where organizations were being attacked. For the better part of two decades, IT was the thing that kept the chief information security officer (CISO) up at night. But that reality has changed. With our increasingly interconnected world, OT has quickly caught up as a lightning rod for new attacks and increased security concerns.

Ground zero for industrial security

The focal point for attacks on industrial operations and critical infrastructure has centered on industrial controllers. When these devices were first deployed, they were not connected and interconnected as they are today. Advances in technology have put these devices online and made them a prime target for hackers. 

Controllers were not built to address the security threats or innocent human errors we now experience. Outsiders, insiders, and outsiders masquerading as insiders are all possible actors capable of launching sophisticated attacks to take over machines for nefarious purposes. Hackers are no longer rogue individuals but members of carefully curated and systematic programs funded by highly motivated organizations and countries. A carefully executed cyberattack can accomplish as much, if not more, than modern-day warfare.

Furthermore, because industrial and computer networks are now connected, an attack that starts on an IT environment can quickly move to an OT environment, and vice versa. Lateral movement is increasingly the preferred attack methodology amongst hackers because of the relative ease of finding a weak link in the system, leveraging it as the point of entry, and then quickly owning the entire network.

Managing the convergence of IT and OT systems

Few organizations currently manage IT and OT with the same staff or tools. After all, these networks evolved with different sets of priorities and they operate in inherently different environments. Nevertheless, in order to address these new complex threats and the expanding attack surface, industrial organizations are converging their IT and OT groups

The “convergence initiative” is anything but simple. It requires not only the integration of IT tools with OT solutions, but also the alignment of strategic goals, collaboration and training, and bridging two departments that have different backgrounds, mindsets and concerns. 

IT teams are used to working with the latest and greatest hardware and software, including the best security tools available to protect their networks. They spend time patching, upgrading and replacing systems. Meanwhile, OT staff are used to working with legacy technologies, many of which pre-date the internet. These inherited systems often use proprietary network protocols and lack basic security controls, such as authentication or encryption, event logs or audit trails. 

As a result of these divergent workflows, incident detection and response in an OT environment is very different than in an IT environment. But while there are significant differences between the worlds of IT and OT, there are also key elements that both sides can agree on when it comes to establishing a robust industrial security posture:

  • Enterprise visibility to ensure that all collected data is integrated into a single pane of glass.
  • Threat detection & mitigation that combine behavioral anomalies with policy-based rules.
  • Automated asset tracking that includes dormant devices and goes as deep as programmable logic controller (PLC) backplane configurations.
  • Vulnerability management that tracks and scores patch and risk levels of ICS devices.
  • Configuration control that tracks all changes to code, OS & firmware regardless of whether done through the network or locally.

Staying ahead of new regulations

With the increased frequency of security threats, regulatory compliance is also accelerating IT-OT convergence. For example, the North American Electricity Reliability Corporation (NERC) and the Federal Energy Regulatory Commission (FERC) both require IT and operations staff at critical infrastructure facilities to collaborate, manage risks cooperatively and share relevant documentation to ensure security and reliability. 

In fact, regulations specifically call for an environment in which there is the ability to conduct forensics across both networks in order to identify, thwart and report on incidents that can disable significant industrial deployments and critical infrastructure.

Bringing together your IT and OT teams, systems and processes hastens compliance with regulatory statutes. The ability to proactively report issues and demonstrate compliance makes any potential audit significantly easier.

C-level support can make it happen

The successful deployment of industrial cybersecurity initiatives must leverage resources from both IT and OT. To bring these teams together and unify security thinking and practices, organizations need to create a culture of collaboration between both camps for the common good of the business.

The key to success is getting C-level support. Some organizations begin by creating a C-Level role to facilitate the convergence. For example, it’s quite common to find a “chief digital transformation officer” whose role is to bridge the gap between IT and OT, merge the culture divide, and establish incident response processes that span both groups.

Business-level oversight and C-suite leadership help ensure that the two sides will collaborate effectively with each other. To make this happen, more and more organizations are taking senior, experienced engineers from OT business units and assigning them to support incident response within the security operations center (SOC). This creates an environment where people, processes and technologies straddle and unify both sides of the IT/OT fence.

A successful collaboration between IT and OT can reap significant benefits, including:

  • Improved security automation, sensing and visibility
  • Increased control over distributed operations
  • Better compliance with regulatory requirements and tracking
  • Higher responsiveness when incidents occur
  • Better decision making based on more detailed information
  • Proactive maintenance and reduced response times to unforeseen disruptions
  • Improved flow of information to stakeholders

Many pundits and experts in the field say it is not an issue of “IF” but rather a matter of “WHEN” a security incident will occur. Bringing the IT and OT worlds into the same orbit helps ensure that when an incident occurs, the organization can weather the storm and in fact thrive amid the chaos.

For more information and best practices on enhancing your industrial security posture, check out our whitepaper, “Mind the Gap: A Roadmap to IT/OT Alignment."

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.