The Cosmic Convergence of IT and OT: A Cybersecurity Odyssey
Jane Frankland is considered one of the top cybersecurity influencers in 2024 declared by LinkedIn, an author and a mother. She has also built her own growth hacking firm over time. In one of her recent books about Cybersecurity In the age of IoT and Edge Computing, she predicted the importance of the convergence between Information Technology and Operational Technology to consolidate an organization’s security stance. People gathered in droves to hear her speak at a recent conference held after RSA on how they can secure their businesses and operations. But the main focus in her talks and keynote speeches concerned a matter critical to the future of cybersecurity and emerging threats that Edge Computing and IoT devices are heralding, and she is warning the world to be prepared for even more sophisticated attacks. And to secure their IT and OT Operations.
In the vast expanse of the technology landscape, Information Technology and Operational Technology teams have mostly steered clear of each other, coming together only in times of a breach or a technological glitch which was critical and needed immediate remediation. All that is set to change.
We All Know IT, Don’t We?
As I ponder the various recent technological wonders of the digital realm, summing up IT seems a Herculean task. But here’s the effort to summarize it “IT encompasses the massive array of software that process, store and transmit data”. Components include servers, PCs, cloud infrastructure, and, of course, the Internet itself. They are designed to facilitate communication and collaboration. Cybersecurity in the realm of IT is mainly focused on data confidentiality, integrity and systems availability, primarily from external threats. Choices of weapons? Firewalls, antivirus software, encryption and all other next gen technologies being developed to secure organizational environments.
It is often a joke among cybersecurity specialists that IT is as rapidly changeable as a chameleon in a disco ball factory with a dance floor. No one knows where the next bif threats are coming from. New threats are discovered daily, and the attackers keep coming up with new dance moves all the time, to bypass security. IT pros need to constantly be on their toes, updating their systems more frequently than a teenager changing their social media status.
But then, cloud computing and Edge devices gate crashed the party. Now every digital connected device is a potential victim of cybercriminals. Its like losing the keys of your house to your thieving neighbors and hoping they don’t steal your Picasso while you are away. The current trends in the digital realm have implied that IT is needed at hand at all times, across locations, devices and departments.
So Much for IT – What About OT?
While we go about our days at work, we seldom spare a thought of the devices and equipment that make it possible. Welcome to Operational Technology. Operational Technology at work simply refers to hardware or software that detects and causes changes through direct monitoring and control of physical devices, processes and events. Operational Security is usually automated within the organization or its cloud and monitored continuously while in operation. We still need a better understanding, dear reader, so here are five examples of the most common types of Operational Technology largely prevalent:
In the vast stretch of expanse we call the tech universe, Information Technology and Operational Technology have so far steered clear of each other, communicating only when there is a crisis or a glitch. But if we look back at history, virus attacks started around the 1980s, harbingers of a new kind of threat that could not be shot down. It took around 20 years more for cybersecurity to become a pressing need for government, businesses and organizations of all sizes. Today, OT is concerned with the physical world and most of its people, supply lines, infrastructure, fuel pipelines and even nuclear power plants. They could be called the musculoskeletal system of the global business infrastructure. Massive factories to civic services, manufacturing lines or even transportation systems, OT holds it all together. Some of the methodologies and practices, including technologies, adopted by OT include the following:
- Supervisory Control and Data Acquisition – SCADA systems leverage remote terminal units and Programmable Logic Controllers to manage distributed assets from a centralized supervisory console. They enable predictive maintenance of devices and equipment.
- Industrial Control Systems – Implementing strict access controls ensure that authorized personnel can access OT systems. MFA, role-based access control are some of the components of Industrial Control Systems and IoT devices that work on a large scale.
- Geopolitics in OT – Since the smooth functioning of most of the world’s infrastructure, business and society as a whole relies on what we have now come to call OT, something nation-states are increasingly adopting to sabotage, influence or carry out espionage. The ability for bad actors to affect power grids, defense systems, water supplies and transportation post regular and significant challenges regularly.
Some Important Statistics
- According to Gartner, by 2025, 75% of OT security solutions will be delivered via multifunction platforms, up from 15% in 2021.
- The global IT security market is projected to reach $345.4 billion by 2026, growing at a CAGR of 9.7% from 2021 to 2026 (MarketsandMarkets).
- The OT security market is expected to grow from $15.5 billion in 2021 to $32.4 billion by 2027, at a CAGR of 15.2% (MarketsandMarkets).
CONVERGENCE: THE RIGHT WAY FORWARD
As we navigate our way through the digital age, the distinction between IT and OT cybersecurity remains a crucial part of how society functions in this new era. As these systems become more intertwined, a holistic approach is the order of the day.
- The integration of IT and OT has been driven by the advent of the IIoT phenomenon (largely), and Industry 4.0 which aims to create smart factories and increase operational efficiency through increased connectivity and analytics. This convergence helps prevent threats with real-time intelligence on all functioning devices, not only securing them but also helping in improved decision-making and predictive maintenance.
- The trend towards IT/OT convergence is driven by compelling benefits. Integration of IT networks with OT systems allows for grater security and efficiency, enabling technologies like the Industrial Internet of Things
- The opening up of OT systems to IT networks ensures that continuous improvements and development in IT security also percolates down to OT environments, most of which were behind closed doors till now.
- Collaboration between IT and OT teams are becoming increasingly frequent, heralding a change in the way these teams operate
- Training and Education of employees about the potential to bridge the skills gap and develop professionals with expertise in both IT and OT cybersecurity
- Establishing standard operating procedures that address the unique security challenges of OT.
The Cyber Battlefield of Tomorrow
Standing on the precipice of a new era of digital transformation, the IT-OT convergence has created a treacherous landscape. With critical infrastructure, industrial processes and vast troves of confidential information hanging in the balance, the stakes have never been higher. Picture, if you will, a world where a single line of malicious code shuts down entire power grids, and you begin to get the picture. The battle lines are drawn, with professionally certified professionals in cybersecurity being the soldiers on our side. The clock is ticking. The world needs more cybersecurity professionals today.
The choice is yours. The battlefield awaits.