As cyber risks escalate in — particularly in critical industries, like manufacturing, energy, and transportation — boardrooms are taking center stage in fostering a truce between information technology (IT) and operation technology OT. The surge in technological dependencies controlling vital infrastructure prompts cyber-savvy boards to intervene strategically, advocating for heightened security collaboration across the IT and OT technology estates. CISOs often find themselves at the forefront of this battle, bearing responsibility for outages arising from cyber disruptions in both IT and OT environments. The slightest disturbances in OT environments can lead to disastrous effects, not to mention considerable costs, drawing greater attention on bridging the IT-OT divide to empower cyber resilience.
The greatest challenge boards and CISOs face in stimulating this collaboration is history. Traditionally, IT and OT networks have been managed in silos and a strong alliance between the two parties was not viewed as a business imperative. Forging new collaboration requires a nuanced approach, and facilitating these efforts starts with a mutual awareness and appreciation for each party. IT and security teams must acknowledge the unique operational risks found in OT, which extend far beyond the loss of confidentiality, integrity, or availability. OT environments often involve risks to human safety, the potential loss of life, and environmental catastrophe. On the flip side, OT teams must acknowledge emerging security risks and understand that legacy security strategies, like air-gapping, are no longer sufficient risk mitigation tactics.
IT teams have long embraced the benefits of digital transformation in their business operations, whereas OT has typically lagged behind. But that’s changing. Organizations today are increasingly embracing IT-OT convergence to bring the benefits of digital transformation, like efficiency gains and expanded capabilities, to their OT environments. However, this convergence has led to increased opportunities for threat actors, heightening the risk of cyberthreats. As IT and OT continue to converge, collaborative efforts are imperative for the development of a mature OT cybersecurity program to mitigate evolving cyber and operational risks.
The success of cybersecurity endeavors hinges on the ability of boards and CISOs to navigate the delicate intersection between cyberthreats and operational risks. This strategic collaboration not only fortifies critical infrastructure against immediate cyber challenges but also empowers risk management across various OT domains, encompassing insider threats, supply chain management, and incident recovery. The boardroom's proactive role emerges as a linchpin in securing critical infrastructure in the face of the ever-evolving cyber landscape.
The key for harmony starts with increasing visibility across environments and understanding points of convergence. Without proper visibility into points of IT-OT convergence and environments, or tools that can detect and respond to threats at machine speed, it can be difficult for IT teams to see and contextualize what is happening in OT networks. For years, IT often halted all operations at the first sign of malicious activity, until due diligence was completed and forensic evidence gathered. But with dire impacts on profits and efficiency, only in recent years, have they begun isolating suspicious events to minimize downtime and get systems back up and running as quickly as possible. However, OT has always operated with a quick return philosophy, given the criticality of operations.
The poor collaboration between these two counterparts most often stems from a lack of visibility.
In the event of a cyber incident, lack of visibility makes it nearly impossible for IT teams to efficiently respond and convey potential damages, leading many to cut off operations on both sides to avoid further damages. The Colonial Pipeline cyber-attack in 2021 offers the perfect example in which an IT incident resulted in the shutdown of OT operations, out of an abundance of caution, due to a lack of visibility across both environments. IT and OT teams bring different value and nuances to the table, but both must ensure they have adequate visibility and understanding in order to move beyond unplugging systems as their de facto response to potential incidents.
Like many other aspects of cybersecurity, AI can be very effective in increasing OT visibility. By nature, OT environments are well-defined, relying on regularity and most often performing very consistent, repetitive tasks. Thus, AI-powered solutions can learn normal patterns and easily identify and flag the anomalies. These subsequent alerts can then be utilized as a gateway for IT to comprehensively articulate to OT what deviations exist within their systems to foster an environment of collaborative information sharing. It also presents an opportunity for IT teams to communicate what constitutes normal and abnormal behaviors so OT can be on constant guard for atypical interactions. Most importantly, greater visibility and anomaly detection can present a clear picture, allowing both teams to make more informed decisions when it comes to creating standard security procedures and responding to incidents.
Recognizing the inevitability of cyber disruptions impacting OT, especially in critical sectors, requires boards to prioritize creating a unified front amongst IT and OT operations. This can be achieved by challenging teams to break down historical silos, while acknowledging the unique challenges and risks that pertain to each. Boards must also prioritize investment in robust network visibility tools and AI-powered solutions to facilitate communication efforts and informed decision-making. Working in synergy is the only path forward for protecting critical OT assets from bad actors and safeguarding against potentially fatal consequences.
