If you connect the dots between a recent article in Forbes and another on LinkedIn by “unencumbered” infrastructure analyst Gabriel Lowy, the answer to the OT/IT cybersecurity conundrum is teamwork.
While cooperation between OT and IT isn’t common, Gabriel points out that the DevOps movement was once nascent as well. And OT/IT teamwork might be forced by greater pressures from a catastrophic loss. What could be worse than losing financial records? Losing control of a smart hospital, factory, ship or building.
As Tempered CEO Jeff Hussey points out in Forbes, smart and secure as mutual goals can pose harsh dilemmas for organizations pursuing optimal returns:
Businesses are keen on optimizing operational efficiencies for enhanced service delivery, reducing costs and downtime through preventative maintenance, all while lowering energy consumption and harmful environmental impact. This is accomplished by collecting, analyzing and leveraging data from internet of things (IoT) devices, which, according to Gartner, Inc., can "learn behavior and usage, react with preventive action, or augment or transform business processes."
And here is the catch:
Despite the sizable number of positive business impacts IoT devices can have on businesses, many organizations have balked at the idea of deploying IoT devices and control systems, citing an overwhelming level of complexity and a lack of personnel with IoT training as their reasoning. The gap in IoT skills is a direct result of the information technology (IT) and operational technology (OT) convergence. Unfortunately, bridging that gap isn’t an easy equation. Simply adding IT staff to an OT team does not produce the correct answer. It’s back to complex mathematics again.
Gabriel Lowy recognizes the problem in his recent post on catastrophic risks when OT/IT infrastructures converge and the teams don’t. He also draws an insightful parallel between the emergence of DevOps and the much-needed operational convergence of OI/IT. A common, blended organization tackling both makes the most sense:
Converged OT/IT teams can ensure stronger defenses in the face of challenges posed by external cyberattacks, outmoded network and edge security, and internal data misuse by either ambivalent or malicious insiders. As ICS platforms better interface with IT systems securely, organizations can realize the benefits of improved assets management and operational visibility across converging OT/IT infrastructure.