Site icon Connected World

Securing OT

With the rise of Industry 4.0 comes the convergence of IT (information technology) and OT (operational technology), which opens a new world of opportunities for critical organizations and manufacturers.

More often, we see these two areas coming together, with the objective to improve efficiencies, safety, business acumen, and so much more. It will enable realtime decision making, a more coordinated response to business, shared resources, eliminate unplanned downtime through predictive maintenance, all while making better use of use of data. Quite frankly, I am not sure it makes sense to have these two areas of our business siloed anymore. But with anything, there are hurdles to address.

The challenge is many of the operational technology systems controlling our energy systems, our manufacturing plants, and our critical infrastructure are still outdated. They were created at a time when industrial networks were far less connected than they are today.

The IT and OT convergence opens more security considerations. In the last 12-24 months, we have seen the rise in ransomware attacks—many of which are targeting OT.

Microsoft identified unpatched, high-severity vulnerabilities in 75% of the most common industrial controllers in customer OT networks. It also suggests there has been a 78% increase in disclosures of high-severity vulnerabilities from 2020 to 2022 in industrial control equipment produced by popular vendors.

Other new research suggests most critical organizations and manufacturers believe they are at high risk of an OT cybersecurity attack, as critical gaps in OT security strategies remain.

This comes from OTORIO and ServiceNow, which released new survey results that demonstrate there is a greater concern for ensuring safe and resilient operations. The goal here was to interview 200 C-level executives and directors in the United States and Canada, to identify OT cybersecurity challenges and priorities.

Here is what was uncovered. Roughly 58% of organizations identified their OT cybersecurity risk level as high or critical. Still, only 47% of companies have a solution in place—and 81% still manage OT risks manually in an age when risk management automation is increasingly crucial for efficiency and security. What’s more, 49.7% have established a team to develop an OT security strategy but haven’t in fact created a strategy yet. Yikes.

There are a few things we can do to address this.

First, companies need to start by creating that elusive strategy for IT and OT convergence—and specifically develop an OT security strategy. I have spoken at length about the IT and OT convergence on The Peggy Smedley Show. While there are many benefits of making this move, there are also many risks. Our outdated systems are ripe for attacks, and we need to start by preparing our companies and our employees.

Secondly, we need to prepare our technology systems. We need to update those outdated systems. What is also needed is an integrated and automated approach. Certainly, OTORIO and ServiceNow provide solutions, but there are many out there to consider.

As we move forward into this new era of innovation, how will your company respond to this OT and IT convergence—and the new security concerns that arise with it? The opportunities are endless, as I always like to say, but so are the risks. And we need to be prepared for both.

Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #futureofwork #digitaltransformation #green #ecosystem #environmental #circularworld

Exit mobile version