IT/OT convergence is a double-edged sword from a cyber-security lens. It can allow for more robust monitoring of systems, but it also might expose industrial control systems (ICS), process control systems and other operational technology to malware attacks, hacktivism, employee sabotage and other security risks that previously affected only corporate IT systems
To monitor and control IT/OT environments, people, processes and systems must be brought closer together to build a smarter, more secure network with high visibility, said professional services firm KPMG in a new report.
To be successful and lasting, converging information technology (IT) and operational technology (OT) environments requires the right preconditions in an organization’s environment and culture, according to KPMG’s latest cyber-security publication on IT/OT convergence in the energy and natural resources sector.
Preparing an organization’s people and culture for IT/OT convergence is critical for success, with process and workflow convergence being integral to a broader IT/OT convergence plan”, explained Ton Diemont, Head of Cyber-security & Data Privacy at KPMG in Saudi Arabia.
Cyber-security must not be overlooked and should be integral to an IT/OT convergence strategy, while organizations often prioritize efficiency or productivity improvements.
IT/OT convergence is a double-edged sword from a cyber-security lens. It can allow for more robust monitoring of systems, but it also might expose industrial control systems (ICS), process control systems and other operational technology to malware attacks, hacktivism, employee sabotage and other security risks that previously affected only corporate IT systems.
“Securing OT systems is a prerequisite to IT/OT convergence. Cyber-security capabilities need to be implemented to evaluate existing systems for threats and to continually monitor them in the future”, added Hossain Alshedoki, IT/OT Cyber-security ENR Lead at KPMG in Saudi Arabia.
Though zero-day attacks are impossible to predict during and after IT/OT convergence, micro-segmentation helps organizations mitigate their risk. Also, implementing ‘resilient by design’ principles before IT/OT convergence decreases the likelihood of successful zero-day attacks.
Training OT personnel requires not only a cyber-security background, but also a strong understanding of the engineering process and physical systems are required unlike IT personnel in IT environment. Using production-grade equipment to simulate scale-model versions of industrial processes to bring OT simulation efforts up to par with IT, KPMG has created OT/ICS cyber range labs to overcome this challenge.
To perform hands-on training sessions, cyber-attack simulations, proof-of-concepts and industrial cyber-security-related research, the labs can be used to establish secure remote connections through KPMG’s infrastructure.
“Our virtual labs can be built to replicate an organization’s IT and OT environments by connecting proprietary devices and virtualizing OT components. This enables IT and OT professionals to cross-train their incident response strategies until mastery”, concluded Diemont.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.