Operational Technology: Key factor in IT Risk Management strategy

44
Operational Technology

The recent pandemic situation has convinced CIOs to opt for digital transformation to ensure seamless productivity.

Companies that had a timely plan in place for digital transformation had the advantage of resiliency in the difficult business times and were able to handle the pandemic disruption better than their counterparts. IT leaders are now planning to restructure the IT risk management governance protocol and find nooks to accommodate OT architecture, pushing for the adoption of Operation Technology networks.

IT and OT teams prioritize confidentiality, integrity, and availability (CIA) in different manners. IT teams tend to rank data confidentiality above availability and integrity, but OT teams tend to prefer availability (uptime) over confidentiality and integrity. Both teams aim for a common goal- risk reduction, which is overshadowed by the difference in their protocols. IT leaders say that such an implementation will seem complex when viewed holistically, but is the smartest way forward.

Cybersecurity – OT Security Continues to be Challenging across Industries

CIOs are of the opinion that while the organization implementing the OT network might see it as a separate entity as compared to the IT network, the hackers don’t. Cyber attackers view both the networks as one and the same, as a result, the attacks are also intertwined. IT security heads show the example of NotPetya. The event was designed to indiscriminately breach the entire network. OT networks were not the specific target of the attack but were accidental prey as NotPetya spilled over from the IT network to the OT network. This was a wake-up call to consider both networks as a single network and create a consolidated defense mechanism to stave off hackers.

CIOs say that most companies ignore the above fact and end up creating an OT Security Operations Center (SOC) and governance process separate from IT SOC and governance process. Doing so encourages the possibility of risks during the digital transformation process. Repeated instructions and coordination are ineffective and a waste of effort and time. Security teams are tasked with extending the IT governance process to include the OT protocols as well.

Fighting OT Security Issues Remains the Most Critical Factor in the Age of IoT

IT leaders feel that the OT-IT gap of 25+ years may be a bit difficult to the bridge but doing so will better the security measures of the organizations. OT networks work to share much more information than what is available on IT components. It provides data like serial numbers, firmware, software versions, etc. OT network data can be used to create playbooks filled with measures to handle several types of breaches. By combining IT and OT network governance processes better asset visibility and security monitoring can be achieved. The same can be implemented in IT workflows and systems without causing downtime or affecting productivity.