Cybersecurity has, since its inception, been a corporate-based problem. Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector has increasingly become the target of attack for malicious actors. The reasons include newly internet-connected devices that were once air-gapped, and the immaturity of cybersecurity in many of these plants. Yet, for many corporations, one of the first hurdles that must be overcome in order to achieve a strong cybersecurity posture is to bridge the gap between IT and OT. Why is bridging the IT/OT gap so problematic?

Key Challenges for Bridging the IT/OT Gap

One reason is the obvious sense of exclusivity between these two worlds. Historically, no OT manager wanted their IT team poking their nose into someone else’s business. OT was the old guard, and IT was perceived as the new upstart who can only bring trouble. That mentality is changing and now both OT and IT understand the value of collaboration between the two. But, there is still work to do.

One way to bridge the IT/OT gap is to show how the new technologies can reveal important information about OT assets, allowing a fuller view into an organization’s overall security posture. Unfortunately, that still approaches the problem from a strong IT perspective. The OT viewpoint is that introducing new security also brings downtime, compromising service and safety. In order to effect change in a way that OT will embrace, IT has to prove that security can be introduced in an unobtrusive, and non-invasive way.

Many companies rely on multiple products from multiple vendors to cobble together a security platform. This disparity is the result of more and more previously unconnected devices becoming connected to the corporate network. This can result in (Read more...)