________________________________________________________________________________________________________________________
a lack of cooperation between the IT and OT teams and security tools , which can lead to gaps in their security posture . Because 76 per cent of attacks came from IT networks alone , it creates divergence , which can be a significant problem . This is why closing the OT-IT gap is critical for improving industrial and manufacturing cybersecurity .
Defining responsibilities for OT security
Determining the governance structure of OT security is critical as cyber-attacks against industrial organizations keep coming faster ; 75 per cent of respondents report attacks happening on a monthly , weekly , and even daily basis .
Most industrial operators today understand the importance of cybersecurity for OT environments , but part of the challenge is that some of the attacks against this area originate from the IT environment . That means OT and IT teams can ’ t work in isolation to strengthen security ; it must be a collaborative effort .
However , there are common obstacles to achieving the necessary coordinated strategy , especially when it comes to security investment . The slow convergence is due to four primary reasonsthere are different products for IT and OT security , lack of support from the board , it requires working with people with different backgrounds and objectives , and there ’ s a need for building new processes .
Currently , when it comes to who ’ s responsible for OT cybersecurity purchase decisions , it ’ s highly divided . Just 40 per cent of survey respondents said that responsibility is shared between OT and IT ; 28 per cent said that OT influences but it ’ s ultimately IT that decides . Decision-making is another challenge ; only 12 per cent of respondents said the two teams were aligned in decisionmaking and 39 per cent categorized the situation as frictional .
These discrepancies stem from the historical roles of both teams . IT has traditionally overseen security company-wide , while OT hasn ’ t had much call to focus on that until recently ; that team ’ s efforts were centered on industrial and manufacturing operations .
Bridging the gap between OT-IT security
Addressing the friction and disconnects between IT and OT is imperative to better OT security . With the ongoing convergence of IT and OT systems and technology within modern industrial organizations , security must be holistic and address the vulnerabilities and risks inherent in both environments .
Coordinating the decision-making process requires more communication between IT and OT . IT brings expertise in the appropriate solutions to counter threats , while OT experts understand the specific limitations and constraints of OT assets . Both must have a seat at the table when it comes to creating integrated security policies and practices and making critical security purchase decisions . That includes working together on things like tabletop exercises to validate the joint IT-OT security plan in place and iterate for continuous improvement .
As IT and OT teams increase coordination of strategy and decision-making , they ’ ll also look to consolidate their security tools and products . To streamline , 70 per cent of respondents said they plan to consolidate IT and OT solutions from the same cybersecurity vendor .
This process will take work . Not all vendors offer both IT and OT security solutions , and organizations will need to really ensure they ’ re choosing an option that can provide both equally without needing to compromise on either IT or OT security . Still , most respondents ( 79 per cent ) are certain that in the long term , OT and IT security will be seamlessly integrated and managed by the same solutions .
22