Unlocking industrial and manufacturing security with the power of OT-IT integration.
Cybercriminals are posing an increasing threat to industrial and manufacturing processes. According to a recent survey conducted by ABI Research and Palo Alto Networks, in the past year alone 72 per cent of attacks originated within the IT team. A quarter of respondents (26 per cent) claimed that a successful assault prompted them to suspend operations at least once in the preceding year. The research shows that the danger of falling victim to an attack is rising for businesses, as new developments in 5G and the cloud extend the attack surface and threat actors adopt more sophisticated methods.
Cybersecurity has grown into a key concern for most industrial and manufacturing operators, with AI aiding cyber criminals with codes. In addition, ransomware attacks are also a major threat for manufacturing and industrial operators. According to research by Unit 42, the threat intelligence arm of Palo Alto Networks, the UK’s manufacturing industry has been the sector most vulnerable to ransomware attacks, accounting for almost a fifth (17.2 per cent) of all such attacks in 2023.
One of the most significant difficulties for manufacturers in combating cyber threats is a lack of cooperation between the IT and OT teams and security tools, which can lead to gaps in their security posture. Because 76 per cent of attacks came from IT networks alone, it creates divergence, which can be a significant problem. This is why closing the OT-IT gap is critical for improving industrial and manufacturing cybersecurity.
Defining responsibilities for OT security
Determining the governance structure of OT security is critical as cyber-attacks against industrial organizations keep coming faster; 75 per cent of respondents report attacks happening on a monthly, weekly, and even daily basis.
Most industrial operators today understand the importance of cybersecurity for OT environments, but part of the challenge is that some of the attacks against this area originate from the IT environment. That means OT and IT teams can’t work in isolation to strengthen security; it must be a collaborative effort.
However, there are common obstacles to achieving the necessary coordinated strategy, especially when it comes to security investment. The slow convergence is due to four primary reasonsthere are different products for IT and OT security, lack of support from the board, it requires working with people with different backgrounds and objectives, and there’s a need for building new processes.
Currently, when it comes to who’s responsible for OT cybersecurity purchase decisions, it’s highly divided. Just 40 per cent of survey respondents said that responsibility is shared between OT and IT; 28 per cent said that OT influences but it’s ultimately IT that decides. Decision-making is another challenge; only 12 per cent of respondents said the two teams were aligned in decision-making and 39 per cent categorized the situation as frictional.
These discrepancies stem from the historical roles of both teams. IT has traditionally overseen security company-wide, while OT hasn’t had much call to focus on that until recently; that team’s efforts were centered on industrial and manufacturing operations.
Bridging the gap between OT-IT security
Addressing the friction and disconnects between IT and OT is imperative to better OT security. With the ongoing convergence of IT and OT systems and technology within modern industrial organizations, security must be holistic and address the vulnerabilities and risks inherent in both environments.
Coordinating the decision-making process requires more communication between IT and OT. IT brings expertise in the appropriate solutions to counter threats, while OT experts understand the specific limitations and constraints of OT assets. Both must have a seat at the table when it comes to creating integrated security policies and practices and making critical security purchase decisions. That includes working together on things like tabletop exercises to validate the joint IT-OT security plan in place and iterate for continuous improvement.
As IT and OT teams increase coordination of strategy and decision-making, they’ll also look to consolidate their security tools and products. To streamline, 70 per cent of respondents said they plan to consolidate IT and OT solutions from the same cybersecurity vendor.
This process will take work. Not all vendors offer both IT and OT security solutions, and organizations will need to really ensure they’re choosing an option that can provide both equally without needing to compromise on either IT or OT security. Still, most respondents (79 per cent) are certain that in the long term, OT and IT security will be seamlessly integrated and managed by the same solutions.
Putting a united face forward
The need for greater cybersecurity in OT is undeniable, as cyber-attacks are now more frequent and sophisticated. To address this challenge, the IT and OT teams must work together.
With the consolidation of OT-IT teams, it becomes easier to scale a Zero Trust approach across the integrated operations from securing the OT networks and assets, remote operations and even emerging OT network topologies such as 5G private networks. Moreover, having a single platform is essential as well as it brings together individuals from OT and IT security teams to collaborate on improving the security of industrial and manufacturing services.
The two teams cannot function in isolation. OT and IT security should be intimately connected, which necessitates breaking down old divisions and fostering a collaborative platform approach. The unified strategy should also involve efforts to simplify security tools and identify solutions that can cover all parts of the OT environment.
For a list of the sources used in this article, please contact the editor.
By Qiang Huang
www.paloaltonetworks.com
Qiang Huang is Vice President of Product Management at Palo Alto Networks, the world’s cybersecurity leader. It innovates to outpace cyberthreats, so organizations can embrace technology with confidence. It provides next-gen cybersecurity to thousands of customers globally, across all sectors. Its best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation.