The Good, The Bad & The Ugly Of IT-OT Convergence
Jeff Hussey, President and CEO of Tempered Networks
February 2, 2020
Facility managers, technology leaders and others witnessing the blend of IT (information technology) and OT (operational technology) in the modern industry likely feel an ironic connection to the 1966 classic spaghetti western, The Good, the Bad and the Ugly.
We all know there are substantial benefits to be realized from a hybrid creation between the two previously disparate business units (the good). But we also understand that numerous villains lie in wait for access to the extra security loopholes created by such a convergence (the bad). Lastly, we want to prevent system downtime, costly data breaches or acts of international espionage (all ugly).
Let’s dive into what it means for IT and OT to be aligned.
Living On The Edge
If the data center is the heart of your network, then consider OT to live on the edge. That edge could consist of a manufacturing floor, a building, a city street or a ship at sea. In essence, it’s whatever comprises all the endpoints of a network that require connectivity by nature of the expanding industrial internet of things (IIoT).
Why do we want a machine on a ship in the ocean to communicate with the heart of its network? It’s simple: data. Big data was a concept that began many years ago, but as the IIoT continues to grow, so does the impact of data. The ability to acquire real-time information from various networking endpoints has huge benefits to nearly all industries. This is where the “good” in our scenario starts to shine.
Simply put, actively harnessing your data enables process efficiencies, better products and lower costs.
A fully connected edge also brings about the convenience of a centralized location to manage all network assets. This effectively eliminates the need for technicians at remote locations to activate, deactivate or repair devices on the outer edges of the network.
Also, consider the potential for increased collaboration between IT and OT teams. With shared data, these two previously separate business units will now have more common ground, which should inspire creative solutions that could benefit the entire business ecosystem.
If the eventual harmony of IT and OT convergence is Clint Eastwood — also known as Blondie from the aforementioned film —then the countless bad actors, hackers and other network intruders represent the “bad.”
Melding IT and OT not only increases the potential for more data, greater convenience and improved collaboration, but it also increases the attack surface. More devices often equate to more exposure. If businesses attempt to converge IT and OT networks by force-fitting traditional network and security tools (e.g., VPNs, firewalls and VLANs), the increased exposure will only lead to more frequent, more damaging attacks.
This is a problem that’s not lost on the U.S. government. The supply chain residing on the OT side has become a big target for acts of foreign espionage. There has been growing suspicion that the Chinese and Russian governments have led efforts to attack supply chains of companies, with the goal of stealing U.S. government intellectual property. As such, there is currently a bi-partisan bill (believe it or not) to counteract this particularly dangerous form of cyberattack.
If the broadened attack surface is problematic enough to make the government apprehensive, manufacturing companies, utilities, transportation and virtually all industries with a presence on the edge should be taking action as well. The stakes are high when foreign interests use the supply chain as an access point to steal military and commercial secrets, disrupt utilities or endanger public safety.
Working Together To Find The Treasure
It’s still the early days, but I do meet business leaders who recognize the importance of addressing both IT and OT initiatives. Recognizing this need is one thing, but execution remains a challenge for most people I speak with.
Some businesses are looking to integrators with a keen understanding of both IT and OT priorities, like KPMG, a company that brings clarity to the blurry lines between the two worlds. I find that most solution providers and systems integrators still need to invest and educate their teams on IT and OT integration strategies. Those providers that do are better equipped to create a balanced strategy to unearth that buried gold for their clients.
Set a solid foundation to prepare for IT and OT convergence by ensuring both IT and OT leadership are included in the journey. It’s vital they are closely aligned in their decision criteria. Consider these key imperatives for success:
• IT must be cognizant of the criticality for 24/7 operations of OT systems, which may be new to your IT staff.
• Reduce inherent risks with vulnerable OT systems by preventing cyber exploits and reducing human errors in network management. Both may cause catastrophic equipment failure, environmental failures or injuries.
• Realize you can reduce cost and complexity by leveraging your existing untrusted networks — no rip and replace — for secure communications and operational availability and integrity
Connecting "things" using traditional networking is not your biggest problem. The challenge is the growing attack surface created by inadequate networking of sensors, unconventional endpoints and outdated operating systems. Instead, modern zero-trust networking with automated, policy-based orchestration tools to provide ease-of-use and scalability should be on the agenda for organizations. The risks are too severe to continue moving forward in any other way.
Bad actors and international threats have forced our technological hands. Nobody wants to have an itchy techno-trigger finger, but the time to act is now. Leaders must recognize that the world is a richer place with IT and OT teams at the same table. Because IT and OT have historically operated in silos with different objectives, a transformative networking solution is required to keep the bad guys out and prevent the ugly side effects.
Follow Tuco’s advice from the film: Don’t let anyone’s spurs come into your network doors, windows or internet of things (IoT) devices. Adopt forerunners' IT/OT convergence strategies and seek zero-trust networking to reap the rewards of an expanded IIoT world, rather than lament its challenges.
Note: This article was previously published on Forbes.com