As organizations look to enhance efficiency in meeting strategic goals, John Livingston recently suggested that they take advantage of IT-OT convergence. But in doing so, it is critical to ensure that security measures are also aligned. An event such as a ransomware attack or other hacking campaign certainly has the potential to disrupt that intended efficiency. Therefore, Livingston outlined for Control Engineering steps that Chief Information Security Officers, Chief Information Officers and other IT leaders can take to improve communication and standardize practices in order to best connect the industries.
The first step provided is to “Create shared education and awareness of IT-OT convergence.” This begins with making sure that there is an understanding of what each function is designed to accomplish. To achieve this, Livingston recommended hosting educational sessions in which the departments can learn the vocabulary, objectives and challenges unique to each.
This is followed by creating opportunity to “Design an IT-OT security organization that addresses the needs of both sides.” In other words, organizations should find a way to develop leadership that incorporates both its IT and OT experts. Security approaches then represent input from all parties.
Next up, the article proposes putting together an OT systems management program. As Livingston wrote, “By establishing a foundation of OTSM, IT and OT teams can start to work together effectively from a similar basis of asset management.” The OTSM should include aspects such as asset inventory management, configuration management and Incident and trouble response.
Lastly, organizations should help to equip its team members with the proper skill development. This means offering further training in relevant OTSM concepts. Doing so forms a security force that is versed in analysis, investigation and threat hunting, as well as systems management.