
The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Why IT and OT Must Come Together
April 22, 2021 | Robert Bergman
In an IIoT World article titled Industrial Cyber Security: Why IT & OT collaboration is no longer an option but a necessity authors Joe Weiss and Richard Ku argue that information technology (IT) and operational technology (OT) teams must work together to reduce cyber threats. “IT security has the security knowledge, but OT has the domain expertise and understanding of how new security technologies may affect the operational systems,” they write.
A new TrendMicro commissioned survey of 250 IT departments and 250 OT departments in manufacturing firms across the U.S., Germany and Japan, however, indicates that such cooperation is rare despite acknowledgement of cyber security breaches. Here are some of their findings:
- 61 percent of the respondents experienced a cyber security incident and 75 percent had suffered a production outage as a result. 43 percent of the firms that took production offline were down for more than four days.
- While 89 percent of companies have built operational processes for cybersecurity and 88 percent have created an incident response process, both OT and IT teams have usually done so independently. Only 12 percent of respondents reported active IT/OT collaboration in designing either operational or response processes.
- 78 percent responded that technology was their biggest security challenge and fewer than half of the participants said they are implementing technology to improve cyber security.
- Companies with the highest IT-OT collaboration were significantly more likely to implement cyber security technology than those with little to no IT-OT collaboration.
- 66 percent used firewalls versus 47 percent of the little-or-no collaboration group
- 62 percent of the high collaboration companies deployed intrusion prevention systems (IPS) compared to 46 percent of the others
- 54 percent deployed network segmentation versus 37 percent of the others
The scope of industrial cyber security covered by this survey includes firewalls, intrusion prevention devices and network segmentation as well as human behavior management the cyber security processes. A truly comprehensive approach, however, must include hardening of the OT itself, which essentially involves embedding traditionally IT oriented cyber security solutions such as PKI, authentication and encryption into the control, power and other OT hardware at birth. If that is not bringing IT and OT together, nothing is.
For more information, read:
https://bedrockautomation.com/ot-for-resilience-and-resilience-for-ot/
https://bedrockautomation.com/ot-cyber-security-standards-for-open-industry/
https://bedrockautomation.com/bedrock-commentary-on-ics-cert-advisories/