Closing the security gap in OT/IT convergence

End-to-end security between converging information technology and operational technology worlds is imperative, but technical and cultural differences separate them. Here’s how to close the gap.

Conceptual illustration of the convergence of disparate technology threads in a digital environment.
lvcandy / Angyee054 / Getty Images

Schneider Electric knows the business value of connecting its 200-plus distribution and production centers and converging them with IT systems. As more and more industrial environments are connected through sensors and actuators to produce data for proactive insights and services, “IIoT [industrial internet of things] is becoming the new normal,” says Christophe Blassiau, global CISO at Schneider.

Connecting operational technology (OT) and IT operations has become a business imperative for organizations that want to drive reliability, gain competitive advantage or make operations more agile and resilient.

Blassiau also knows the risks. “IT can infect and wipe out OT environments at-large and at speed as seen with WannaCry and NotPetya,” he adds. “OT and IT experts need to collaborate to protect plants and critical infrastructure.” 

Today Schneider has cybersecurity initiatives under way to segment and monitor industrial networks worldwide, which puts them far ahead of many organizations with OT environments. “Security for the longest time hasn’t been a concern because nothing was connected, but now it is,” says Dr. Abel Sanchez, executive director and research scientist at the Laboratory for Manufacturing and Productivity at the Massachusetts Institute of Technology. “IT has its own security stack and well-established practices, but when it comes to the OT and IIoT world, there is a very different picture. For a lot of companies this is new,” he adds.

In 2018, 78% of operational assets were connected to a network, up from 60% in 2016, according to IDC. That number is expected to rise again this year.

To continue reading this article register now

The 10 most powerful cybersecurity companies