Here are four core principles that need strengthening to ensure that IT-OT convergence gaps do not lead to major cyber incidents

Digital transformation progress in Asia Pacific (APAC) has been rapid, reflecting a growing digital native population and increasingly tech-savvy businesses.

Governments have strengthened the pillars of innovation and technology to boost long-term productivity and economic growth. They aim to transform legacy industries such as manufacturing and logistics, while sparking new industries for the biotech and autonomous vehicles sectors.

Technologies like the IoT, AI and wireless networking are reshaping factory floors, logistics centers, retail operations and more. Operational technology (OT) — in the form of traditional machinery, industrial devices and software — are now being converged with IT through increased web connectivity and web-enabled sensors, devices, and machines that promise seamless data flows, improved efficiency, and performance.

Security gaps in IT-OT convergence
While optimism towards IT/OT convergence is running high, security can be lagging.

Specifically, as systems reach their end-of-life phase, more innovative and advanced OT industry solutions become available.

However, organizations must overcome barriers associated with attaining skills, managing/incorporating legacy industrial control systems and SCADA systems, to unite IT (corporate) and OT (production/industrial) teams and processes with high visibility and unity. Some surveys have suggested that this can be challenging, and is contributing to significant security shortfalls. A high volume of unencrypted or unsecured information connected to IoT systems can lead to unauthorized access, extraction, and exploitation of sensitive data that can traverse devices into other systems.

Some common risks of IT-OT convergence gaps encountered by organizations include ransomware and extortion threats, distributed denial of service attacks, and malware. Traditional methods of air gapping are no longer sufficient for maintaining security, as many incumbent organizations have experienced a recent significant increase in security incidents in their Level 3.5 demilitarized zone (DMZ) environment. 

Prioritizing IT-OT security

Organizations must address security challenges to fully capitalize on the enormous potential of converged IT/OT technologies. Here are four core areas to revisit and strengthen:

  1. Bridge the skills divide holistically: Instead of relying solely on IT teams, business leaders must collaborate to bring teams across the C-suite, IT/cybersecurity, product (engineering) and IT operations (corporate) teams together to plan the right convergence path.
  2. Define a strategy for OT/IT security readiness: Executives responsible for OT security should work with their team to assess their environment and develop a robust improvement strategy, executing it using an agile and programmatic approach.
  3. Unlock value from industry frameworks and OT security tools: Security leaders should consider extending cloud-based IT security tools with OT-specific capabilities to span asset discovery, categorization, monitoring, and Security Operations.
  4. Determine whether to outsource or develop internal expertise: While some organizations may have the budget and internal talent to develop comprehensive and tailored IT/OT convergence and security strategies, those that do not fall into this category should not hesitate to leverage trusted managed security service providers to help bridge any gaps.

By addressing these core areas, governments and organizations will be protecting their reindustrialization efforts and paving the way for even more new growth and success.