This is a summary of an article written for Automation.com by CISO, Operational Technology, NA at Fortinet, Rick Peters. The entire article can be accessed here.
Today’s manufacturing environments are becoming increasingly digitized, ensuring a faster response to changing market demands and maximum efficiency in regards to equipment and processes. Despite these advantages, manufacturers must also consider the risk this level of connectivity can pose to critical operations that tie together the digital and the physical.
One IDC whitepaper around operational security for digitized manufacturing found that a majority of manufacturing operational assets are now connected to a network. Not only does this highlight a shift in how critical tasks are performed but also the need for security measures purposefully designed to protect these new converged IT/OT networks. With a heavier reliance on data availability, security teams must go beyond traditional strategies if they are to protect these environments without negatively impacting performance.
It goes without saying that as IT and OT networks converge, security operations that were once separated must come together, as well. Although IT has traditionally controlled the organization’s cybersecurity strategy while the OT network remained physically isolated, manufacturers are finding this is no longer the case. In order to effectively secure digitized manufacturing processes, there are certain factors that should be prioritized right off the bat.
Prior to IT/OT convergence, security teams must first work alongside OT personnel to determine critical assets and points of risk that should fall under this new umbrella of protection. As technology continues to transform manufacturing environments, security teams must be able to weave current strategies and technologies into OT environments that were once considered to be a separate entity altogether.
In addition to identifying what needs to be protected, security teams must take objectives of both the manufacturing environment and IT networks into account, as well. Due to the presence of data being held in IT networks, priorities for security usually center on integrity, availability, and confidentiality, amongst others. On the other hand, OT environments typically place the physical safety and security of employees at the top of the list in order to keep operations running smoothly.
When working to meet the objectives of these two environments, it is important to understand the end goal of both sets of strategies – avoiding unplanned downtime. On both sides, a major concern regarding downtime is the impact this can have on production, which can then lead to tremendous financial losses. While OT personnel will focus their attention on the manufacturing floor in the case of system failure, IT personnel will look to address cybersecurity in order to prevent, or manage, a breach.
In the case of IT/OT convergence, it is up to security teams to blend these differing strategies together in order to protect these environments and get the most out of the technology they offer.
With an appreciation of the similarities between IT and OT teams, specifically in terms of overall objectives, security teams can begin to create a baseline for protection.
“Addressing the convergence challenge requires that both the IT Security and OT subject matter experts be open to ways of approaching securing that are neither too restrictive, nor an impediment to production.”
By viewing security in terms of how it will impact production, as well as customer trust and business value, security teams can meet the objectives of both environments. It is also critical for security teams to understand how both IT and OT networks produce and rely on data – securing this data requires these teams to establish strategies that are not only robust, but also flexible enough to avoid undermining the operational objectives of the OT environment.
As manufacturers embrace digital transformation as a means of improving productivity and meeting customer demands, security must be at the forefront of all decision-making. By understanding both the similarities and differences between IT and OT environments, security teams can effectively align the objectives of these networks and protect high-value, critical assets.
Learn how Fortinet can help you extend security from the data center, to the cloud, and to the network perimeter in even the toughest of ICS/SCADA environments.