Fortinet - What are the challenges of the convergence of IT and OT?

By converging traditional IT and operational technology (OT) environments, organisations can achieve greater efficiency and effectiveness in monitoring critical processes. This enables effective use of data from a range of sources, such as medical devices, industrial applications and networked sensors - commonly known as the Industrial Internet of Things (IIoT).
At the same time, this convergence can also bring new risks. Without an effective OT security plan, companies and their integrated ICS/SCADA systems are defenceless against cyber-attacks, which can lead to reputational damage, financial losses and weakened customer confidence. In more serious cases, these types of cyberattacks can also threaten the safety of people and, for critical infrastructure, national security.

People around the world depend on vertical sector OT services such as manufacturing, energy, utilities and transport infrastructures. Therefore, it is critical to protect the integrated ICS/SCADA systems. With the advent of digital transformation in these sectors, new cyber security concerns have emerged as formerly shielded systems are exposed to new risks and a much wider attack surface. Given the age, sensitivity and complexity of many OT environments, it is also becoming increasingly difficult to protect high-value cyber-physical assets. All of these factors led Fortinet and Forrester to conduct a survey of industry leaders who manage and maintain OT infrastructures with the goal of identifying emerging security trends. This survey revealed three key findings.

1. security breaches are common in the OT industry

Of the survey participants, only 10% said they had never experienced a data breach. Conversely, 58% of companies said they had been affected by this type of threat in the last 12 months, so more than 75% expect regulatory pressure to increase in the next two years. Extending the observation period to 24 months, the number of breaches against OT systems rises to 80%, which shows how great the interest of cyber criminals is in targeting OT systems.
Given this high number, it makes sense that 78% of companies surveyed plan to increase their ICS/SCADA security budgets this year to more effectively combat these threats.

2. IT and OT networks continue to merge

In the past, OT systems depended on software and hardware that was not connected to the internet. This meant that one could rely on the security of a so-called "air gap" between external and internal systems. With the shift to IT-OT convergence and the drive for operational efficiency, connectivity and vulnerability to traditional IT threats have increased. With this proportional increase in attack surface, cyber criminals can more easily gain access to systems that were previously isolated.

In the survey, almost all respondents (96%) expected to face new challenges and pay more attention to security concerns as a result of convergence. When it comes to OT security, more than a third of survey respondents said they were concerned about the following issues

- The potential for connected smart devices to cause security breaches
- Lack of third-party security expertise in dealing with converged technologies
-Lack of expertise from internal security teams to secure these converged technologies
- The inability to isolate or contain resources when a security breach occurs
-The risk of sensitive or confidential data being compromised
- Greater regulatory pressure regarding ISC/SCADA systems

Compliance in particular is a common concern. Seven out of ten survey respondents said they have noticed increasing compliance pressure over the past year, and 78% expect this trend to continue over the next two years. For the companies surveyed, the regulations that are having the greatest impact are the International Society (ISA) Standards, the EU Data Protection Directive (GDPR) and the Federal Information Security Management Act (FISMA).

3. Business partners often bring more risk

As many benefits as they offer, business partners can also create an additional dimension of risk for OT companies. Although granting privileged access to certain key personnel is critical, minimising control access is equally important. This is underscored by the fact that the companies that were most successful in securing their environments were also 129% more likely to severely restrict or even deny access to partners.
The most successful companies grant only moderate access to their systems and are 45% more likely to perform critical security functions internally than to outsource this responsibility.

While partner relationships are important and sometimes essential, business leaders must insist on a prudent approach to granting access, making outsourcing decisions and identifying situationally appropriate partners. As digital transformation continues to impact this area of the business, executing well-defined and rigorous best-practice cybersecurity procedures will be critical to securing OT systems.

What does it take to ensure OT security?

Given the impact a cyberattack can have on OT networks, security teams need all the help they can get - and a shift towards a proactive cybersecurity strategy for converged networks will enable the deployment of optimal solutions. The preferred solution should not only meet the specific security needs of these organisations, but also offer a wealth of features and an agile form factor to accommodate in restrictive space or harsh environmental conditions. Integrating OT solutions while saving costs and providing reliable connectivity can be achieved by deploying a robust NextGen Firewall (NGFW) solution. This should be able to handle unique environmental challenges while providing features specifically designed for OT environments. Equipped with a robust NGFW, the enterprise architecture provides protection for the entire converged IT OT network while eliminating potential OT vulnerabilities that cybercriminals could exploit.

The stakes are high when it comes to protecting high-value physical cyber assets and intellectual property. Confusion over the appropriate level of access for partners further complicates matters. To effectively address these challenges, IT and OT leaders need to keep up with the latest trends and threat intelligence to gain situational awareness and trust from the point of convergence to the factory floor.

Original article by Rick Peters, CISO for Operational Technology at Fortinet

Translation from DeepL

Corrections and shortening by Simon Schmischke, EnBITCon GmbH