Mind the Gap: A Roadmap to IT/OT Alignment

Modern day industrial operations often span complex IT (information technology) and OT (operational technology) infrastructures. In a very standard environment, thousands of devices exist and are increasingly being connected via the Industrial Internet of Things (IIoT). This creates new challenges in securing industrial environments specifically by making cybersecurity threats even more difficult to detect, investigate and remediate.

What has made this an even more challenging endeavor is that IT and OT have typically inhabited different parts of the organization; and with good reason. Up until only recently the IT infrastructure played front and center in terms of ensuring complete visibility, security and compliance mostly because this was where organizations were being attacked. For the better part of two decades these were the things that kept the CISO up at night; but the reality has changed. With our increasingly interconnected world, OT has quickly caught up as a lightning rod for new attacks and increased security concern.

Ground Zero

The focal point for attacks on industrial operations and critical infrastructure has centered on Industrial Controllers. Depending on the type of industry, this may be referred to as PLCs, RTUs or DCSs. What really matters is that these controllers are extremely reliable and literally control everything from cooling stations to turbines, electrical grids, oil and gas and much more. Industrial Control Systems (ICS) literally keep the lights on. Because of their reliability, many of these devices have been in place for years. They are the workhorses of today’s modern society and therein is why they are ground zero for attacks.

When industrial controllers were first deployed, they were not connected and interconnected. Today’s advances in technology have put these devices online and thus they have become the target of the hacker. Furthermore, controllers were not built to address the security threats or the quite innocent human errors we now experience. Outsiders, insiders, and outsiders masquerading as insiders are all possible actors that launch sophisticated attacks to take over machines for nefarious purposes. More recently hackers are no longer rogue individuals but are often a carefully curated and systematic program by well-funded and highly motivated organizations and countries. A carefully executed attack can accomplish as much if not more than modern day warfare.

Few argue that the attack surface has changed to encompass both IT and OT. Because these two different worlds are now connected, an attack that starts on an IT environment can quickly move to an OT environment and vice versa. Lateral movement is almost the preferred attack methodology amongst hackers because of the relative ease of finding a weak link in the system, leveraging it as the point of entry, and then quickly owning the entire network.