The IT environment is often connected to the world wide web and applies a high degree of standardization, resulting in an ideal cyber-attack surface. Because of this, Cyber Security is one of the main pillars within the IT. Operational Technology (OT) in contrast finds itself to be much more tailored and traditionally to be digitally disconnected. Digitalization, IoT and Industry 4.0 are about to change that.
Industry 4.0 reveals its immense value and becomes a must to maintain a competitive edge. Companies start to interconnect their OT systems, both within the OT environment as to the IT environment. New opportunities arise, but not without risk.
Cybercrime will most likely choose the path of least resistance. The newly interconnected OT environment could become part of this critical path, as OT systems were not optimized for Cyber Security. A short web search will reveal an increase in OT related cyber incidents.
Digital exposure of OT systems requires new Cyber Security measures and cooperation between IT and OT engineers. Entirely new challenges emerge from this interconnecting transformation, as IT and OT environments have very different needs and priorities.
The IT department likely takes the lead, introducing Cyber Security within the OT environment. Legacy operating systems are banned, engineers local administrator rights are revoked, access rights are restricted, automated patch management was introduced and the operational network became managed by the IT department. All proven and logical choices, but not long before the OT environment starts fighting back.
The Mean Time To Repair spikes as engineers can’t do their work properly and the Mean Time Between Failure plummets as systems seem to randomly fail after automated patches. A worrying amount of exceptions on the just introduced Cyber Security policies were introduced as OT systems just won’t work on the new operating systems and set standards.
What went wrong?
OT systems are different to IT systems and the OT environment has different needs than the IT environment. This does not mean that Cyber Security is a utopia for the OT environment, but should be implemented with Cyber Security, OT and IT needs in mind. To achieve a balanced, connected and Cyber Secure OT environment, a different expertise and approach is required.
AIVHY is experienced in OT Cyber Security and understands IT, OT and business needs. Our consultants and engineers speak IT, OT and business language, ensuring for the best solution aligning with your business goals.
We would love to join you for a coffee with Stroopwafels and see what AIVHY can do for you.