IT/OT Cybersecurity Convergence: One Manufacturer’s Lessons Learned

By Sid Snitkin

ARC Report Abstract


Mandy Huth, VP-Cybersecurity at Kohler Corporation, discussed the company’s progress towards IT/OT cybersecurity convergence at the 2020 ARC Industry Forum in Orlando. 

Ms. Huth was new to Kohler when she outlined her plans for IT/OT cybersecurity convergence last year at the 2019 ARC Industry Forum.  At this year’s Forum, she provided an update on some of the lessons learned in this journey.   These include:

  • Focus attention on cybersecurity challenges, not implementation details that will vary between different domains like IT, manufacturing, engineering, and supply chain management, etc. 
  • Choose a single framework that is general enough to cover all the company’s cybersecurity challenges and then use it as the basis for discussions with department heads and to assess the progress of cybersecurity efforts.   
  • People, processes, and technology are all important issues and should be addressed in that order.  
  • Be realistic and don’t lose heart when progress is less than expected.  Recognize that every improvement is a step towards the ultimate goal of safe and secure operations.    

Kohler Faces Diverse Security Challenges

Kohler Corporation is a global company with diverse operations spanning Hospitality, Power, and Kitchen & Bath.  Protecting systems in such drastically different operations demands a broad-based cybersecurity strategy. 

IT/OT cybersecurity convergence

Hospitality includes a portfolio of golf and resort destinations that require reliable, secure IT systems, and customer data.  Power and Kitchen & Bath operate global manufacturing facilities with extensive OT systems that need to be secured against operational disruptions and loss of IP.  Every new, smart Kitchen & Bath product needs to be designed for secure operation in homes and commercial facilities.  Kohler’s engines, generators, and UPS products power homes, hospitals, lawn mowers, stadiums, and more. The company’s complex incoming and outgoing supply chains need to be secured to prevent costly disruptions or loss of confidential information. 

Digital Transformation Adds More Complexity

Digital transformation impacts every part of Kohler’s business, creating additional cybersecurity challenges.  Smart home devices,  like smart mirrors with radios and video screens, are already going out the door.  They have everything a customer wants, but add to the number of things that need to be secured.  Kohler also has a smart factory program, SKE 4.0, that includes more use of robots and other smart equipment and involves more sharing of information with external sites and service providers.  Growth in direct-to-consumer sales demands more secure user experiences and direct-to-consumer e-commerce.

As we learned, supply chain is particularly important for Kohler and one of the company’s biggest cybersecurity challenges.  iPads and smart devices are being used to drive higher efficiency, reliability, and agility.   These devices communicate with various data lakes to help ensure that everyone has the data they need, wherever and whenever they need it, as well as the analytics support needed to predict issues before they become a problem.  All these devices, data stores, and connectivity use cases require proper security.


ARC Advisory Group clients can view the complete report at ARC Client Portal   

If you would like to buy this report or obtain information about how to become a client, please Contact Us  

Keywords: IT/OT Cybersecurity Convergence, Kohler Corporation, ARC Industry Forum, CIS 20 Critical Security Controls, ARC Advisory Group.

Engage with ARC Advisory Group