Users Share Strategies for IT/OT Cybersecurity Technology Convergence

By Sid Snitkin

Overview

Cybersecurity end users from major industrial companies shared their views on the challenges and benefits of converging IT and OT cybersecurity technologies.

Many industrial cybersecurity leaders are pushing for convergence of IT and OT Cybersecurity programs. They recognize that this can be a cost-effective way to address resource challenges, improve defenses against sophisticated cyber-attacks, and institute the end-to-end protection required for secure digital transformation. But many are unsure about how to achieve an effective convergence of people, processes, and technologies. What should be their final goal? How do they overcome cultural and technological differences?

The 2021 ARC Industry Forum included two workshops to help end users develop effective convergence strategies. Each workshop included polls of attendees on key aspects of IT/OT cybersecurity convergence and a roundtable discussion of the results and other issues. Roundtable participants included IT/OT cybersecurity leaders from various industries who shared what their own companies were doing.

This ARC insight discusses the workshop on technology convergence. A separate insight discusses the workshop on the convergence of cybersecurity people and processes.

Drivers Reflect Concern about Security Gaps and New Risks

Cybersecurity Technology ConvergenceNon-traditional OT cyber assets and differences in security management practices led to industrial companies having siloed IT and OT cybersecurity programs. While these differences remain, recent developments are revealing the weaknesses in siloed programs and driving companies to integrate IT and OT people, processes, and technologies. Developments include more sophisticated attacks, increased use of new technologies like cloud, IoT devices, and mobile devices in OT systems.

Concerns about all these challenges were reflected in attendee responses to poll questions in the IT/OT cybersecurity technology convergence workshop. Panelists generally agreed that all of these were concerns, and they need to be addressed in a strategy that drives better overall cybersecurity. OT investments in technology that provides more connectivity with IT defenders and security operations centers (SOCs) was an essential step towards this goal.

Attendees and panelists also noted that top management sponsorship is critically important. While operational managers have been convinced of the need for cybersecurity, they still need to be translated into budgets for technology and resources. Top management support can raise the priority of cybersecurity in tradeoffs that managers must make in developing operational budgets.

Convergence Is in the Eye of the Beholder

Almost 70 percent of session attendees indicated that their companies were already on IT/OT cybersecurity convergence journeys, with a large percentage indicating that they were already converged. This is consistent with poll results in the IT/OT cybersecurity people and processes convergence workshop. Panelists in both sessions attributed this high level to different definitions of convergence.

ARC’s presentation at the start of both sessions addressed this issue through three different convergence models -- collaboration, integration, and unification. These models reflect tradeoffs between convergence and isolation goals.

 

ARC Advisory Group clients can view the complete report at  ARC Client Portal

If you would like to buy this report or obtain information about how to become a client, please  Contact Us

Keywords: IT/OT Cybersecurity Convergence, ARC 2021 Industry Forum, ARC Advisory Group.

Engage with ARC Advisory Group