Information technology (IT) and operational technology (OT) need to converge to improve information security for the future, and although it will be complex, it will be a fundamental and necessary tool for change, two Australian organisations say.
ISACA's Cybersecurity Nexus and International Society of Automation (ISA) conducted an investigation into security opportunities and risks in the industrial internet and other industrial systems.
The study, titled “The Merging of Cyber Security and Operational Technology,” analysed the effects of industrial security breaches on executive management agenda.
“Complexity is a major impeding factor in any attempt to establish cybersecurity capability. Taking into account the critical importance of OT and its increasing need in cybersecurity, bringing IT and OT together is a fundamental step in addressing cyber threats, as well as to increase overall performance and decrease expense," says Christos Dimitriadis, ISACA Board chair.
The study states that there is a misalignment between IT, the systems that "collect, transport and process data", and OT, the systems that "handles the monitoring and automation of ICS through supervisory control and data acquisition (SCADA) systems attached to distributed control systems (DCS).
The misalignment between these systems opens up opportunities for industrial attacks on infrastructure and SCADA systems, the study says. However, if they work together as a unit with common objectives, management changes and cross-trained employees, the systems could offer a range of benefits.
The study cites benefits such as:
- Reduced operating costs as unnecessary resources are discarded
- Increased control over operations distribution
- Improved and integrated cybersecurity
- Consistent risk management
- Improved systems management and governance
- Improved safety
- Continuous "assess, implement, maintain and repeat" processes