Internet of Things
Adapting
Experts share how to embrace the coming merger of IT and OT.
for the
Change the Dynamics How Does the IoT
Between IT and OT?
“The coming phenomenon referred to as the ‘ IoT’ is in large part about the ultimate physical merging of many traditional OT and IT components.”
Chris Blask @chrisblask
Chair of ICS-ISAC
“The ‘OT is different than IT’ fallacy stems from ICS professionals comparing OT to desktop management. OT is mission critical IT.”
Dale Peterson @digitalbond
Founder of Digital Bond & S4 Conference Leading SCADA security blogger
“Although this [merger] has many benefits for interoperability and efficiency, it also brings security risks.” “Cooperation on a consistent security strategy across both IT and OT is essential for the future.”
David Meltzer @davidjmeltzer
Chief Research Officer, Tripwire
“The choice to connect plant floor devices and share information for many manufacturers in the past depended on a controls engineer taking initiative. That engineer may or may not know how to connect in a way that made information available and made the network secure.”
“Those days are over. The risk is too high.”
Doug Brock @doug_brock
Factory Automation Expert
“Until recently, there were only two classes of smart devices in the typical industrial facility; the devices ‘owned’ by IT, and the controllers ‘owned’ by OT.”
“All of these assets have unique operational and access requirements—all are at different levels of security, and all now need to be considered in any holistic security strategy.”
Eric Byres @tofinosecurity
ICS and SCADA security expert
“IT desires data directly from production/manufacturing and OT usually implements IoT in production/manufacturing.”
“This is a way that both organizations can collaborate without politics interfering.”
Gary Mintchell @garymintchell
Founder/CEO, The Manufacturing Connection
“It is abundantly clear the fractured IT/OT relationship will need to become stronger and more connected.”
“OT focuses on keeping plants up and running and plugging any weakness around the ICS. Along those same lines, IT faces a fire hose of new attacks with all types new of devices connecting in to the enterprise.”
Greg Hale @isssource
Editor/Founder of ISSSource.com
“The real issue is the blurring of the line as IT implements ‘things that smell like OT,’ and OT implements ‘things that are traditional IT.’”
“When the line is blurred, where does the responsibility for resilience lie?”
James Arlen @myrcurial
Director, Risk Advisory Services Leviathan Security Group
“As networking extends deeper into devices and systems, businesses will be able to collect finer-grained and timelier information and use this information to optimize processes, minimize downtime, and reduce operating costs.” “Achieving this vision, however, requires closer cooperation between the OT and IT worlds than has historically been required.”
Jeff Lund [email protected]
IIoT Expert, Product Management, Belden
Pat Differ [email protected]
Cybersecurity Expert for Real-time Systems Securicon, Inc.
“Today, IT professionals and engineering professionals have different capabilities, roles and responsibilities, although there is some convergence centered around security.” “The dynamics are starting to become more tightly integrated.”
“IT and OT are different, but this is really just a matter of time. At some point in the not too distant future, we will only have technology.
No more IT/OT distinction. Just T.”
Patrick Miller @PatrickCMiller
Critical Infrastructure Security and Regulatory Advisor
“IoT is not changing the dynamics between IT and OT. The systems themselves have been converging for years in terms of technology. The difference between IT and OT is in what they do.”
Robert Lee @RobertMLee
USAF Cyber Warfare Ops Officer
“The overall implications are relating to what is owned, what is not, and where the border ends, not only at the corporate perimeter but also at the device level.”
John Walker @SBLTD
Freelance Author in Cyber Security
IT and OT What practical tips can you provide for
to work together effectively?
Chris Blask @chrisblask
Chair of ICS-ISAC
“IT and OT have two different skill sets that can effectively complement each other. Both sides need to remember that it is a two-way street and if they work together
they can support each other.”
Teamwork
Cross-Functional Training
“For IT security pros that want to cooperate on security with OT, learning about how OT works is a great starting
place.”
David Meltzer @davidjmeltzer
Chief Research Officer, Tripwire
“If you don’t know security, you risk bringing down or exposing your network. The bigger risk might be not allowing your workers access to
information, while your competitors do. Get educated or get help but don’t wing it.”
Improve Skills & Capabilities Doug Brock
@doug_brock Factory Automation Expert
“One vulnerable system is a potential pathway to all systems. Yet at the same time, IT can’t own all systems. Senior management can be the first to
identify the IoT systems, be clear on who is responsible for each one and then drive
consistent behaviors for security through out the company.”
Goal Setting Eric Byres
@tofinosecurity ICS and SCADA security expert
“Getting IT and OT to work together is not a technology problem. It is a people problem.
Organizationally, the best way is cross-functional training and teamwork guided by a leader who
creates a collaborative environment and metrics that emphasize teamwork.”
Cross-Functional Training Gary Mintchell
@garymintchell Founder/CEO, The Manufacturing Connection
“Communicate. If IT and OT get that down, then everything
else falls into place. Yes, their missions differ. Working together is so vital, the mandate has to come from the top.”
Communication Greg Hale @isssource
Editor/Founder of ISSSource.com
“The most practical tip is to execute on having some people skills, cooperating to ensure that there is a bright-line for responsibility, and that where knowledge transfer can be undertaken, it
is obvious that the transfer happens.”
People Skills James Arlen @myrcurial
Director, Risk Advisory Services Leviathan Security Group
“IT must work closely with OT to understand the volume of data, as well as archiving and
retention needs. Once we have secure connections to remote devices, data and
scalable storage, IT and OT will need to collaborate to make use of that data.”
Collaboration Jeff Lund [email protected]
IIoT Expert, Product Management, Belden
“Set up a core IoT ownership group that includes both IT and OT to establish roles, responsibilities,
common goals, and objectives.”
“Establish role-based training and awareness programs for IoT that outlines the corporate
objectives, eliminates any potential silos and insures daily cooperation with all stakeholders.”
Role-Based Training Pat Differ
[email protected] Cybersecurity Expert for Real-time Systems
Securicon, Inc.
“Spend some time working side by side with the other [group]. Job shadowing
and embedded observation will do wonders for helping both sides see each
other’s perspective more clearly.”
Observation Patrick Miller @PatrickCMiller
Critical Infrastructure Security and Regulatory Advisor
“The most important thing for having IT and OT work together is to ensure that the
people are integrating together to voice their concerns and identify what they
consider critical assets and processes.”
Integration Robert Lee @RobertMLee
USAF Cyber Warfare Ops Officer
http://tripwire.me/adaptitot Read more at:
Image courtesy of ShutterStock.com
and
www.belden.com/adaptitot
www.tripwire.com/blog For the latest security news, trends and insights, visit:
@TripwireInc
For industrial security news and discussions, visit: www.belden.com/blog @BeldenInc