• Advertise
  • Subscribe
  • Forums
  • Buyer's Guide
  • Contact Us
  • Connect on LinkedIn
    1. Cybersecurity
    2. Information Security
    3. Managed Network Security

    Collaboration between OT and IT is critical to industry 4.0

    April 20, 2023
    The OT and IT teams must also develop a joint cybersecurity strategy that addresses both systems' specific risks and challenges
    Courtesy of BigStock.com -- Copyright: Yuri Hoyda
    The OT systems in a factory are typically critical infrastructures that control and monitor the production process.
    The OT systems in a factory are typically critical infrastructures that control and monitor the production process.

    Operational Technology (OT) and Information Technology (IT) systems in a factory have always been separate entities with different objectives, systems, and technologies. With the increasing trend of digitization and Industry 4.0, the line between OT and IT has blurred, leading to the convergence of these two systems. As a result, it is becoming increasingly common for there to be OT vulnerabilities that affect IT systems or IT vulnerabilities that affect OT systems. Both teams have to collaborate and learn the priorities and blind spots of their sister departments. For example, while IT departments have become employee-education experts to employ safe computing practices, OT departments may not have the experience in doing broad employee best practices reeducation. Conversely, IT professionals may not inherently understand OT objectives of systems redundancy and minimizing downtime.

    Understanding Where IT and OT Worlds Collide

    The OT systems in a factory are typically critical infrastructures that control and monitor the production process. This makes them prime targets for cyberattacks that could cause disruptions, leading to financial losses, reputational damage, and even safety hazards. For example, a cyberattack on a factory's OT systems could lead to the shutdown of the production line, resulting in the loss of valuable time and resources. The OT systems in a factory are often isolated from the IT network, making them less susceptible to cyberattacks. However, this also makes them more challenging to secure, as these “isolated” networks may not have the same level of security measures as the corporate networks IT maintains. Even without OT and IT integration - OT networks and systems are notorious for having underwhelming or nonexistent security, from open WiFi networks to unsecured data ports on the factory floor.

    As a result, integration of OT and IT systems in a factory without close collaboration increases the attack surface and opens up new attack vectors that could compromise the security of the entire system. Therefore, the OT cybersecurity team needs to work closely with the IT team to ensure that the security measures implemented for the IT network are also applied to the OT network. The OT systems in a factory are usually older and less sophisticated than the IT systems, making them more vulnerable to cyberattacks. Most of the equipment and systems in existing plants were designed and built before the advent of modern cybersecurity measures, and they were not designed to resist modern cyberattacks. These systems may use legacy protocols and communication methods that are less secure than current protocols, making them an easier target for cybercriminals. To address these vulnerabilities, the OT cybersecurity team must work with the IT team to implement modern security measures, such as firewalls, intrusion detection systems, and encryption, to protect the OT systems, detect breaches and implement automated defenses and responses.
    Courtesy of BigStock.com -- Copyright: Yuri Hoyda
    The OT systems in a factory are typically critical infrastructures that control and monitor the production process.
    The OT systems in a factory are typically critical infrastructures that control and monitor the production process.

    The Road Paved with Good Intentions

    A factory's OT and IT teams have different perspectives and objectives and may not always see the importance of collaborating on cybersecurity issues. For example, the OT team is primarily concerned with ensuring the smooth operation of the production process. In contrast, the IT team is focused on ensuring the security of the IT network. However, both teams need to understand that the security of one system depends on the security of the other and that compromising one system could have a ripple effect on both. As a result, the OT and IT teams must work together to develop a joint cybersecurity strategy that addresses both systems' specific risks and challenges.

    The close collaboration between OT and IT teams in a factory is critical for ensuring the security of industrial systems. The convergence of OT and IT systems has increased the attack surface and opened up new attack vectors that could compromise the entire system's security. To protect the OT systems, the OT cybersecurity team must work closely with the IT team to implement modern security measures, such as firewalls, intrusion detection systems, and encryption.

    The OT and IT teams must also develop a joint cybersecurity strategy that addresses both systems' specific risks and challenges and ensures the entire system's security with training and best practices. In the world of digital plants, insufficient OT cybersecurity could result in costly disruptions, financial losses, reputational damage, and even safety hazards, making the close collaboration between OT and IT teams an absolute necessity.

    Kimberly Cornwell is a System Engineer with Siemens Digital Industry Factory Automation Division and a member of the Factory Automation Cybersecurity Tech Team.
    Kimberly Cornwell is a System Engineer with Siemens Digital Industry Factory Automation Division and a member of the Factory Automation Cybersecurity Tech Team.
    About the author:Kimberly Cornwell is a System Engineer with Siemens Digital Industry Factory Automation Division and a member of the Factory Automation Cybersecurity Tech Team. She enjoys helping clients tackle their tough industrial engineering challenges. An MIT mechanical engineering graduate, she fell into industrial controls while working for a semiconductor OEM and has never looked back. At MIT “hacks” were viewed positively – she now uses that mischievous spirit to help identify vulnerabilities in the industrial OT landscape. 
    About the Author

    Kimberly Cornwell | System Engineer with Siemens Digital Industry Factory Automation Division and a member of the Factory Automation Cybersecurity Tech Team

    Kimberly Cornwell is a System Engineer with Siemens Digital Industry Factory Automation Division and a member of the Factory Automation Cybersecurity Tech Team. She enjoys helping clients tackle their tough industrial engineering challenges. An MIT mechanical engineering graduate, she fell into industrial controls working for a semiconductor OEM and has never looked back. At MIT “hacks” were viewed positively – she now uses that mischievous spirit to help identify vulnerabilities in the industrial OT landscape.