IT professionals face a number of challenges when it comes to the security of Operational Technology. Some of them have been outlined below.
1. Varying Origins of Components
- Operational Technology (OT) is characterized by “the hardware and software dedicated to monitoring and controlling physical devices such as valves, pumps, etc.”
- Many times, these components are procured from varying vendors and most of these components are prioritized based on their cost as opposed to their security features.
- The overarching system, made up of smaller components from varying sources, amplifies the level of cyberthreat and poses an increased risk to the IT professionals handling these systems.
2. IT vs. Production
- Since the sensors and controlling devices used in OT are being used in manufacturing setups, the responsibility of these systems is usually assigned to the industrial and/or resources department and IT personnel rarely have a say in this matter.
- This is a serious matter since IT departments should also be taken in the loop when it comes to OT because these devices are operated through the internet and are thereby prone to cyberattacks.
3. One-Size-Fits-All Approach
- OT is unique and implementing a traditional cybersecurity approach may not work.
- An example is patching. IT professionals may introduce patches for a given situation, which when run on an infected system eliminate the given cyberthreat.
- With OT, the implementation of patches is not that easy and the assessment of their success, once they have been implemented, may also be tricky.
4. IT and OT Isolation
- When it comes to industries where OT systems are being used, IT systems are usually set up in isolation from the OT systems, which means that the OT systems have nothing to do with IT. This reduces the maneuverability of IT professionals.
- Such was the case with a large oil and gas corporation, which came under scrutiny when the company faced frequent cyberattacks. The company then worked towards resolving this issue by creating “an integrated cybersecurity organization under a chief security officer aligned with the risk function”.
5. Remote Access
- OT environments allow remote access to third-party vendors, which increases the domain for the implementation of cybersecurity measures drastically.
- This, in turn, makes the IT personnel’s job more difficult as they have to cover more ground to ensure that the entire system is foolproof.
We have outlined several challenges facing IT professionals today when they are tasked with the implementation of cybersecurity measures on an OT system. We also found some other challenges. e.g. the use of legacy environments and widespread operations throughout the globe, however, we selected the ones which are most apt to IT professionals and Operational Technology.