Building a Resilient World:

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Addressing and Securing Converged IT/OT Environments

In recent years, industrial organizations and those operating critical infrastructure have made significant shifts to adopt new technologies for increased efficiency and innovation. To accomplish this, many organizations have brought operational technology (OT) online, thus converging the world of OT with IT. While this has yielded great benefits, it has also expanded the attack surface. Though some organizations intentionally connect the two environments, others experience accidental convergence, or unintentional points of connection between IT and OT, in environments intended to be “air-gapped,” or physically separated. In both scenarios, maintaining security posture across converged environments is crucial to reduce unnecessary cyber risk.

Addressing the Air Gap

Today, air-gapping is virtually impossible to upkeep and risky to rely on, considering that a seemingly routine activity could allow attackers access to operational environments. For example, a regular maintenance check-in may require a laptop to be plugged directly into an OT system, during which time the devices—even if momentarily—are converged.

Unfortunately, air gaps contribute to a misleading illusion of security, leaving security teams scrambling when they realize their OT is exposed to the outside world. As noted in an alert earlier this year from the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), cybercriminals are continuously targeting internet-accessible OT for malicious activities.

Air gaps are no longer sufficient to secure OT. These once-isolated systems require a unified, proactive approach to security to stay ahead of mounting threats.

Start with Visibility

Whether an organization is aware of their IT/OT convergence or not, security teams can’t protect what they can’t see. A blind spot to a security team is an open opportunity for an attacker. In converged environments, an attack can come from all sides, making it critical to secure both IT and OT.

This can mean breaking down silos between IT and OT teams. Assigning different thresholds and processes to secure IT or OT environments turns addressing risk into a disjointed ordeal. Organizations must start with having unified visibility across their converged environments. A single-pane-of-glass view over all IT and OT assets allows security teams to eliminate dangerous blind spots and identify security issues before they can be leveraged in an attack.

Prioritize Detection

With strengthened visibility, security teams are primed to gain deeper situational analysis of their critical assets. It’s important to understand the intricacies of each environment, as IT has a shorter lifecycle than OT, which can linger in industrial environments for decades. This means security teams need to take a second look at their asset inventory, maintenance logs, and change records to ensure they are current. An attack often begins at the network level and can propagate to reveal itself within changes to the programming and actions at the device level. As such, investing in solutions to actively query devices to ensure they are operating normally, without anomaly, can stop an attack before it propagates.

Today’s security teams must embrace a proactive approach to securing modern, converged environments to reduce risk factors of both planned and accidental IT/OT convergence. Understanding points of convergence, ensuring robust visibility and maintaining strong situational analysis across IT/OT will have substantial, positive impacts on security posture. These measures allow critical infrastructure and industrial organizations to fulfill mission-critical operations efficiently and securely.

Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.

Marty Edwards, Tenable
Marty Edwards, Tenable
Marty Edwards is a globally recognized Operational Technology (OT) and Industrial Control System (ICS) cybersecurity expert who collaborates with industry, government, and academia to raise awareness of the growing security risks impacting critical infrastructure and the need to take steps to mitigate them.

As Vice President of Operational Technology Security at Tenable, Edwards works with government and industry leaders throughout the world to broaden understanding and implementation of people, process and technology solutions to reduce their overall cyber risk. As industry Co-Chair of the Control Systems Interagency Working Group (CSIWG), he works to promote and advance OT security across the public and private sectors.

Prior to joining Tenable in 2019, Edwards—a 30‐year industry veteran—served as the Global Director of Education at the International Society of Automation (ISA). While at ISA, he was recognized by his industry peers with the SANS ICS 2019 Lifetime Achievement Award. Prior to ISA, Edwards was the longest‐serving Director of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS‐CERT).

Edwards also served as a program manager focused on control systems security at the Department of Energy’s (DOE’s) Idaho National Laboratory (INL) and has held a variety of roles in the instrumentation and automation fields. Edwards holds a diploma of technology in Process Control and Industrial Automation (Magna cum Laude) from the British Columbia Institute of Technology (BCIT), and in 2015 received the institute’s Distinguished Alumni Award. In 2016, Edwards was recognized by FCW in its “Federal 100 Awards” as being one of the top IT professionals in the U.S. federal government.

Related Posts

Protecting Vital OT Infrastructure: Key Strategies for OT Penetration Testing

Operational technology (OT) cybersecurity faces significant challenges in maturing its operations and pro...
Mohannad AlRasan May 24, 2024 4:44:16 PM

How to Implement Cybersecurity Automation in Education

Every industry today needs to take cybersecurity seriously. That said, some sectors face more dangers tha...
Zac Amos May 17, 2024 4:04:28 PM

How Machine Learning Revolutionizes Automation Security with AI-Powered Defense

The terms “AI” and “machine learning” are often used interchangeably by professionals outside the technol...
John Funk May 10, 2024 3:16:51 PM