OT/IT Integration success can be attributed to three key elements: people, process, and technology.
The integration of OT and IT environments is a challenging project for any organization. To help bring simplicity to this complex undertaking, an OT/IT integration can be analyzed through the lens of the cybersecurity triangle – people, process, and technology. These three essential elements must be aligned for an integration to be successful.
In part 1 and part 2 of this series, we discussed the importance of training your people and defining processes. In this final segment, we’ll look at the technology aspect of OT/IT integrations.
Technology may be the easiest part of the OT/IT integration discussion. People and process have multiple issues that must be addressed on an ongoing basis, requiring long-term focus and dedication to properly implement and operate. Technology has two main areas of concern which both can be handled in a routine fashion: security architecture and lifecycle management.
The routine nature of both security architecture and lifecycle management have been deemed so important that universally adopted controls have been implemented to support both efforts. The good news is that these processes more than likely already exist in your organization, so the ramp up time is faster and the expertise is already in place.
Defining a security architecture is of the utmost importance when preparing to integrate IT and OT systems. The goal is to protect the OT systems from unwanted exposure to the corporate IT networks and to define boundaries and controls for accessing the substation environments. Security architecture must consider both the OT devices at the substations and the network enclave in which those OT devices reside. Some OT substation devices come with built-in firewall protections. The application and use of those firewalls depend on the security architecture, but they should not be considered the only protection required for OT assets.
The next ring out should be a separate network enclave to protect the assets and control communications. A separate enclave will restrict the number of authorized users and allow for more specialized monitoring of the environment.
System lifecycle management is not a new concept and has been in place for decades, in one form or another. This is an important part of OT/IT integration because technology evolves and each system must have a periodic review to ensure it is capable of meeting current standards or security requirements. Lifecycle management goes hand-in-hand with security architecture. When reviewing the systems for potential upgrade or replacement, it’s imperative to understand how those upgrades or new systems affect the security architecture.
Conclusion
Regardless of how well managed an organization, an OT/IT integration is not an easy endeavor. It is always challenging to bring together two groups of people, who have their own agendas and priorities, and arrive at a common goal. These challenges can be overcome with the right amount of foresight and planning, as well as a mutual respect and understanding that both OT and IT have critical missions.
Read more about the importance of People and Process when integrating OT and IT.
If you enjoyed this post, please comment and share with your network. Follow @Idenhaus on Twitter and subscribe to our blog.
Photo Credit: Flickr
