The document discusses the key challenges facing IT and OT integration, emphasizing the need for solid communication and understanding between the two domains. It highlights issues such as data management, cybersecurity concerns, the merging of networks, and the need for effective collaboration, as well as the impact of increased connectivity due to Industry 4.0. Additionally, it points out the importance of adapting existing technologies to meet the unique requirements of OT environments while protecting critical infrastructure.

1. Key Challenges Facing IT/OT: Hear
From The Experts

2. "The main challenge is solid communication. Yes, there are technology differences
between IT and OT that smart security professionals on either side of the firewall
will iron out.
But what really comes into play is the sense of IT and OT being
able to sit down and openly discuss the issues they each face,
and make decisions on what is best for the organization.
IT needs to fully understand that when OT says they need to stay up and running
24x7, they stay up and running. OT needs to understand that IT has been in the
security business for quite a bit longer, and they know what they are talking
about.
That level of communication does not just appear out of thin air. It needs to come
from the top. You see it all the time in winning organizations when everyone
knows the plan and understands the importance of their role. In those settings,
teams will always thrive."
Greg Hale
Editor at ISSSource

3. "One of the biggest challenges facing IT and OT professionals is the
implication of merging IT with OT networks. With Industry 4.0 growing
larger, there is a drive towards greater amounts of data from automation
equipment and sensors on the factory floor.
With the massive amounts of data created from
automation, this requires ever-increasing data streams
between IT and OT networks that need to work together.
A key challenge will be executing these streams efficiently and effectively
while not negatively impacting the operational integrity of the OT network,
and thus still prioritizing quality, safety, and uptime."
Kevin Holley
Director of the Customer Innovation Center at Belden

4. Lane Thames
"Asset discovery is a critical cybersecurity component because
it provides visibility into our networks. Without visibility, it is
impossible to secure our systems.
Asset discovery within the OT domain is different and much more challenging than
in the IT domain. Gaining complete and accurate visibility holistically across IT and
OT is a current challenge faced by technology professionals. There are various
reasons for this, due to both technology and human factors. For example, common
security technologies used in IT can’t always be used in the OT domain due to
engineering and performance constraints.
On the other hand, IT and OT professionals have very different backgrounds and
priorities that can make collaboration difficult from an asset discovery and
cybersecurity perspective."
Principal Security Researcher at Tripwire

5. Alex Bagwell
"The biggest challenges that we are seeing
with IT-OT convergence is how to
consolidate overlapping solutions across
multiple business units within seemingly
separate IT and OT networks.
CISOs have historically focused on their IT networks,
investing heavily into security solutions that give them full
visibility of what is going on inside their domain. Now that
operational technology is being inherited by the CISO or
being forced to the forefront by the Board and United
States Government, that CISO is looking for ways to
reduce the number of tools but also to maintain the same
IT familiarity with their OT environments."
Vice President of Industrial Sales at Tripwire
Newton Fernandez
"I believe that the main challenge for IT professionals is to
understand how different the characteristics of OT
(availability, safety...) are from IT. Thus, be ready to help
them protect their networks while realizing the criticality of
the process and the problems of an interruption can cause. At
the same time, OT professionals will need to become familiar
with new threats (many of them already common to IT teams)
and thus, with the help of the IT team, study ways to mitigate
risks and threats while maintaining the availability and safety
of the application.
Indeed, perhaps the biggest challenge lies in
adapting common IT tools to the OT
environment without disrupting the process (for
updates, patches, or active monitoring)."
Technical Director (LATAM) at Baumier Automation

6. Divji Agarwal
"One key challenge IT-OT faces and will
continue to endure in the times to come is
related to data management and governance.
As more and more OT devices are getting networked and
connected, the potential for data management in terms of
data storage, transfer, and analytics is growing tremendously.
Organizations need to have a strong data governance policy
that outlines how data needs to be stored, managed,
accessed, analyzed, and by whom.
Data is the next gold. Industrial data has already found several
applications, with machine learning and artificial intelligence
helping to improve business performance and machine
efficiency as well as reduce downtime. Correspondingly, it’s
critical to protect this data from loss, theft, damage, and
misuse. "
Senior Product Manager at Belden

7. "The first thing we need to notice is that the wide adoption of
IP-based protocols in OT networks—and, therefore, the
convergence with IT—has created a serious problem of network
ownership and functional accountability. In the past, for
instance, network requirements for services latency or even
cybersecurity were well marked off. Nowadays, the boundaries
of both networks have completely disappeared, and we need
to take into consideration that what you do in one network has
implications on the other side. So, different departments will
have to work together to allow the network to meet the
challenge of the digitalization, to allow the company to
compete in a real digital world.
So, I think the biggest challenge is to set clear
ownership and define responsibilities based on a
mixed team that’s functionally oriented across IT
and OT networks.
It is becoming less relevant where the devices are physically
located compared to the function they perform or the
treatment we are giving to the data we are acquiring."
German
Fernandez
Director of South & East Europe
at Belden

8. "It is important to understand that cybersecurity tools designed
for modern IT environments may not suit legacy Industrial
Control Systems (ICS).
Consider, for example, an ICS that is end-of-life with known vulnerabilities that
can’t be patched and is too costly to replace. It still needs to be secured, and
while investigating for vulnerabilities, if IT runs a port scan across the ICS network,
it may lock up a PLC and shut down production for 24 hours. This situation can be
avoided using passive scanning technologies that don’t introduce new traffic on
the network but instead inspect every packet of data.
Tools are available that can detect and audit network assets as well as monitor for
configuration changes and anomalous behavior, all while mapping out the source
and destination of traffic. If there is data flowing to or from an ICS, it can be
identified and tracked."
Markus Bloem
Industrial Sales Engineer at
Tripwire (EMEA)

9. Chris Furtick
"The biggest challenge I see currently and on the horizon for IT/OT professionals has
little to do with technology; it’s the blurring of the line between “work” hours and
personal/family hours.
During the global pandemic, we have proven that many roles can function in a
remote capacity, which has resulted in many professionals embracing the “Zoom from
Home” work culture. But the fact that we can work from ANYWHERE has transitioned
to a mindset that we now work from EVERYWHERE.
Technology professionals will need to be mindful to disconnect
from the computers, tablets, and smart phones and reconnect
with family and friends. It’s easy to allow the “tyranny of the
urgent” to override the importance of having time to relax and
recharge."
Director of Incident Response and Planning at Fortalice Solutions

10. Scott Kornblue
"One area I see as a long-term challenge in the IT-OT
convergence is the growing need for secure remote access
into sensitive/critical networks. Specifically, as the typical
work environment is shifting to more remote/work from
home processes, the need to allow trusted engineers and
operators to reach networks remotely will grow.
Secure remote access strategies will have to traverse both
IT and OT networks. IT network administrators will need to
work closely with OT/SCADA network operators to properly
design these remote access policies and procedures.
Over the next five years, this challenge will
most certainly evolve as secure remote
access moves from a position of convenience
to one of necessity."
Lead Solutions Designer at Belden
Michael Sanchez
"All too often, new products are deployed without set
standards, making them difficult to manage, service, and
secure.
Broader adoption of BYOD and remote work
environments requires enhanced security
methodologies. This raises questions around
how inventory, monitoring, baselines, patching,
and change and configuration management will
be supported. Meeting these challenges
requires organizations to look beyond minimal
compliance and checking proverbial “boxes” to
advanced security solutions.
Legacy firewalls, routers, and switches are insufficient when it
comes to the modern world. Advanced security technologies
such as the cloud, AI, and global threat intelligence are now
requisite to protect today’s OT/IoT devices."
CEO at ITENGRITI Corporation

11. Dean Ferrando
"Rather than trying to compare which security methodology
(IT or OT) is better and how we need to bring one up to the
other, why not combine the best of both worlds into one
global security policy that could work for both the IT and OT
estates?
Physical security is as important as
cybersecurity, and cybersecurity is as important
as physical security. The two should not be
seen as mutually exclusive but rather as
complementary to one another.
The only challenge we are seeing in the marketplace today to
make this dream a reality is for both environments to find a
common language that is understood by all."
Systems Engineer Manager (EMEA) at Tripwire

12. "With the rapid growth of Ethernet on the industrial side and the organization
converging into a single data network spanning both IT and OT, the conflict seems
inevitable. Which department gets oversight and control of the Ethernet network?
A lot of organizations are finding out—perhaps not without a bit of pain—that the
“either/or” question can be problematic.
The chasm between IT and OT in everything from processes to
knowledge and culture can be quite large.
There needs to be a way to bridge the gap between IT and OT. One pathway to
achieve this is by finding an individual capable of communicating with and
relating to both departments. This person could ensure that the departments work
synergistically rather than as adversaries, and they could use a sub-organization
around him or her to ensure that the proper backing and resources are provided.
We call this individual the “Automation & Data Exchange (ADX) Engineer” and the
support system for this person the IT/OT “Joint Task Force” or “Steering
Committee.” Both entities are critical in ensuring the success of IT/OT
convergence."
Jeremy
Friedmar
Senior Product Line Manager of
Industrial Connectivity at Belden

13. "In the energy industry and in energy-intensive industries, the
post-COVID world will catalyze substantive change in how we
operate in the future.
The biggest challenge that OT and IT security
professionals face in these industries is how to
support this operational evolution with security
being addressed at its foundation.
In the OT space, cybersecurity was often treated like a final step
or “afterthought.” In this phase, security teams need a seat at the
table not only around topics related to new technology itself but
also to be engaged on the people and process aspects involved in
this evolution.
As security professionals, we are critical stakeholders in the
mission to enable different operating models. Given this evolution
towards new ways of working, there is a lot of investment in new
enabling technology."
Susan Peterson
Serves on the advisory boards of
Bayshore Networks, Cognite,
Innosphere Ventures and One Warm
Coat

14. "The convergence of IT & OT technology is happening at a quicker pace. It is motivated
by market forces that mandate ever-increasing connectivity of all assets across
enterprises. Conjunction of these worlds exhibits directly in the shifting responsibility
for ICS security into the IT security and risk C-Suite.
Today, IT security and risk leaders are progressively forced to take over the security of
OT devices at a fast pace. This newborn accountability has left IT security and risk
leaders fighting to adopt the OT security labor gaps, contrasting technology solutions
and costs. Although OT and IIoT security concerns are benefiting from increased budget
prioritization, security and risk leaders remain keen for simplification of their existing
tech stack.
Added to above, the lack of skilled OT security personnel has been a big challenge due
to the silos created between IT and OT.
Each group has their unique way of handling security, and most of
the time, it does not align, as IT and OT environments operate on
different technology stacks."
Viral Trivedi
CBO at Ampcus Cyber

15. "Biggest challenges to OT and IT professionals now and in
the next five years will be ransomware, supply chain, and
digital transformation.
Ransomware will shift attention to incident response and recovery first, then
eventually it will find its way into better network designs such as intelligence
slanting and shear-away networks. If you can island off the critical OT and let
the other stuff burn then rebuild/recover, we get closer to resilience.
Supply chain is stealing much of the oxygen in the room despite the lower
probability of it happening. Nonetheless, SBOM/HBOM and the like will take
off to assist. Mix in some politics and security theater with the depth and
breadth of truly managing supply chain risk, and the scope of the mess
becomes apparent."
Patrick C. Miller
CEO at Ampere Industrial Security

16. "OT professionals have been traditionally challenged due to
new technologies coming into the automation field. This is,
from my point of view, the first trait of the so-called “IT-OT
Convergence trend.”
A good example is the evolution of the initial control systems from wired logic
(based on electrical relays interconnected in big and complex electrical cabinets)
to Programmable Logic Controllers. PLCs were microprocessor-based devices and
thus a direct application of the computing technology already used in the IT field.
Even if this new technology was full of benefits in automation applications—for
instance, much smaller cabinets could cope with more complex systems—its
adaption to the OT professional was key for its success.
Ladder programming language allowed the ‘circuit & relay OT’ way of thinking at
that time to program and maintain these new systems. But in time, high-level
programming languages made their way into the industrial scene, and
professionals took to them naturally. This trend has become much more intense
now, with the time for new IT technologies to land on the factory floor having
shrunk over the past few years."
Ignacio Bravo
Lead Solution Designer LATAM
at Belden

17. To learn more about Belden and
Tripwire's IT/OT security solutions
visit:
https://www.tripwire.com/solutions/industrial-control-
systems/tripwire-industrial-solutions-catalog
@TripwireInc