The cyber security implications of IT and OT convergence

22 November 2022

Many industries including healthcare, utilities, and manufacturing have long anticipated a closer relationship between the worlds of information technology (IT) and operational technology (OT). 

IT systems are linked to business activities such as the creation, control, and storage of organisational data like documents and records.

OT systems on the other hand control the physical business components such as machinery.

While there have been sizeable advances in IT in recent years, there has remained limited interface with OT systems. Most businesses have traditionally placed barriers between these two worlds – the digital and the physical. This is now changing as businesses realise the value of collecting and analysing the data from the OT side to monitor outputs and facilitate improvements.

The bridge between the IT and OT worlds is the Internet of Things (IoT).

It allows data to pass from OT sensors into IT databases where it can be analysed for insights about industrial production. In a healthcare setting this may be information from an Xray machine. In a factory it may be the production rates of a certain machine. For a mining company it may be the volume of iron ore processed on an hourly basis. This information contains invaluable insights that can unleash countless improvement opportunities.         

The cyber security implications of connecting a range of new devices to IT networks are immense. Hackers are presented with a host of new targets that may not be protected by a robust line of defence. Cyber security protocols are geared heavily toward IT systems, which are distinctly different to OT systems, using often incompatible operating systems. Some machines run for years without a break due to the costs of shutdown, meaning they can lag with upgrades and improvements such as patches. Most machines have not been designed with online security in mind as the engineers could not envision the possibility of them being connected via convergence.

By infiltrating via an undefended OT endpoint, cyber criminals can potentially gain access to an entire business IT network. The threat surface is exponentially expanded, and we would recommend caution for businesses rushing to embrace the benefits of the IoT. Every step of the journey toward IT and OT convergence is fraught with possible danger and it will take meticulous risk management to guard against exposure.

This process includes training staff on both the IT and OT sides of a business to understand how the interface changes the way they work. While the machinery of the future will include the components necessary to securely connect seamlessly with wider networks, current equipment does not include such features.

In summary, while the future is a more connected world, the journey toward this inevitability requires careful management and diligence. This is especially true regarding the dangers posed by cyber threats that are constantly evolving to take advantage of the opportunities presented by changes along the way. The IT and OT worlds have remained separate for so long that we are still finding our way toward true convergence.

For more information about the IoT and its cyber security implications, speak with an Intalock expert today.   

back to blog