How can IT and OT teams work together effectively to secure the entire infrastructure? We asked industry experts for their top tips. Read their full responses here: https://www.tripwire.com/state-of-security/ics-security/it-collaborate-ics-security/
2. More industrial organizations are
looking to adopt IT-OT convergence.
How can both teams work together
effectively to secure the entire
infrastructure?
3. “Understand the unique needs
and direction of the shop floor,
so that cybersecurity solutions
can be implemented to support
availability, safety, productivity
and quality of the operation.
Remember that cybersecurity is
a journey that never ends...
slow and steady will win the
race.”
GARY DIFAZIO
Strategic Marketing
Director, Tripwire
@TRIPWIREINC
4. “The reasons for integrated IT-OT
environments essentially boil down to the
need for optimization… However, as with
most engineering problems, there are
various trade-offs that must be
addressed.
In this case, one of the most important
trade-offs to consider is the security
impact faced by these once partially-
isolated OT systems…
We must engineer new systems and/or
methodologies to address this problem…”
LANE THAMES
Sr. Security
Researcher,
Tripwire VERT
@LANE_THAMES
5. “I can’t stress enough that IT and OT
network engineers need to both
understand their respective needs,
requirements and philosophies for
network security differ from the other
quite drastically...
Understanding these critical
[differences] between both sides and
having regular communication before
security policies are rolled out can
help make the IT/OT convergence
much easier to manage.
SCOTT
KORNBLUE
Field Application
Engineer, Belden
@BELDENINC
6. ”If you try to shoehorn an IT framework
into an IoT project, you lose the obvious
touchpoints for OT stakeholders and risk
missing critical requirements.
Consider stating with the Industrial
Internet Reference Architecture,
Industrial Internet Security Framework
and the IoT Security Maturity Model.
NIST has also published IoT-specific
guidance that can help IT and OT
stakeholders get on the same page.”
@SANDYCARIELLI
SANDY
CARIELLI
Cyber Security
Evangelist & Product
Manager, Entrust
7. “For operations teams, finding ways
to automate routine security
maintenance tasks and showing how
security monitoring technologies
can help solve operations-related
challenges are great ways to build a
bridge.
For IT teams, helping them
understand the importance of
engaging OT suppliers and the
maintenance cycles of OT assets is
key.”
SUSAN
PETERSON
Digital Leader,
Energy Industries,
ABB
@PETERSONSUSANR
8. “As the owner of budget resources for
deploying cybersecurity programs, IT
must establish a clear framework and
enlist OT personnel to help secure the
plant.
The scope of IT and the OT involvement
must be defined explicitly at the outset
of every project. Both roles should be
complementary and should not involve
competition between them. In that
sense, defining the owner for each
task helps to avoid conflicts.”
FRANCISCO
GARCIA
Director, Cyber
Security and
Networking Digital
Plant Line of
Business,
Schneider Electric
@SCHNEIDERELEC
9. “Communication and the ability to
listen. Both seem fairly basic and
not highly technical, but I am seeing
they are the two most difficult
things any enterprise has to
conquer.
It may be a cliché, but talk is cheap;
actually listening and executing as
a team in a positive manner is the
ultimate goal to a successful
manufacturing enterprise.”
GREG HALE
Editor/Founder,
Industrial Safety
and Security
Source
@ISSSOURCE
10. “Reducing cybersecurity risks and getting
better visibilities across the IT & OT
environments requires involvement and
participation of IT, OT, Security and
management stakeholder groups.
Learning from each other by means of
practical awareness workshops is [the]
first step.
Security and management staff should be
included throughout the conversation as
they form drivers for remediation
roadmap development, project approval
and business support.”
LARRY
VANDENAWEELE
Industrial Security
Professional
@LVANDENAWEELE
11. For the latest security news,
trends and insights, visit:
TRIPWIRE.COM/BLOG
@TRIPWIREINC