Cybersecurity and resilience in manufacturing
Having an OT/IT convergence strategy is essential to OT cybersecurity.
Operational technology (OT) and information technology (IT) have traditionally been separated for good reason. But now, these worlds are coming together from strategic initiatives related to Industry 4.0 or digital transformation. Lance Oberlin, manager, business and industrial IT at RoviSys, talks about what OT and IT can learn from one another.
CFE MEDIA: How important is good OT/IT convergence to ensuring cybersecurity?
Lance Oberlin: We find a well-designed, implemented and maintained OT/IT convergence strategy is critical to OT cybersecurity. In fact, this is arguably the most important element to an effective OT cybersecurity defensive posture. Most of OT’s exposure to the Internet comes through the enterprise’s direct connection to the Internet, which is typically facilitated via IT networks and managed by the IT team.
CFE MEDIA: What are common “pain points” that must be dealt with to ensure an appropriate manufacturing resilience strategy?
Oberlin: Our experience shows much of the “pain” associated with resilience in manufacturing is attributed to the following components:
- The nature of manufacturing: Critical infrastructure with limited downtime, aging and fragmented systems and high variability between processes.
- Appropriate application of IT cybersecurity best practices within manufacturing.
- Adoption: The OT community may not understand IT-centric cybersecurity edicts coming from “on high” and may see them as a hindrance.
- Atrophy/deterioration in effectiveness of resilience strategy once in place.
In the hands of a capable and strategic-minded system integrator (SI), these types of risks should become value-added opportunities, allowing for improved return on investment (ROI), reduced risk to production, increased solution sustainability and schedule trimming.
CFE MEDIA: How do you recommend accelerating digital transformation and Industrial Internet of Things (IIoT) adoption while maintaining unified OT/IT convergence?
Oberlin: Often, the key to acceleration is taking a holistic approach to digital transformation-type initiatives: Helping customers first define what they are looking to solve and achieve with digital transformation. This includes involving the right team of people from the start, developing clarity on what digital transformation and IIoT adoption means for the customer, including desired outcome, while keeping an eye on ROI and budget.
From this position, we work with customers to initially focus on building the “roads” within OT, and between OT and IT, ensuring a suitable foundation to “bolt on” the defined use cases and ROI around digital transformation (and other future state initiatives). With the foundational elements in place, and OT and the paths between OT and IT secure and robust, the transformation initiative(s) can accelerate from here, often various workstreams in parallel, in meaningful and productive ways.
CFE MEDIA: How can system integrators support these solutions?
Oberlin: SIs should truly understand both OT and IT, and be able to effectively champion the goals, mindsets and tactics of both of these “worlds.” SIs should work with customer IT, OT and information security groups whenever possible, helping to effectively bridge any gaps between groups as needed. This model allows for holistic solutions that provide true ROI, effectiveness, enterprise-wide buy-in and sustainability once implemented.
SIs should remain independent of any specific product or technology. In greenfield situations, SIs should allow the customer needs and goals to determine the appropriate product or technology. In brownfield scenarios, SIs should look to work with what is already in place, if suitable, and adopt the “greenfield” approach if not.
SIs should engage with a customer around digital transformation as early as possible, helping the customer with thought leadership around suitably defining the “what,” which then informs the “how.” In addition, SIs should be able to support the whole process, from upfront design to ongoing support of the systems. Adoption support should be a key offering of the SI.