Merging IT and OT brings new security challenges

According to the recent study by Fortinet, industrial companies want to further digitize their factory floors to become more efficient and gain deeper insights into their production processes with the help of collected data. Sixty-six percent of respondents say their manufacturing runs over IP-connected networks and they already use real-time data to make business decisions. However, these networks also bring new security risks. For 73 percent of respondents, they say this has increased their company's attack surface. Only half are of the opinion that their machinery can fend off attacks. Conversely, this means that half of the machines are not equipped against cyber attacks.

Lack of collaboration between IT and OT teams

Another important finding of the study: The lack of collaboration between IT and OT teams jeopardizes the security of industrial control systems (ICS). 51 percent of respondents said that they work in isolation from each other. This means the OT team manages key industrial assets and their cyber security, while the IT team is responsible for information technology security. A quarter to more than a third of respondents also did not know who had primary responsibility for cyber security solutions such as process, control and automation systems - or even business planning and logistics. However, 91 percent believe IT and OT should share responsibility for machinery security. 58 percent also say that both teams should regularly exchange information about the networking of IT and OT.

Companies can benefit enormously from the combination of IT and OT and the close collaboration between the responsible teams. The majority of respondents (66 percent) cite access to real-time data from manufacturing operations here. For 59 percent, better insights into production data to develop new business models are an important benefit. In addition, numerous efficiency gains can be achieved as a result: 43 percent of respondents said they were able to reduce redundancies in processes and workflows and also create more transparency to mitigate cyber threats.

"Industrial companies need to change at the operational level to bridge the gap between IT and OT environments. Trust needs to be built between the relevant teams to ensure successful networking. Attack surfaces are getting bigger, so IT and OT teams need to work together to improve visibility and defend against cyber threats. That's why at Fortinet we invest a lot of time and resources in research and development of ICS cybersecurity solutions," said Franz Kaiser of Fortinet.

About the study

The online survey was conducted by Forrester Consulting on behalf of Fortinet. It included 459 IT and OT decision makers from India, Turkey, the UK, Spain, Poland, Germany, Slovakia, Italy, France, the Czech Republic, and the Netherlands who are responsible for industrial control systems (ICS) in industrial companies with at least 1,000 employees in the automotive, transportation, manufacturing, and marine and aerospace industries. The goal was to gain insights into how industrial companies organize security, security roles and responsibilities between IT and OT, as well as the challenges and opportunities presented by the merging of IT and OT.

How does it look in the security industry?

The Swiss Association of Security System Installers (SES) has published a new cyber security guide. It supports security system installers in protecting their systems as well as possible against hacker attacks.

The trade publication SicherheitsForum (SF) publishes an interview with two authors of the guide in its 1/2020 issue. The interview also discusses the interaction between information technology and operational technology, i.e., the actual security technology.

Click here for the SF trial subscription.