February 2021 Guest Opinion Part 1: IT/OT Convergence – Planning to Prepare for the Future

February 17, 2021
Christopher Nichols, Director IT/OT Resiliency & Support, Stanley Black & Decker, Inc.
IT/OT convergence is the integration of information technology ( IT ) systems with operational technology ( OT ) systems. IT systems are used for data-centric computing and OT systems are used to monitor  events ,  processes  and devices, and make adjustments in enterprise and industrial operations. In the past, it was not common to put industrial devices on company networks but due to the growing need to link and integrate IT and OT systems for real-time information and integrating platforms,  it’s time to understand  the risks and start planning to secure your environments.
As Industry 4.0, or digital transformation, continues to grow exponentially, there is a growing need to link and integrate business systems with manufacturing systems. Manufacturing Execution Systems (MES), for example, provide a means to track and document the transformation of raw materials into finished goods to help understand how current conditions can be optimized and to quickly make decisions that improve delivery schedules.  However , when they are coupled with Manufacturing Resource Planning (MRP) systems which are IT systems, demands, material transfers, and backflush operations, and other processes, for example, can be automated to remove errors and faster processing of information. And hey, who doesn’t want to link their Quality and Maintenance programs to their MES or OEE (Overall Equipment Effectiveness), or even their MRP system?
It is critical to note that this convergence between IT and OT  carries risk  because Industrial Control Systems (ICS), which are used in almost every machine or infrastructure – handling physical processes – are often unpatched and do not play nice with anti-virus software so they are highly susceptible to attacks. Malware that has been specifically designed to attack ICS and SCADA (Supervisory Control and Data Acquisition) has been increasing over the last decade becoming an increasing threat to organizations. For OT organizations responsible for critical infrastructure, any hint of compromise needs to be taken very seriously. This is why it is time to get down to business to start planning to secure your environments. 
While IT systems have mostly been standardized, TCP/IP, OT systems use a wide array of protocols, many of which are specific to either functions or industries or even geography. As IIoT devices become more common, external partner products present  significant challenges to creating  secure environments : there is even more of a challenge to secure legacy systems. In effect, digital transformation efforts generate these structural problems, and these problems become exacerbated by poor IT security hygiene practices within OT environments. This is largely due to the insecure deployment of IIoT devices, a lack...