The IT/OT industry is addressing this issue by implementing purpose-built, integrated security solutions that can natively onboard connections from both ends. These solutions, along with threat intelligence and analytics, are becoming increasingly crucial as organisations require actionable and straightforward insights into the growing complexity of their converged environments.
Frost & Sullivan’s latest white paper, Guarding the Gates to a Converging World—Operational Security (OPSEC) in a Digital Era, discusses the value of a 360° approach to fortifying the people, processes, and technologies that empower true information resilience. It explores the need to implement an integrated solution to address the security challenges created by IT-OT convergence.
“Chief Information Security Officers (CISOs) face the complex task of protecting OT systems while allowing essential data, telemetry, and human machine interface (HMI) traffic to reach the centralised, connected enterprise databases,” said Kenny Yeo, Associate Director, Security Practice, Frost & Sullivan. “A tailored OT solution can resolve this issue by providing broader, more granular visibility into the networks through a single pane of management, enabling a scalable reduction of attack surfaces.”
“The Siemens Extensible Security Testing Application (SiESTA) is a framework to carry out comprehensive security checks associated within IT-OT network environments. It was developed by Siemens AG practitioners for standardising and automating testing procedures while granting flexibility by its extensibility, e.g., with third-party tools,” remarked Dr. Henning Rudolf, Head of Global Cybersecurity Strategy & Business Enablement at Siemens. “The user-friendly SiESTA management console enables simple planning and automation of individually compiled test procedures to empower security teams to determine the safety status of components. Significantly, it also enables safe, non-intrusive active testing in OT networks while minimizing the risk of product outages, application downtime, and system interruptions.”
When selecting an OT solution, Frost & Sullilvan suggest that enterprises need to take the following into account:
Understand their entire environment: Identify and inventory all components, systems, and networks to ensure complete testing coverage.
Leverage both prescribed and customized tests: Utilise a toolset that provides the flexibility needed to create and configure custom tests that meet enterprise-specific requirements.
Perform structured change management to enhance the security of the OT platform: Perform consistent, structured tests, automated scans, gap identification, and rectification programs to enhance system safety and security.
Overall, a dedicated IT/OT security solution can deliver benefits such as increased OT visibility; best-of-breed protection; deeper and more actionable insights; automated workflows; and flexibility of approach.