Navigating IoT-OT convergence, balancing innovation, and protection in organizations

By Chandan Pani, CISO, LTIMindtree

OT (Operational Technology) and IoT (Internet of Things) are two distinct concepts related to technology and connectivity with key differences in their scope and application. It is exciting to witness and be an integral part of them as they are increasingly getting entwined.

IoT is revolutionizing manufacturing and industrial processes as it uses advanced technologies such as machine learning (ML), Machine-to-Machine (M2M) communication, and Big Data to derive efficient outcomes from sensors and internet connected small devices. Operational Technology (OT) refers to the hardware and software systems that are used to monitor and control physical devices and processes in industrial environments. It includes technologies like supervisory control and data acquisition (SCADA) systems, industrial control systems (ICS), and programmable logic controllers (PLCs).

The convergence has made the physical machines ‘intelligent’, and offering benefits such as Predictive maintenance, Advanced monitoring with Remote controlling, and Implementation of AI and ML or Process automation.

While we enjoy and celebrate the pros, it’s essential to view and understand the cons. Since the two technologies come from unrelated and isolated realms, bridging them together with internet and technology has been like combining two pandora’s boxes. This convergence has implications on cybersecurity, as it increases the attack surface for organizations and makes it more difficult to detect and respond to attacks. For example, if an adversary gains access to a metro trains OT network or a city surveillance system, they can create any number of disasters that would affect a large part of the city’s population. To predict such attacks and to avoid such disasters, securing these networks is crucial. But due to the sheer number of devices involved in these networks and limited resources, securing them becomes challenging.

Additionally, the lack of a single security framework that is universally accepted for these diverse devices adds to the existing security challenges. Along with organisations being unaware of the cybersecurity risks associated and the constantly evolving threat landscape make such networks a great target for hackers and cyber terrorists.

Organizations need to be aware of emerging trends in cybersecurity, such as the increasing use of cloud computing, the growth of the IoT, and the development of new attack methods. Organizations can mitigate the risks associated with IoT-OT convergence by implementing a layered security approach, using security tools that are specifically designed for IoT applications, educating employees about IoT security risks, and conducting regular security assessments of IoT-OT systems.

The other most critical requirement is the need for the right skill set to manage complex security requirements. It is commonly seen that organizations often end up with lesser skilled resources thus compromising their security posture. It is ideal to have a skilled partner as a MSSP who can provide a wide range of services, including threat monitoring, incident response, and security consulting on IoT and OT security. By combining a well-defined incident response plan with managed security services and highly skilled teams, organizations can significantly enhance their cybersecurity posture.

IT and OT teams need to collaborate to create a holistic and secure ecosystem for the IoT-OT convergence. By sharing information about the physical plant or a traffic control system with each other, the IT and OT teams can better understand the risks to workers and assets. This allows them to develop more effective safety and security measures and continue protecting the organisation and allowing for growth without the loss and decline caused by security incidents.