IT/OT integration dangers and pitfalls

While OT systems are changing and are becoming more aligned with IT systems through the use of standard interfaces and security protocols, OT and IT domains are still worlds apart and require a keen understanding of their respective differences.

For example, an IT group each year may deploy hundreds—or thousands—of network devices such as computers, routers and switches to their enterprise networks. There is a market expectation that these vendors will release products that present standard interfaces and comply with security protocols, in addition to the expectation that these vendors will maintain their operating and security systems with regular patches and updates.

On the other hand, OT devices are typically specific to an application or task and likely lower in product volume. As a result, patches and upgrades may be slower in coming. In addition, process programs may be developed on a PLC or RTU that may use features specific to a product release. As a result, maintaining and upgrading OT systems may present a level of fragility that is new to IT groups or that may not comply with the security safeguards.

Therefore, IT and OT must communicate and work closely to understand the nuances of application-specific devices and hardware, as well as how these devices may influence network operation and policy. Pitfalls of IT/OT convergence are a challenge that many organizations will face. However, with the best-fit technology, good relationships between the OT and IT groups, and consistent communication with business owners and stakeholders, they can be avoided.