Recent global events have convinced us that digital transformation is here to stay and, in fact, accelerating. Companies that had already begun to embrace digital transformation were able to adapt more quickly to disruption and demonstrate greater resiliency. Now that the initial rush to support a shift to a more distributed model is behind us, we have an opportunity to pause and consider what work still needs to be done to further resiliency. For the 45% of Fortune 2000 companies in industries that depend on operational technology (OT) networks to run their business, it’s likely time to revisit IT risk management and governance and determine how to include OT networks.
Looking at governance and processes holistically can be a challenge for various reasons. To begin with, IT and OT teams prioritize the three principles of confidentiality, integrity, and availability (CIA) differently. The teams that manage information security typically prioritize confidentiality of data over integrity and availability, whereas the teams that run OT networks prioritize availability (or uptime) over integrity and confidentiality. This difference tends to overshadow the fact that both teams share the same desired outcome – risk reduction. We can respect those priorities by employing different approaches and different tools as we work toward a common goal.
Another area that presents a challenge is the different way in which organizations, versus adversaries, view IT and OT networks. Organizations tend to think of these as separate networks, whereas adversaries don’t see things this way. To them, a network is a network, so attacks are intertwined. NotPetya is a prime example of an attack devised to spread quickly and indiscriminately across an organization. While OT networks were not the primary target, the accidental spill-over of NotPetya from IT to OT networks was a wake-up call that we must thi ..
Support the originator by clicking the read the rest link below.
