OT And IT Must Understand Each Other's Domain
- Performing a risk assessment is key to establishing a stronger OT security practice.
- Vulnerability identification and prioritization should be done based on the criticality of the site and its systems to the business.
“In the industrial control world, some controls are programmed with proprietary languages. This results in a multitude of thirdparty vendors and integrators coming in and running the show how they see fit. They often don’t follow any system standards. That’s a risk.”
As OT systems increasingly connect to IT systems in plant environments, one of the big challenges is filling the knowledge gap between OT and IT operations. “In the OT world, it was always self-managed,” says Kal Mian, who has years of experience in the operational side of the oil and gas industry. “There was not a lot of communication in the past, because there was an assumption that business networks were separate from process control networks. Now the interconnections are becoming more commonplace.”