Comment: The growing threat to critical industrial equipment

By breaking down the barriers between IT and OT, companies can create a more secure and resilient manufacturing environment, says Mark Lloyd, business unit manager at Axians UK.

One of the biggest challenges in securing IT/OT systems is the human factor
One of the biggest challenges in securing IT/OT systems is the human factor - AdobeStock

The convergence of Information Technology (IT) and Operational Technology (OT) is no longer a matter of “if”, it’s a matter of “when”. Convergence has already happened. While many manufacturers may have anticipated this shift, the consequences of not adapting could be severe. It is not just about enhancing efficiency; it’s about securing the very systems that control critical industrial infrastructure. With targeted attacks on integrated IT and OT systems becoming more common in the past year, manufacturers face a rising threat that could put essential equipment at serious risk.

As industrial systems become more connected to traditionally “corporate” IT networks, the risk of cyberattacks jumping the gap intensifies. According to recent reports, an alarming 70 per cent of OT systems are expected to be connected to corporate IT within the next year. However, only 19 per cent of manufacturers are considered to be advanced in securing these systems, according to the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Even more concerning is the fact that only 45 per cent of manufacturers feel adequately prepared for the challenges posed by converged IT/OT systems.

The threat will not wait for organisations to be ready for it. Security is no longer just an IT concern; it’s a critical factor that spans both IT and OT environments and links them inextricably. The responsibility for securing these converging systems must be clearly defined and executed, yet the path to effective protection remains unclear for many.

The convergence is coming whether we’re ready or not

As the integration of IT and OT becomes more common, the divide between these two systems, once seen as separate entities, continues to narrow. Yet bridging the gap is easier said than done. IT systems are often centralised, streamlined, and governed by strict protocols and standards. OT, on the other hand, is usually more decentralised, with a focus on continuous uptime and operational efficiency. This is further complicated by the fact that OT systems were traditionally built with less regard for cybersecurity, making them particularly vulnerable when integrated with IT networks.

The unfortunate reality is that many manufacturers are not prepared to manage the convergence of these two systems. Too often, organisations treat OT and IT as one. They may bring in IT engineers to oversee OT systems, but the truth is that these engineers often lack the expertise required to properly secure OT equipment. Without the deep understanding of the intricacies of OT systems. From programmable logic controllers (PLCs) to industrial control systems (ICS), there’s a significant risk of overlooking vulnerabilities that could result in devastating attacks.

The challenge is “threading the needle.” IT systems are often designed to be straightforward and well-understood, with a clear path to follow. OT systems, however, are more complex, siloed, and require a different approach.

How do you bridge the gap?

The question then becomes: How can manufacturers break down the wall between IT and OT in a way that minimises risk and maximises security? It's not as simple as just buying a box of tricks. You need to understand how it all works, and how to make it connect. The answer starts with embracing a holistic approach that recognises the interconnectedness of these systems.

Manufacturers can no longer stand still in their approach to IT/OT integration and cybersecurity. The pace of technological change means that yesterday’s solutions will not suffice tomorrow. This requires manufacturers to continuously assess and adapt their strategies, invest in skilled personnel who understand both IT and OT systems.

They should prioritise a proactive approach to integration, beginning with a detailed asset inventory and risk assessment, followed by implementing network segmentation and fostering a collaborative security team.

People are the weakest link

One of the biggest challenges in securing IT/OT systems is of course the human factor. Cybersecurity is not just about technology it’s about people and processes. And that extends to OT in a tangible way. The human risk perspective is critical in this context, as employees often unintentionally contribute to vulnerabilities. Whether it’s through falling for phishing attacks, neglecting basic cybersecurity hygiene, or failing to adhere to security protocols, people remain a significant weak link in the chain.

To mitigate these risks, manufacturers must invest in training and awareness programs that teach employees about all of the unique cybersecurity threats faced by integrated IT/OT environments. Given the critical nature of OT operations and the potential for fatal human risk, these systems demand prioritised security measures. The more educated and aware workers are, the less likely they are to inadvertently contribute to security breaches. It’s not just about technology but also about creating a culture of security that permeates every level of the organisation. From the factory floor to the boardroom.

Embrace change, stay agile

The modern landscape of manufacturing is rapidly changing, and companies cannot afford to remain stagnant in their approach to IT and OT security. The convergence of these systems is not a trend that will pass, it is the inevitable future. And while it’s understandable that organisations may feel overwhelmed by the complexities and challenges involved, the key to overcoming them lies in agility and proactive planning.

Manufacturers must embrace change, invest in the right technologies, and ensure that their teams have the necessary skills to manage converged IT/OT systems. Most importantly, they must recognise that securing these systems is a shared responsibility that spans the entire organisation. By breaking down the barriers between IT and OT, companies can create a more secure and resilient manufacturing environment - one that can face the growing threats of today and tomorrow.

Mark Lloyd, business unit manager at Axians UK