2017 SANS Survey: Securing Industrial Control Systems, Executive Summary
Traditionally, industrial enterprises kept everything separate. The Information Technology (IT) group managed the office network where the environment was mild, internet speed was important and security of confidential information was the biggest concern.
Meanwhile, down in the plant, the Operations Technology (OT) team faced harsh environmental conditions with a closed, air-gapped network. Their primary object was simply to keep production running – safely.
A look at IT and OT priorities would look something like this:
Katherine Brocklehurst, “Cyberattacks and Bottom Lines: Who Has Responsibility for Industrial Cyber Risks?,” Advancing Automation eBook, Vol. III:20-25.
Now, more devices on the plant floor need to be connected to the Internet. Remote locations must be managed from one central location. Executives in the office demand data to manage plant maintenance, upgrades, output quantity and quality and inventory levels.
That means blurry – or nonexistent – lines between IT and OT roles and responsibilities. The network of the future will be unified to serve both worlds.
Merging the automation networks of the factory (OT) with the data exchange office network (IT) requires intentional actions. Here are a few steps to get you started.