Managing IT/OT convergence: Increase IT workloads or create new OT teams?
In recent years, we’ve read that IT and OT management are converging with an increase in networked and cloud-connected manufacturing and production environments. By default in most companies, already short-staffed IT teams are being assigned responsibility for managing OT systems in addition to their existing duties handling IT assets and security, troubleshooting, and user support. That’s often without knowledge of OT systems or even a contact person from production.
The nature of production networks further challenges IT teams. Production networks are mission-critical – they must run smoothly because they’re central to how the business makes money. In contrast to typical Windows-centric business computing environments, OT networks also tend to be characterized by a heterogeneous mix of device types, brands and ages, operating within topologies and dependencies that evolved to meet ad hoc needs, i.e., not always as part of an overall plan.
Instead of approaching OT endpoint management as an add-on for IT teams, a more effective solution is forming an integrated OT organization. But what does that entail?
The first step must be taken by IT management to establish an appropriate team. Ideally, this should be done in close cooperation with production line management so that the necessary requirements are included in planning. The CISO should also be part of the OT organization from the start. After all, IT security is a company-wide responsibility and does not stop at the factory doors. The OT team also should work hand in hand with physical plant staff (electrical, maintenance, etc.) so that production can run smoothly. Finally, just as end users are briefed and trained in the company’s IT security and safety practices, all employees should be informed about corresponding OT priorities.
It’s advisable to create an OT service catalog that specifies who manages each production asset and how, similar to how companies define operational responsibilities for the company NOC, IT and support teams. That improves coordination and helps prevent unplanned production downtime and interruptions.
Coordination begins with a current, complete and detailed list of all OT assets and configurations, including the installed versions and builds of OSes and necessary software, patch status, etc. Policies and practices for OT device maintenance windows, lines of communications and reporting, cybersecurity response and other emergencies are also defined.
Companies that follow this approach will be rewarded with an OT organization that delivers higher security, fewer production downtimes and a decisive competitive advantage.