| |JULY 20219malware attacks, hacktivism, employee sabotage and other security risks that previously affected only corporate Information Technology (IT), (iii) as the lines between IT and Operational Technology (OT) is distorted, we need to we provide appropriate access to control and production data while inhibiting cyber security proceedings that could cause stoppages, Security threats and progression interruptions, and (iv) many manufacturers still see strong resistance to bringing information and operational technologies together, with mistrust coming from both sides. The objective of the use case is to provide real time feedback on quality with the aim to defect outflow prevention to subsequent processes. The traditional physical segregation between IT systems and OT systems has been replaced by an integrated approach. IT & OT AlignmentBy working together as a cross functional unit IT and OT systems can leverage common standards, risk and governance approaches. In-built security points can be configured within the system development ensuring reduced potential enterprise risk and adequately protecting both sides of enterprise systems. IT development should align with enterprise needs and ensure a compliance approach is factored in from the outset. This can help address a wide array of important questions, including each of the following: Factors to be consideredAccess Management - how access is controlled, is it through domain/active directory or a separate workgroup?Asset Management- are all production assets tracked and maintained & reconciled to financial records?Anti-Virus/ Patch Management - is the no of assets equivalent in asset register equivalent to number of systems connected?Entry Level Control - are the tools/systems which are coming into the company checked?USB Access ­ is USB (Stuxnet is a powerful reminder of the damage these devices can do) permission controlled? Below are the points, addressing which can be a potential strategy harmonizing the two traditionally separate areas: (i) Understand the concerns (like flat network issues, inefficient patch management, resource constraints, and independent Mini Data Centers) (ii) Evaluate and Classify the risk of blending IT and OT (remember that risk is not static and risk Mitigation should be on the classification of Risks), and (iii) Consider major IIoT security viewpoints (like evaluation of difference between IT and OT, security risks in OT are different than IT, and improved focus on patching cycles, (iv) Consider the devices; OT normally comprises the systems that handle the monitoring and automation through SCADA systems attached to distributed control systems (DCS), programmable logic controllers (PLCs), remote terminal units (RTUs) and field devices, and it also needs a step-by-step approach towards asset management and visibility, (v) Consider the gateway (separation of IT and OT Networks, and SOC & Centralized Monitoring).There are many benefits to making and supporting cross-functional teams. Both ICS and IT cyber security specialists bring appreciated and unique viewpoints to the table.
< Page 8 | Page 10 >