IT/OT convergence makes digital transformation possible. When you bridge the gap between these two worlds, you enable data to be combined and transformed into insights, teams to connect and collaborate across sites, and work to be more digitalized and efficient.
But underlying all your digitalization efforts must be a cybersecurity approach that also converges IT and OT.
One example of where IT and OT must come together in cybersecurity is in the security operations center (SOC). The SOC is a well-established concept in IT. It brings together people, processes and technology not only to respond to security threats but also proactively mitigate them.
Integrating OT into your SOC can come with its challenges, especially if OT security is still a relatively new concept or skillset in your organization compared to IT security. For example, on the IT side, cybersecurity activities have evolved to the point where they’re increasingly automated in the SOC. But on the OT side, many companies have yet to even figure out their manual activities.
Creating an integrated SOC
A converged IT/OT SOC should address all five stages of the National Institute of Standards and Technology (NIST) cybersecurity framework (CSF). From an OT standpoint, that means your SOC can ideally help you:
- Identify OT assets
- Protect those assets using various security measures
- Detect anomalous or suspicious activity
- Respond to such activity with urgency
- Recover from incidents as quickly as possible
But what does your SOC need to be able to support you across these stages?
Within your SOC, a holistic view of your organization’s security posture should be available via information feeds from IT and security tools. Among the tools providing these feeds should be OT-centric solutions like threat-detection tools. These tools should be designed specifically for OT networks and be able to monitor traffic at its deepest levels.
Even more critical than having the right technology in place is having the right people in place. These people must be intimately familiar with OT environments – their networks, technologies and business priorities. And they should be knowledgeable in industrial security standards and best practices.
Finally, the SOC needs OT-specific policies for activities like responding to and recovering from cyber incidents. These policies should outline protocols for containing incidents and eradicating intruders, and for regaining a fully operational state.
Some companies can do all or most of this work on their own. But if you’re like most companies, you need a partner that can bring a mix of OT expertise and resources to help answer your questions and fill in your gaps as you establish your integrated SOC.
So, what should you look for in a partner for your integrated SOC? A few key considerations include:
Breadth of capabilities: A partner should be able to support you at any point in your digital journey and across the entire NIST CSF. They should be able to help you evaluate your installed base, supply or recommend protection and detection solutions, and support the development of response and recovery policies.
Cost-effective support: Finding and retaining talent with OT security expertise can be one of the most challenging – and expensive – aspects of creating an integrated SOC. That’s why many companies choose to bring in third-party OT security experts who understand the various protocols and technologies used on the plant floor, and the risks they face.
Response times: If an incident occurs at one of your facilities, a partner should help you get production back up and running as soon as possible. Vendors that have only worked in IT environments may not understand the cost of downtime to your business. But an experienced OT partner will respond with the urgency you demand to help respond to threats and recover from incidents.
Ready to connect?
A converged IT/OT SOC is essential for managing risk across your operations. Learn how Rockwell Automation can help you converge IT/OT cybersecurity in your SOC by learning more about our Industrial Cybersecurity Services.