With most industrial control systems (ICS) now connected to the Internet, energy organizations have had to shift how they think about security. Addressing new digital threats against the Industrial Internet of Things (IIoT) has presented unique challenges, not just technologically but also organizationally. This next set of results from Tripwire’s Energy ICS Security research explores how IT and OT (operational technology) teams are working together to tackle this challenge.
The study, conducted by Dimensional Research in March, included 151 individuals with responsibility for ICS security at energy companies, comprised an even mix of individuals with IT and OT functions.
According to the survey, the longstanding divide between IT and OT teams may be closing. 73 percent of participants said that their IT and OT teams are working better together now than compared to the past. The majority of all groups indicated stronger collaboration. However, almost a fifth (19 percent) of IT respondents said collaboration is weaker now than in the past.
“Bridging the gap between IT and OT has been a topic of discussion for quite some time,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Industrial security can be quite complicated, but organizations have no choice but to get their teams to work together on this as the threat of attack continues to rise. We’ve seen that IT and OT teams are now more aligned on what’s at stake if they don’t get industrial security right.”
While participants indicated greater collaboration between IT and OT teams, most suggested that IT still leads the initiative. When asked whether IT or OT teams were taking the lead on ICS security needs, 50 percent of total participants said IT, 35 percent said its evenly shared between IT and OT and 15 percent said OT.
Comparing responses from those in IT roles versus those in OT roles, those in IT were more likely to say IT teams take the lead on ICS security (60 percent). Most OT respondents (48 percent) said ICS security leadership is evenly shared between IT and OT teams, but 40 percent agreed IT teams take the lead in ICS security.
It’s not surprising to see IT teams taking the lead, as they typically have more history with cybersecurity. The digital threat is relatively new for the OT side of the house. That said, operational environments are very different from IT environments, and successful converged teams let their OT counterparts lead when they have the expertise. Partnership from the OT team is absolutely crucial in implementing an ICS security program that won’t disrupt operations.
One area where IT and OT teams do agree is that they both face difficulties building their cybersecurity teams. The majority of both IT and OT respondents said they find talent with difficulty (69 percent and 68 percent respectively).
The findings suggest the energy industry is making progress in operationalizing their teams to protect their ICS environments. But it’s still a journey. In our previous blog post, we saw that these organizations are well aware of the consequences of a successful ICS attack; almost all believe an attack could lead to a catastrophic event.
With attacks to critical infrastructure on the rise, energy organizations will need to continue strengthening their security programs. They can get a jump-start with Tripwire here.