By Riccardo Galbiati, Regional Chief Security Officer, JAPAC, at Palo Alto Networks
Running a business in today’s volatile global economy is challenging enough, but keeping industrial operations secure and functional is becoming even harder. According to a recent Palo Alto Networks report, three out of four Australian organisations have experienced an IT-borne cyberattack on their Operational Technology (OT) environment last year, with most facing frequent attacks. Malware, ransomware and insider attacks top the list of concerns for industrial operators.
Cyberattacks on industrial control systems can cripple operations and finances across sectors. Ransomware groups like DarkSide, BlackCat and Ryuk have successfully breached IT-OT boundaries, particularly targeting utilities and energy sectors with alarming success. With payouts as high as US$4.4 million, like the one for Colonial Pipeline, the stakes are high. The impacts of cyberattacks are immediate and global, as seen in June 2020, when EKANS ransomware forced Honda to shut down plants worldwide.
A changing era for industrial operators
Operational Technology (OT) has long been the backbone of industrial control systems, especially in sectors like mining, manufacturing and energy. Historically, these systems were designed with a focus on reliability, safety and longevity rather than cybersecurity. The prevailing security approach for OT was based on the principle of air gapping – physically isolating these systems from external networks. This isolation, combined with the specialised nature of OT systems and protocols, was often considered sufficient to protect against cyber threats.
However, the landscape has changed. Cyberattacks are becoming more sophisticated, and OT systems are increasingly integrated into broader IT networks. Industries must now leverage data-driven insights and remote monitoring capabilities to safeguard these critical systems. And this is where the convergence of OT and IT comes into play.
Consequently, the drive towards OT-IT convergence is not just a technological trend but a business imperative. In the mining sector, for instance, it offers unprecedented opportunities for operational efficiency, productivity and data-driven decision-making. However, this integration also exposes OT systems, many of which were never designed with cybersecurity in mind, to a new landscape of digital threats.
Cybersecurity investment: a big priority
One of the primary challenges in securing converged OT-IT environments is the knowledge gap between OT and IT professionals. Our OT security report found that 40% of respondents described the relationship between OT and IT teams in their business as frictional, while only 14% reported it as aligned. This disconnect can lead to vulnerabilities and inefficiencies in cybersecurity strategies.
To address this, organisations must foster collaboration between IT and OT teams. IT professionals bring expertise in cybersecurity best practices and digital resilience, while OT engineers possess invaluable knowledge of operational contexts and system functionalities. By combining these skill sets, security teams can develop holistic solutions that address both cybersecurity concerns and operational needs.
The AI advantage
With the complexities of OT-IT convergence, artificial intelligence (AI) emerges as a game-changing tool in every organisation’s cybersecurity arsenal. Predictive AI, in particular, offers a powerful solution for identifying and mitigating risks in real-time. By analysing vast amounts of data from both OT and IT systems, AI can detect anomalies and potential threats before they escalate into full-blown attacks. This proactive approach is essential in protecting critical infrastructure and ensuring operational continuity.
Moreover, with AI’s ability to learn and adapt, it is ideal for bridging the gap between OT and IT security practices. New approaches in adopting Artificial Intelligence as a defensive capability, like Precision AI™ by Palo Alto Networks, can help identify vulnerabilities unique to converged environments and suggest tailored security measures, effectively combining the best of both worlds. Such innovation merges the strengths of machine learning and deep learning with the accessibility of generative AI, allowing enterprises to move even faster beyond disparate processes and solutions to get ahead of the potential attacks.
Towards resilient future
Securing converged OT-IT environments requires an evolved approach to cybersecurity.
Embedding security from the outset is essential, with measures like network segmentation and robust firewall policies tailored to the unique demands of OT systems. This ensures that security is a core component of their design.
Equally important is fostering collaboration between OT and IT teams. Breaking down silos and encouraging a culture of knowledge-sharing leads to more comprehensive and effective security strategies. Leveraging AI-powered cybersecurity platforms further enhances these efforts, allowing organisations to detect and respond to threats with greater precision by analysing patterns across both systems.
