Convergence of IT and OT networks creating skills shortage and poses new security threats


“SCADA & ICS Cybersecurity Workshops”

The convergence of IT, the internet of things (IoT), operational technology (OT) and physical security networks within organisations has created an unprecedented risk in both private and public organisations across Australia and New Zealand (ANZ). It is particularly evident in critical infrastructure organisations such as healthcare, banking and finance, education, utilities, resources, telecommunications and defence, according to Forescout.

According to a Gartner survey, organisations are keen to integrate IoT and IT technologies (such as sensors, data stewardship, security and analytics) into OT systems. However, IoT deployments are still at an early stage and most organisations don’t yet have the skills, expertise or time to drive the IT/OT alignment requirements. (1)  Further, a survey of 504 Australian IT decision-makers revealed that 85 per cent of respondents believe integrated visibility into their IT and OT environments would add value to their organisation. (2)

Terrie Anderson, ANZ country manager, Forescout, said, “CEOs, directors and functional leaders need to take charge and foster conversations in their organisations to begin cross-skilling their teams to avoid potential cyberattacks.  As the IT, OT and IoT networks converge, mitigating against these attacks, which could cost organisations millions of dollars, or worse public embarrassment and brand damage should be an urgent priority.”

While the IT, OT and physical security worlds have been colliding for some time the industry is well behind in cross-skilling its people.  This has led to a global shortage of employable talent and  increases the impact on ANZ as importing labour with high level skills is not a viable option. Existing talent in the region needs to expand their skills set and are looking for employers that will offer the opportunity to cross-educate into converging cyber security environments.

Terrie Anderson said, “Organisations need visibility of their network so it can understand the challenge. They need to know every device that is connected continuously, what they are, where they are, and what they do. What’s most critical is understanding the state of every device, which includes whether it is patched, compliant and if it poses a risk.  Organisations need a single, unified vision across all environments with the ability to orchestrate all the security tools they have invested in. Then there needs to be collaboration between IT and OT teams that have traditionally been kept separate, and the opportunity to cross-skill the essential eyes on business continuity.”

Forescout has identified three key areas organisations should be doing now to help address the convergence skills gap:

  1. Integrated visibility. In every possible threat scenario real time 100 per cent visibility is foundational in knowing where to invest for the best return and where to take automated action against basic threats. Without a single, accurate, automated source of truth on connected devices organisations are operating with a hope strategy, unable to enforce policy and always scrambling behind when each threat emerges.
  2. Cross-skilling. Affected organisations should be looking at cross-skilling their IT and OT teams, and integrating the teams for planning projects from the ground up that are compliant to a converged cybersecurity policy and  the best and fastest response to an incident.
  3. Education. While STEM should remain a focus, educators need to look at skilling the next generation for present and future scenarios in convergence. While programming is still a critical skill, this must be broadened to include a wider range of capabilities that are desperately needed now and will only increase in the future.

Terrie Anderson said, “IT/OT convergence is here now, and it isn’t going away.  ANZ organisations seeking competitive advantage must act now or they will struggle to keep pace with the global trend for IT/OT convergence.”