By Riccardo Galbiati, Regional Chief Security Officer, JAPAC, at Palo Alto Networks
Integrating new technologies into existing industrial systems is a challenging task. This is due to the inherent differences between Operational Technology (OT) and Information Technology (IT). Unlike IT, which evolves rapidly on innovation and security, OT often consists of legacy systems never designed to interface with modern IT systems.
Updating these old industrial systems to align with modern IT security standards can be technically daunting and resource-intensive. OT systems, which control physical processes and machinery, prioritise reliability and longevity – operating for years or even decades without major changes. In contrast, IT systems are designed with flexibility and adaptability in mind, undergoing frequent updates to stay ahead of security threats. As a result, the inherent differences between IT and OT systems create a challenge for organisational security.
These challenges are especially apparent in the resources industry, where defenders struggle to secure operations as cyber threats become more frequent. A recent Palo Alto Networks study revealed that 82% of OT and IT business leaders in Australia reported that their organisations had faced a cyberattack in the past year. This ranks them as the fourth largest target globally.
Never has securing IT and OT environments been as important, but as more OT systems start to inherit connectivity and behaviours from IT systems, the more we can apply security lessons from the IT world to Operational Technology. For example:
Embedding security from the start
Modern IT security practices have shifted from “securing after you build” to “securing while you build” as a standard. Adopting “secure by design” principles has proven beneficial and aligns well with the inherent agility of modern cloud and network infrastructure. In these environments, changes are dynamic and rarely set in stone. Waiting until everything is up and running to apply security controls can then leave exploitable gaps and necessitate redesigns, ultimately slowing businesses down.
This lesson can and should be adopted in the OT realm as well. While OT environments are more static and potentially more predictable in their behaviours, retrofitting security into established architectures always causes friction and risks disruptions that cannot be afforded.
When designing and deploying OT systems, it is now possible to embed controls that have provided excellent value in the IT space. These include network segmentation, traffic anomaly detection, and virtual patching, ensuring security by design from the outset. The most straightforward and most efficient approach is consolidating these security functions into unified platforms wherever possible. This prevents the complexity of managing and coordinating multiple point products for different purposes while needing deployment only once.
Fostering collaboration between IT and OT Teams
If IT and OT environments are converging and the “Air-Gap” is becoming thinner – if still present at all – then it is crucial to foster collaboration between IT and OT teams. Organisations must bridge the knowledge gap between the operational needs of industrial systems and the dynamic landscape of IT security. IT professionals bring expertise in cybersecurity best practices and digital resilience. Engineers possess a great knowledge of operational contexts and system functionalities.
Combining the expertise of these two teams is essential. It allows organisations to develop holistic security solutions that address cybersecurity concerns and operational needs. However, there is a significant disconnect that must be addressed. According to Palo Alto Networks’ study, 40% of respondents described the relationship between OT and IT as frictional, while only 14% said their teams were aligned.
This highlights the need to foster a more collaborative approach to cybersecurity. This must integrate both technological expertise and operational insights. Addressing these challenges is key to enhancing resilience against cyber threats in today’s interconnected digital landscape.
Using predictive AI to bridge the security gap
Industrial operators are already aware of the rise of AI. The same Palo Alto Networks report revealed that 75% of OT and IT leaders in Australia perceive AI-driven attacks on OT as a significant threat. At the same time, 80% of respondents recognise that using AI for defensive purposes can play a crucial role in defending against these attacks.
Predictive AI is a key advancement for the resources industry. This technology harnesses AI-driven analytics to identify and prevent potential cyber threats or operational disruptions before they even happen. In cybersecurity, predictive AI can be leveraged to identify patterns of behaviour at the network and endpoint levels, matching Tactics, Techniques, and Procedures (TTPs) utilised by malicious actors at various stages of their campaigns. This allows practitioners to anticipate the next move and provide real-time alerts before a compromising event occurs.
Similarly, the realm of AIOps (AI Operations) has recently advanced into predictive capabilities related to operational disruptions. AI models analyse large datasets containing performance and device telemetry to recognise when network and security assets are nearing capacity or experiencing malfunctions.
These approaches rely on machine-driven analytics due to the vast amount of data that needs processing, the real-time nature of decision-making, and the numerous patterns that would be impossible for humans to identify.
The next evolution of predictive AI in cybersecurity and operational technology lies in automation, where fine-tuning and remediation are also delegated to AI models. With the current pace of progress in AI, Palo Alto Networks expects the precision of automated decisions to become reliable enough for autonomous actions within the next five years. For now, the most effective approach involves “guided recommendations” with the assistance of an AI Co-Pilot.
The roadmap to an effective security strategy
As cyber threats become more sophisticated, the risk to industrial operations grows exponentially. In this context, modernisation is a big step in securing our critical infrastructure.
Securing our industrial systems is not just a technical challenge but a journey. By embracing proven security strategies from the adjacent IT space, fostering cooperation between IT and OT professionals, and implementing AI-powered tools, we can pave the way for a safer industrial landscape that will lead to future-proofing of the ever-growing critical infrastructure of tomorrow.
