Top 3 Security Misconceptions Between IT and OT Personnel

Submitted by Corey Foster, Valin Corporation
There seems to be this constant game of tug-of-war between Information Technology (IT) and Operation Technology (OT) personnel in industrial settings. These individuals will often approach problems from different angles, and they don’t always speak the same language.  However, both functions are critical to a healthy operation and it’s important for managers and other decision makers to ensure that these two groups work both harmoniously and for the improvement of the company at large.

Cybersecurity: Understanding IT Needs from the OT Perspective

I contributed an article recently to Processing Magazine discussing this topic more comprehensively, but in general, there are three misconceptions that OT personnel have about the IT department.

1. Nobody Wants our Data

Just because you think your data isn’t compelling or that its nonconsequential for anyone else to have access to it, doesn’t mean that you’re not still at risk.  Cyber ransom using ransomware is as prevalent as it’s ever been. Also, important to keep in mind:  there’s more of it happening than you think.  It’s just not being reported because of what that does to a company’s image.

2. Our Machines aren’t on the Network

There is a substantial portion of OT professionals that think that if their systems are “air gapped,” then that should be sufficient. They mistakenly believe that if this is the case, there isn’t a way in.  However, this is simply not true. There are numerous incidents of viruses making their way into systems that were not connected to a network.

3. If the Machines are Run by PLCs, We’re Safe

Similar to misconception #2, just because a machine is run by a PLC, that doesn’t necessarily mean it’s safe. Viruses can now make their way into systems whose machines are primarily run by PLCs.

The key comes down to communication and understanding. Both sides understand what they must in their worlds but are sometimes lacking in that understanding for the other. What we’ve found is that the more OT and IT people communicate openly and work to mutually understand each other’s challenges, more effective, helpful solutions can be integrated.

Read the full article here: Cybersecurity: Understanding IT Needs from the OT Perspective