Features
Interview
IT/OT Collaboration

ARC Advisory Group’s Sid Snitkin talks growing need for IT-OT convergence

March 14, 2021
need for IT-OT convergence

In the near-decade Sid Snitkin has worked with ARC Advisory Group, he’s seen a number of changes in the world of industrial cybersecurity and operational technology. He’s seen the threat landscape evolve, growing adoption of cybersecurity measures by industrial companies, and increased need for IT-OT convergence.

“A lot has changed,” Snitkin says. “Today, most industrial companies understand the risks of cyber-attacks and many companies have invested in basic defenses. But there’s still a lot that needs to be done to protect our critical infrastructure.”

ARC Advisory Group is a technology research and advisory firm for industry and infrastructure. Snitkin heads ARC’s industrial cybersecurity practice, which develops products and services for protecting industrial facilities.

“It’s a hot topic. We monitor all of the developments and the technologies in the OT space,” Snitkin says. “We know all the equipment and the suppliers. We know who does what and who’s developing what. Our analysts have a very good insight on the trends and where the market is going.”

Industrial Cyber talked to Snitkin about how the threat environment has changed during the decade he’s been at ARC, the need for active defense, and the need for IT-OT convergence.

According to ARC’s research, in 2019, industrial companies spent $4 billion to protect OT systems. By comparison, companies spent $125 billion on IT cybersecurity, indicating that industrial companies are spending far less on OT security than IT security.

Despite these numbers, OT spending has more than doubled over the last eight years. According to ARC, power, oil and gas, and water and wastewater are the industries spending the most on industrial cybersecurity.

“Most companies seem to be aware of the need for cybersecurity and have made investments in passive defense technologies, but many have not made investments in the people and tools that are needed to maintain these defenses. Few companies have invested in active defense because they don’t think an attack will be able to get past their defenses. This is leaving many facilities at risk.”

While malware attacks used to be the most common type of attack industrial companies faced, today most industrial companies are starting to see more sophisticated attacks involving ransomware. According to Snitkin, nearly one-third of the ransomware attacks that occur today are against industrial companies.

“Attackers are continuing to find ways to penetrate defenses,” Snitkin says. “Some attacks are going to get through no matter what, which is why active defenses are necessary to ensure these attacks are quickly detected and addressed.”

Snitkin is a proponent of active defense cybersecurity measures. He says organizations need to shift to active monitoring and detection in order to quickly address attacks and abnormalities when they occur. However, he says OT security teams often lack the resources to do this effectively. That’s why he emphasizes the need for IT-OT convergence.

IT/OT Convergence

IT/OT Convergence

“It will be hard for industrial organizations to protect themselves if they try to maintain separate IT and OT cybersecurity programs,” Snitkin says. “There will always be OT-specific cybersecurity issues, but these needs can be addressed as part of a converged IT-OT cybersecurity program. “

Today, Snitkin says most industrial companies have two cybersecurity programs: one to protect their IT system and one to protect their OT system. Most companies treat these as two independent programs because of the differences in technologies, goals, and security strategies.

However, most OT facilities are facing critical OT cybersecurity resource gaps. They lack the people and technology necessary to manage sophisticated attacks. Additionally, Snitkin says CISOs are demanding consistent cybersecurity management across all systems.

Another factor driving the need for IT-OT convergence is digital transformation which requires stronger security measures. More and more, industrial facilities are seeing the deployment of IoT and IIoT devices which are creating new challenges.

“News risks are becoming apparent as companies are launching digital transformation initiatives,” Snitkin says. “IT and OT are starting to converge more and more and that is bringing about more sophisticated cyber attacks on the plants.”

Snitkin says IT-OT convergence allows for better cybersecurity governance, broader visibility of cyber risks, faster detection of compromises, and faster response and recovery. Convergence is a cost-effective way to gain experienced cybersecurity experts, and IT security operations centers are already built for active defense. Ultimately IT-OT convergence centralizes policy management, integrated threat information, and technology that supports fast and efficient incident management.

However, Snitkin cautions that IT-OT convergence is about more than shifting OT cybersecurity to IT security teams. That’s because OT cybersecurity deals with unique people, processes and technology, including nontraditional cyber assets like PLCs and DCSs and networking technology and protocols. It also includes legacy IT assets that cannot always support security software or be easily upgraded. There are also a number of constraints on security practices and technologies in plants and factories. Therefore, IT-OT cybersecurity must be flexible.

Snitkin says IT-OT convergence tends to follow three models: collaboration, integration, and unification. Some companies might adopt a blended approach that follows each model on a case-by-case basis.

Collaboration involves two separate isolated programs that try to collaborate where they intersect. This provides for better isolation of ICS systems, but it causes duplicate resources and little visibility.  Integration involves two teams, managed separately, who collaborate on common challenges, such as cloud adoption, remote access, IoT devices and edge systems. This allows companies to better leverage resources. Unification means establishing one cybersecurity program that includes traditional IT and OT assets.

“We’re seeing more sophisticated attacks and new developments that are forcing IT and OT groups to expand their programs,” Snitkin says. “Companies are starting to recognize that IT/OT convergence is the best way to address these challenges. The question is no longer about whether they should be converging but when.”

Rebecca Addison
Industrial Cyber Editor. Rebecca Addison is a former newspaper editor with a decade of experience in the media industry. During her career, she has interviewed world leaders and corporate CEOs, and covered topics ranging from blockchain and CBD to healthcare and education.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Continuous need to face challenges, build strategies across industrial cybersecurity amidst evolving threats
Continuous need to face challenges, build strategies across industrial cybersecurity amidst evolving threats
Proposed CIRCIA rule boosts cyber threat understanding, early detection of adversary campaigns, offers coordinated actions
Proposed CIRCIA rule boosts cyber threat understanding, early detection of adversary campaigns, offers coordinated actions
The Takepoint Research report indicates a significant shift towards adopting the Zero Trust model in OT, with 72% of professionals integrating it to boost security and efficiency. It highlights secure remote access as a key application, aligning with goals to reduce risk and enhance operations. Moreover, it points out the need for collaborative efforts across organizational roles to implement Zero Trust effectively, aiming to improve productivity and security.
Xage-Takepoint Research report reveals growing adoption of zero trust security in industrial enterprises
Forescout research finds surge in Chinese-manufactured devices on US networks, including critical infrastructure
Forescout research finds surge in Chinese-manufactured devices on US networks, including critical infrastructure
Growing need to implement effective post-incident recovery strategies in evolving OT, ICS environments
Growing need to implement effective post-incident recovery strategies in evolving OT, ICS environments
CS4CA USA Summit 2024 panel explores holistic approach to risk management, risk reduction strategies
CS4CA USA Summit 2024 panel explores holistic approach to risk management, risk reduction strategies
CS4CA USA Summit 2024: IT and OT security leaders share insights on cyberattack mitigation and recovery strategies
CS4CA USA Summit 2024: IT and OT security leaders share insights on cyberattack mitigation and recovery strategies
Escalating maritime cyber threats pushes federal government to take proactive steps, safeguard national security
Escalating maritime cyber threats pushes federal government to take proactive steps, safeguard national security
US White House and EPA warn governors of cyberattacks on water systems, call for enhanced security measures
US White House and EPA warn governors of cyberattacks on water systems, call for enhanced security measures