| |DECEMBER 20239CIOReviewinto your business systems to exfiltrate organizational data and threaten to leak it or steal proprietary information. We know that the devices are not secure and pose threats to organizations, but there are additional concerns regarding IT/OT convergence that need to be mentioned. The first is the accidental insider who is on a quest to create greater efficiencies and lacks security awareness; they may accidentally introduce conditions that make environments more susceptible through ill-advised changes in configurations. Secondly are external actors: As most organizations need help from external partners to set up these new shiny things, accidents can happen. Third is a malicious insider: a trusted person with technical knowledge and access who manipulates systems. The fourth is a malicious outsider, whether an external partner or a hacker; the lack of security controls puts organizations at unnecessary risk. If all these points are starting to alarm you, then you are starting to understand that you should not be taking these risks. So, what do you do? The best answer is planning a physical separation of devices and networks. For example, you should not co-locate IT and OT applications on the same physical infrastructure. OT lower-level devices should be on-premises and not have access to the internet, and you can control who has access to those devices using the local OT infrastructure. Evaluate your networks to ensure you have a separation between IT and OT; this way, the firewalls can act to prevent OT devices from going through the IT networks and vice versa. Segregate internal networks: IT systems should access separate subnets to OT systems; this way, individual switch ports can be configured to that subnet. Now you might be thinking, great, there is a way to fix it. Well, yes, in many cases, but there are many considerations to plan for. Many solution providers are using PCs as managers for their systems, and quite frankly, they are far less secure than a physical server, so that device must be placed into the lower level and accessed through a Jump Host. There are also considerations on the number of subnets, configurations, failover devices, clusters versus high availability, methods and devices to scan OT environments, and the big one ­ support processes. So do yourself a favor and create a detailed process flow map that can lead to architecture discussion, which will lead to system needs, which leads to secure environments and real organizational value. AS DIGITAL TRANSFORMATION CONTINUES TO EXPAND, THERE IS A GROWING NEED TO LINK AND INTEGRATE BUSINESS SYSTEMS WITH MANUFACTURING SYSTEMS AND SHOP-FLOOR EQUIPMENT
< Page 8 | Page 10 >