When companies adopt the Internet of Things (IoT) technologies, it not only impacts their information technology (IT) infrastructure; it also affects their operations technology (OT) department. However, these two functions, while similar, have often different objectives, and hence, radically different cultures. The challenge in reducing the growing risks of IoT hacking then lies in securing the ‘information’ generated by the company’s ‘operational’ assets.
The emergence of technology embedded in products, assembly lines and other vital company assets opens up whole new cyber security challenges. While they are far from a company’s data centers, if those IoT systems connect to it, then corporate data can be at risk as well.
When you think of it that way, you start to realize the potential risks to your IT systems. Here are examples of companies evaluating and resolving the cyber risks in their OT:
- A manufacturing firm strengthened its OT security: Every day, many manufacturers use a combination of software tools, sensors, and devices to connect to their corporate network. Much of it is unique to each factory and shop floor and hence, must be evaluated individually. One company deployed non-invasive software tools designed for IT systems and customized them to work with OT network protocols. That technology scanned for device vulnerabilities and then repaired them. The company then repeated this process in its other facilities.
- A utility company established an OT security roadmap: This company found a number of devices on its IOT network and evaluated its security risks. It began an 18-month assessment of its capabilities, practices, and controls, and sought to understand how the ISO 27001 IT standard developed for OT security could be adopted.
- Another company established an OT security governance program: A firm with world-class IT best practices realized that its OT infrastructure was exposed to cyber threats. It wanted to mitigate them in a way that was in line with the standards established for its IT infrastructure. An assessment revealed that the company needed stronger OT security policies. The organization responded by setting metrics for governance procedures and security actions. It scheduled regular reports for the OT organization to update executives on the security status of the company’s IoT assets.
IoT provides companies with the opportunity to create significant competitive advantages. The looming risks of a security breach or the loss of control over important operational systems should not deter organizations from adopting the technology. Instead, they must take appropriate measures to assess, evaluate, and secure both their IT and OT infrastructures.