The need to bring people, processes, and systems closer together to establish a smarter, more secure network with high visibility to monitor and govern both IT and OT environments is highlighted in KPMG’s latest cybersecurity paper on IT/OT convergence in the energy and natural resources industry.
To be successful and long-lasting, converged information technology (IT) and operational technology (OT) environments require the correct preconditions in an organization’s environment and culture.
“Preparing an organization’s people and culture for IT/OT convergence is critical for success, with process and workflow convergence being integral to a broader IT/OT convergence plan,” explains Ton Diemont, Head of Cybersecurity & Data Privacy at KPMG in Saudi Arabia.
“Our virtual labs can be built to replicate an organization’s IT and OT environments by connecting proprietary devices and virtualizing OT components. This enables IT and OT professionals to cross-train their incident response strategies until mastery,” concludes Diemont.
While efficiency and productivity benefits are generally prioritised, cybersecurity should not be disregarded and should be a key component of any IT/OT convergence plan.
From a cybersecurity standpoint, IT/OT convergence is a double-edged sword. It may enable more comprehensive system monitoring, but it also risks exposing industrial control systems (ICS), process control systems, and other operational technology to malware assaults, hacktivism, employee sabotage, and other security threats that previously exclusively affected corporate IT systems.
“Securing OT systems is a prerequisite to IT/OT convergence. Cybersecurity capabilities need to be implemented to evaluate existing systems for threats and to continually monitor them in the future,” adds Hossain Alshedoki, IT/OT Cybersecurity ENR Lead at KPMG in Saudi Arabia.
Micro-segmentation helps firms minimise risk during and after IT/OT convergence, even when zero-day assaults are impossible to forecast. Implementing ‘resilient by design’ concepts prior to IT/OT convergence reduces the chances of successful zero-day attacks.
Unlike IT professionals in an IT context, training OT personnel involves a cybersecurity experience and a deep understanding of the engineering process and physical systems.
To address this issue, KPMG established OT/ICS cyber range labs that use production-grade equipment to replicate scale-model versions of industrial processes, bringing OT simulation efforts on level with IT.
The labs can be utilised to execute hands-on training sessions, cyberattack simulations, proof-of-concepts, and industrial cybersecurity-related research by establishing secure remote connections using KPMG’s infrastructure.
