Julian Durand is Chief Security Officer and Senior Vice President of Product Management at Intertrust Technologies.
getty
While industrial technology infrastructure has numerous components, two of the most prominent are the systems that manage the flow of information—that is, information technology (IT)—and those that control equipment and other elements of industrial operations, operations technology (OT).
Until now, organizations have largely gotten away with treating these as separate entities. But those days are quickly drawing to a close as industries increasingly adopt Internet of Things (IoT) technologies, which are tied at the umbilical cord to both IT and OT. Of particular note, the seamless and secure integration of these two systems has become crucial for organizations that aim to harness artificial intelligence (AI) to improve efficiency and sustainability.
The rise of IoT networks has revolutionized industries, but it has also challenged established security methods. In my last article, I discussed the inadequacies of traditional security protocols like TLS 1.2 and IPSec/VPN for IoT networks, highlighting why these measures often slow down the ability of IoT networks to perform their critical functions.
I then argued for a new approach to IoT security that involves lightweight cryptographic algorithms, dynamic key management and end-to-end encryption based on zero-trust network architecture (ZTNA) to address both security and efficiency needs within IoT environments. Finally, I previewed how this advanced protocol may be used to bridge IT and OT departments in a way that allows AI to optimize equipment performance.
In this article, I’ll discuss the challenges involved in this integration and the steps to overcome them. But before we proceed, let’s take a deeper dive into why the admittedly daunting task of bridging IT and OT should be undertaken at all. What do we stand to lose by not doing it, and what will we gain by doing it?
IT And OT Integration Unlocks The Era of Industrial Efficiency
Traditionally, IT and OT have operated in separate lanes, with IT managing data and networks and OT focusing on physical devices and controls. This separation of IT and OT does not provide the flow of real-time and historical data necessary to apply AI-driven prediction and analyses:
• AI, for example, requires an unimpeded flow of data from OT devices in real time to adjust operations to improve efficiency, predict maintenance needs and reduce downtime.
• Furthermore, in energy systems, this flow of information between IT and OT is required for AI to optimize the load across a grid, predict potential failures before they occur and intelligently manage resources to match consumption patterns with supply.
One energy company that I worked with increased operational efficiency by 20% by allowing secure, AI-enhanced monitoring and control of its grid. Another company, in manufacturing, enabled secure data flow that allowed AI to optimize production lines, yielding higher throughput and reduced waste. These are only a couple of examples. The bottom line is that connecting the machines and devices on the floor and in the field to the flow of information is key to a host of AI-driven improvements that otherwise are impossible to achieve.
Security Challenges In Bridging IT And OT
Integrating these systems, though, brings significant security risks, as it exposes OT systems—often part of critical infrastructure—to the broader network, where they are susceptible to a range of cyber threats.
Typical security measures may protect data integrity and confidentiality, but they often do so at the expense of industrial systems’ needs for things like minimal downtime and rapid response capabilities. The application layer protocol developed for IoT that I introduced in my last article offers the ability to protect data without compromising needs for speed and agility, combining:
• Lightweight encryption to secure data using minimal computational resources.
• Dynamic key management to maintain security in a constantly changing environment.
• Zero-trust Architecture to authenticate every action taken by a user.
Using this protocol to integrate IT and OT systems not only protects against external threats but also facilitates the internal flow of information necessary to fully harness AI and take efficiency to new levels. However, it also presents several technical hurdles, particularly in industrial environments.
Tips For Bridging IT And OT In A Secure Way
The integration of IT and OT often involves blending different operational priorities, legacy systems and security standards. Here are some key challenges the organization might face, along with strategies to overcome them:
• Legacy OT systems often have compatibility issues. Many OT systems are built on legacy protocols that make it difficult to implement modern encryption and security measures without significant upgrades. Organizations may consider a phased approach that avoids overwhelming the existing infrastructure by gradually replacing legacy systems with modern, secure OT equipment that more easily supports advanced encryption and dynamic key management.
• Tracking all commands and data access in OT environments can create a data bottleneck. Organizations can overcome this hurdle by implementing systems that analyze and prioritize the most relevant security events for review. Furthermore, they can use AI-driven analytics to detect unusual patterns in audit logs, helping identify security threats in real time without overloading human operators with data.
• Cultural and process differences between IT and OT create roadblocks. IT departments often focus on confidentiality and data protection, while OT departments tend to prioritize availability and operational uptime. These differing priorities can lead to conflicts when integrating security protocols. Companies can address this challenge by developing a unified governance and cross-training structure that aligns IT and OT priorities, emphasizing the importance of balancing both security and operational uptime.
Conclusion
The integration of IT and OT through advanced IoT protocols that provide security without compromising things like speed and flexibility represents a significant leap forward. This secure integration is not just a technological upgrade—it’s a strategic imperative for any forward-looking enterprise in the digital age.
By proactively addressing the hurdles with the right mix of technology, processes and collaboration, organizations can ensure a secure and efficient integration of IT and OT. By enabling these systems to communicate securely and act in concert, industries can harness the full potential of AI to drive unprecedented efficiencies and improvements.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
{Categories} _Category: Inspiration{/Categories}
{URL}https://www.forbes.com/councils/forbestechcouncil/2024/11/08/how-to-securely-integrate-it-and-ot-through-advanced-iot-protocols/{/URL}
{Author}Julian Durand, Forbes Councils Member{/Author}
{Image}https://imageio.forbes.com/specials-images/imageserve/64a81ae41449a3640291cf1f/0x0.jpg?format=jpg&height=600&width=1200&fit=bounds{/Image}
{Keywords}Innovation,/innovation,Innovation,/innovation,technology,standard{/Keywords}
{Source}Inspiration{/Source}
{Thumb}{/Thumb}