Convergence creates challenges
With the explosion of interconnected devices and sensors, dubbed the Internet of things (IOT), there is a drive to leverage the reach and power of the Internet to enable new intelligent interactions between IT and operational technology (OT).
So said Samresh Ramjith, chief solution and marketing officer at Dimension Data Security Solutions MEA, speaking at ITWeb Security Summit 2015, in Midrand, yesterday.
OT supports physical value creation and manufacturing processes. It comprises devices, sensors and software necessary to control and monitor plant and equipment.
According to Ramjith, the worlds of IT and OT are converging, and this creates "huge" security challenges when data is exchanged across these converging points.
This widespread interconnectivity has created an environment in which IT and operational systems are increasingly vulnerable to cyber threats, said Ramjith.
He pointed out OT environments are large, complex systems of unattended devices - they are automated systems that run with non-interactive software - and they cannot self-update, which leaves them vulnerable to hackers.
Ramjith noted most businesses have processes for ensuring the operating systems for IT tools are up to date, but few apply the same care to patching OT.
Updating software on OT systems usually presents considerable challenges, because, in many industries, systems are outdated and may run outdated operating systems that cannot be fixed, he added.
Also, there is encryption limitation - most of the devices on the OT systems are physically incapable of running encryption. They do not have the memory or processing power to run encryption, leaving them vulnerable to cyber criminals, said Ramjith.
"Because industries already have networks which they are still struggling to secure, application vulnerabilities and weaknesses they are battling with, as well as the mobile and cloud environment, which is equally insecure, the advent of IOT has worsened these challenges."
An integrated strategic approach is needed to balance the security objectives related to information and operational technologies, said Ramjith. There is a need to effectively communicate between IT and OT software and systems to create real value from IOT implementations, he added.
Companies should also apply good risk management principles, de-identify data and test security measures before launch, concluded Ramjith.