Securing industrial control systems (ICS) differs from protecting enterprise networking and information technology (IT) and operational technology (OT) teams must work toward alignment as cybersecurity threats rise.
The convergence of enterprise network management and industrial equipment management due to the Industrial Internet of Things (IIoT), Industry 4.0 and industry-wide digital transformation has left many organizations struggling to keep up with cybersecurity issues. Whether it’s the C-Suite or operational teams, everyone assumes someone has ownership of industrial automation equipment safety.
The challenge is most internal teams assume industrial control system (ICS) cybersecurity is someone else’s responsibility and not their own, with each side pointing the finger at the other. IT and OT departments should take steps to lower barriers so they can improve safety and operational integrity on the plant floor together.
The information technology (IT) safety, cybersecurity perspective
While confusion commonly exists around ownership for ICS equipment safety and cybersecurity, the fact is IT teams are not overseeing or responsible for the day-to-day operation of ICSs. Safety and operational process integrity is not a function or responsibility that typically belongs with IT. When operating within the confines of the industrial environment, IT is required to adhere to safety measures, policies and procedures. However, IT does not determine policy or procedures for equipment on the industrial plant floor. Nor do they administer critical activities surrounding ICSs.
Expecting IT to manage the security of operational technology toolsets or ICS-specific protocols and device types on the plant floor is not reasonable. They do not have the skillset, toolsets, experience or bandwidth to handle operational safety in addition to the enterprise network responsibilities they manage and oversee.