Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalSecurity NewswireSecurity Leadership and ManagementSecurity & Business ResiliencePhysical SecurityCybersecurity News

Overcoming roadblocks to accelerate IT/OT convergence

By Christina Hoefer
Employees work together in office
October 28, 2021

According to a recent ARC Advisory Group survey, 70 percent of respondents said their companies are on the road to information technology/operational technology (IT/OT) convergence. That means a lot of organizations have become familiar with the challenges of securing and integrating industrial systems and devices — but not all challenges are technology-related. In fact, just as many are man-made, such as conflicting priorities between teams, limiting beliefs and improper investment in pilot programs.

How can organizations overcome these obstacles to ensure their IT/OT convergence journey is a success? The first step is awareness. Here are three common challenges that IT and OT teams face and how to overcome them.

Conflicting Priorities Require Compromise

One of the biggest challenges for IT/OT convergence projects is that IT and OT teams have different priorities. A director of IT security is concerned with implementing security controls and policies that reduce their attack surface, but an industrial control systems engineer is more concerned with automation and efficiency of processes. IT teams want new solutions for new problems, but OT teams want tried and true methods to ensure reliability.

OT professionals tend to be more concerned about the availability of their systems, rather than their security. As a result, an anti-virus solution deployed on an industrial control system might never get updated because it isn’t connected to the internet, or an outdated operating system required to run a decades-old industrial system might remain vulnerable to a decades-old attack.

For example, an organization with several manufacturing plants had a security risk assessment performed by an IT consulting firm. Their conclusion was that the workstations were not secure enough and should lock themselves after some period of inactivity. This new policy raised a red flag for the process automation team because they believed it was possible for the inactivity timeout to be activated during normal operations. After a lengthy discussion about the possibility of production downtime, they reached a compromise to enhance the physical security of accessing the control rooms instead of the workstations.

Break the Mold of Rigid Thinking

One of the biggest limiting beliefs for convergence projects is that OT systems need to converge into an IT framework or vice-versa, but the reality is that both perspectives are equally valuable (and each have their own priorities).

There is now an industry shift to promote internal OT leaders into security officer roles. Establishing an IT CISO and an OT CISO can help balance objectives and perspectives to enhance collaboration. For organizations that do not yet have two distinct CISOs, an IT-focused CISO should make it a priority to collaborate with the OT asset leads, such as factory owners, plant directors and so forth to ensure that multiple points of view are taken into consideration while problem-solving.

For example, an organization wanted to monitor their entire production network with 100s of sensors. The IT department suggested a wireless connection to avoid running more cables through the production floors. However, some of their factories were close to a shipping route that was already interfering with the wireless connectivity of some of their existing devices. Every time a ship drifted too close to a factory, many of the devices — including its wirelessly-connected autonomous robots — stopped working. Needless to say, the OT team was not thrilled with the idea of bringing in more wireless devices (not to mention they were concerned with the cost and complexity of certification efforts). Both teams agreed to investigate deploying the sensors on existing networking equipment to avoid the cabling and certifications.

Expand Your Scope

There is a short-sighted trend across the industry where organizations are restricting their OT security initiatives to smaller pilot implementations. This prevents effective scaling and evaluation since the small teams tasked to assess the value of an initiative may not realize the benefits beyond their own experience. It’s imperative that companies encourage scaling implementations in a coordinated manner by identifying a larger group of internal champions to evaluate solutions, lead teams and internally promote pilots.

Another issue with pilot programs is that they may take place at newer facilities that don’t experience the same challenges as older sites. Case in point, one organization made plans to implement new security policies at every remote site, only to realize that they lacked the bandwidth and infrastructure to do so.

When pilot programs don’t bring all stakeholders to the table, there is potential to overlook more holes in the attack surface. For example, a plant manager implemented security controls within the plants, but expected the firewall between the plant and the corporate network to be managed by IT. Later, an assessment showed that the firewall had very few restricting rules because the IT network engineers didn’t know what access was required in order to not impact the production environment.

A Convergence of Opinion

Threat actors are constantly working to create new attacks capable of shutting down critical networks, so it is imperative for IT and OT teams to unite against this common foe. Understanding how IT and OT networks interoperate can help holistically manage risks to the entire enterprise. Taking their different needs into consideration can minimize the potential for disruption. Channel your inner Abe Lincoln to become a great compromiser, consider things from a different point of view and don’t be afraid to broaden your horizons. After all, the process of IT/OT convergence is an opportunity for IT and OT teams to converge together, as well.

KEYWORDS: access control Chief Information Security Officer (CISO) convergence IT collaboration operational security security team

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Christina Hoefer is the Vice President of Global Industrial Enterprise at Forescout.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Pink and blue lines on dark screen

    Overcoming the IT skills gap and maintaining a secure business

    See More
  • Physical Security Remains Key Factor in Cyber Protection  for Critical Infrastructure AlertEnterprise

    Securing Industrial Systems: Segment IT and OT Networks

    See More
  • two people high fiving

    IT and OT cybersecurity: Bridging the divide

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing