OT, IT Convergence Creating Additional Risks
Channel Futures: Is the convergence of OT and IT creating new cyber risks?
NCC Group’s Damon Small: The convergence has completely changed the threat landscape. The IT network is the traditional business network. Twenty or so years ago, the IT network never communicated with the OT network at all. OT includes the control systems, the process control network itself and data systems, and so forth. So as it turns out, there’s a lot of business value that can be gained by sharing operational information with the IT folks, so we started interconnecting OT and IT.
Now that we’re starting to share more information between those two environments, and we’re necessarily connecting them together, that means it is possible to move from the business network in IT down to the OT network where all the process control stuff is. That means whoever is running the plant is no longer only worried about the physical facility that’s generating all the power. They also have to worry about the entire network infrastructure up to and including whatever interconnect they have with the broader internet. So it is a huge, huge change to the threat landscape for sure.
