KPMG’s latest cybersecurity publication on IT/OT convergence in the energy and natural resources sector offers the requirement for bringing out public, processes, and systems closer together for the creation of a smarter, more secured network with better visibility for monitoring and controlling both the IT and OT environments.
Converging information technology (IT) and operational technology (OT) environments requires the right preconditions in an organization’s environment and culture to be successful and lasting.
As per the KPMG’s report, organizations often prioritize efficiency or productivity improvements, the cybersecurity must not be overlooked and must be an integral part of an IT/OT Convergence strategy.
Ton Diemont, Head of Cybersecurity & Data Privacy at KPMG in Saudi Arabia stated: “Preparing an organization’s people and culture for IT/OT convergence is critical for success, with the process and workflow convergence being integral to a broader IT/OT convergence plan.”
Basics on IT/OT Convergence
As per KPMG Report: The IT/OT convergence is a double-edged sword from a cybersecurity lens. It can allow for more robust monitoring of systems, but it also might expose industrial control systems (ICS), process control systems, and other operational technology to malware attacks, hacktivism, employee sabotage, and other security risks that previously affected only corporate IT systems.
KPMG Report also added: Training OT personnel requires not only a cybersecurity background but also a strong understanding of the engineering process and physical systems are required unlike IT personnel in an IT environment. To overcome this challenge, KPMG has created OT/ICS cyber range labs using production-grade equipment to simulate scale-model versions of industrial processes to bring OT simulation efforts up to par with IT.
Hossain Alshedoki, IT/OT Cybersecurity ENR Lead at KPMG in Saudi Arabia stated: “Securing OT systems is a prerequisite to IT/OT convergence. Cybersecurity capabilities need to be implemented to evaluate existing systems for threats and to continually monitor them in the future.”
As per the KPMG’s announcement, though zero-day attacks are impossible to predict during and after IT/OT convergence, micro-segmentation helps organizations mitigate their risk. Implementing ‘resilient by design’ principles before IT/OT convergence also decreases the likelihood of successful zero-day attacks.
The labs can be used to establish secure remote connections through KPMG’s infrastructure to perform hands-on training sessions, cyberattack simulations, proofs-of-concept, and industrial cybersecurity-related research.
“Our virtual labs can be built to replicate an organization’s IT and OT environments by connecting proprietary devices and virtualizing OT components. This enables IT and OT professionals to cross-train their incident response strategies until mastery,” concludes Diemont.
Press Release received on mail