As the IT and OT systems used by manufacturers and industrial organizations converge into a unified architecture, new threats arise. The connection of IT infrastructure to industrial control systems (ICS)—part of the broader trend of the Internet of Things (IoT)—provides attackers with an entry point to critical plant systems. By exploiting vulnerabilities, they can hinder productivity or cause downtime, create a significant financial impact, and even put employees at risk. These threats are only amplified as industrial organizations continue to embrace cloud resources as part of their overall IT/OT environment.
How prevalent are attacks on connected OT systems? According to Fortinet research, 31% of organizations that manage OT experienced more than six intrusions in 2024—and the negative effects of attacks are becoming stronger across the board, including lost productivity, reduced revenue, and increased safety risks.1
New Opportunities Come with New Challenges
The essential security challenge of IT/OT convergence is a dramatically expanded attack surface. Formerly air-gapped equipment is now connected via IT networks to monitoring, analytics, and control platforms, which puts it at risk. Likewise, breaches and other issues in IT systems can now impact OT equipment and plant operations.
Additionally, many organizations find themselves lacking staff with the unique, specialized skillset required to manage IT/OT security. IT specialists may not understand the nuances of ICS or OT requirements—and OT specialists may not have the knowledge needed to best manage security from an IT standpoint, either.
Some of the attack tactics being used against IT/OT environments today include:
- Ransomware: Ransomware can infect IT/OT environments through something as simple as a phishing email. Once attackers are in, they can find ways to access OT devices such as programmable logic controllers or remote terminal units and bring down plant operations.
- Exploitation of OT protocols: Protocols such as Modbus, DNP3, and S7comm were initially created for isolated, trusted networks, which means they lack fundamental security capabilities such as encryption or authentication.
- Supply chain or third-party compromise: Industrial operations depend on a number of vendors, system integrators, and maintenance contractors. Attackers can exploit these relationships to infiltrate IT/OT systems through vectors such as compromised software/firmware updates or insecure remote access.
- Living off the land attacks: Stolen credentials from personnel such as OT operators and plant engineers can be used to manipulate and compromise connected systems.
- Denial of service: OT systems depend on fast, reliable connectivity. Attackers can use denial of service attacks to flood the network with traffic and prevent commands from reaching their intended destination.
Best Practices for Protecting IT/OT Environments
Given the dramatically expanded attack surface and the rising frequency of attacks, industrial organizations are looking to identify the steps they need to take to protect their converged IT/OT systems. According to the SANS Institute, manufacturers should focus on five key areas as they seek to protect their converged infrastructure:2
- Incident response: Create, implement, and maintain an incident response plan that enables resilience and rapid recovery in ICS environments.
- Defensible architecture: Employ ICS architectures that enable visibility, segmentation, and process communication enforcement.
- ICS network visibility and monitoring: Use continuous network security monitoring with protocol-aware tools to facilitate ICS visibility and pinpoint vulnerabilities.
- Secure remote access: Enable secure remote access to ICS networks to safeguard hybrid work structures and protect against supply chain vulnerabilities.
- Risk-based vulnerability management: Manage ICS security issues based on risk, prioritizing those that could allow for unauthorized access.
Many manufacturers opt to use established industry frameworks to help secure their control systems. Here, SANS research shows that the NIST Cybersecurity Framework is the most popular choice, with standards such as International Society of Automation/ International Electrotechnical Organization (ISA/IEC) 62443 and North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) also being widely used.2
Maximizing the Value of IT/OT Convergence Requires Comprehensive Security
Organizations everywhere are realizing gains in efficiency, productivity, and safety through the unification of IT and OT infrastructure. Protecting these systems is essential to ensuring the long-term viability of convergence efforts and preventing costly business interruptions as well as other risks. As manufacturers continue to pursue new levels of connected, intelligent, and automated operations, converged infrastructure will play an essential role—and the technologies and best practices used to protect it will too.
- Fortinet, 2024 State of Operational Technology and Cybersecurity Report, 2024
- SANS, SANS 2024 State of ICS/OT Cybersecurity, October 2024