Stop Disrupting My OPSInformational Technology (IT) is primarily focused on the transfer, use, and in the case of cybersecurity, defense of data.  As such, IT cybersecurity attempts to find and destroy intrusions with little to no regard to operations. The evidence for this approach is most apparent in the “agentless” cybersecurity approaches that offer isolation as their sole remediation option. Operational Technology (OT) is primarily focused on safe, stable workflows with the main focus being on a given mission.  Disruption in OT in the worst possible outcome and many operators would rather suffer a hack than take their systems offline. Historically, OT systems maintained complete isolation from IT systems in order to derive a base level of unobtrusive protection. As efforts such as 5G, Smart Cities, and Autonomous Vehicles gain traction however, these isolated systems are being merged into IT systems.  IT-oriented cybersecurity is not adjusting to this change which is resulting is massive issues as OT owners refuse to implement anything that can cause mission failure.  The lack of proper cybersecurity tools, along with the complacency of cybersecurity experts in regard to disruption, is rapidly generating a culture of distrust between IT and OT groups.

Moving Towards A Solution

There needs to be a reality check for IT operators in terms of their core functionality and, within that context, a realignment of priorities when it comes to cybersecurity.  Simply put, IT has the important job of moving data into the correct locations in order to support OT operations. IT, by itself, does not accomplish anything and – short of specific IT services such as cloud platform and cybersecurity – organizational missions occur through OT and not IT. Within this context, cybersecurity must move from a culture of disruption into a paradigm wherein operational stability is paramount.  This new approach will eliminate off-device protection, greatly impact automation functionality, and directly change how cybersecurity experts interact with operations.  While a given cyber expert might know IT protective mechanisms extremely well, they have no place directly controlling anything in a production environment.

Empowering The Future

As OT and IT systems merge together, cybersecurity must move from a primary management responsibility to a supporting mechanism.  This requirement translates into the need to mainstream cyber operations such that a highly-skilled OT admin can run cybersecurity functions as just another part of their job. Options from visualization to inference engines to distributed machine learning will all play critical roles in this process.  At the end of the day, a given remediation effort for a given exploit is a repeatable routine that can be encapsulated. Once captured, machine learning can readily expand upon the original steps in order to apply that use case to other potential vectors.  None of these routines will require cyber experts in operations. The other critical aspect to this new cyber endeavor is the use of simulations in order to predictively determine OT impacts for a given remediation effort.  In OT, it is not sufficient to say “trust me” nor will there be maintenance windows occurring continuously as will be required to properly protect these systems.  In fact, many OT systems have a zero downtime requirement. By simulating OT environment and using deep learning techniques, remediation routines can be adjusted to mitigate, or even eliminate, any disruption.  Along these lines, sophisticated on-device agents can eliminate malicious activity without impacting the rest of an attacked system. Zero downtime maintenance options can be leveraged wherein a backup device is spun up, communications re-routed, and then an intrusive routine is run on the primary. Finally, virtualization will be critical to the success of these hybrid IT/OT systems wherein patched virtual servers and/or applications can be spun up to instantly replace an exploited endpoint with no downtime. IT-oriented cybersecurity has to change and realize the true nature of the newest wave of business which is focused on hyperconvergence for better OT capabilities.  Until cybersecurity makes this shift, this merging of systems will fail and result in an unfortunate expansion of unprotected attack vectors.