One strong trend within the change of the cybersecurity threat landscape is that adversaries seek to compromise industrial networks. However most CISOs agree with the importance of protecting ICS segments of the network, this approach in many cases lacks a clear, holistic defense strategy. In many organizations, there are different maintenance and operations teams for the office IT and the industrial IT – referred to as OT. Deriving from this status quo sometimes the OT management independently decides about the cybersecurity or the IT departments follow an air-gap or segmentation strategy.
The SOCWISE expert teams have built up and operate several fusion SOCs, which means that both IT and OT security is covered by a respective strategy, containing slightly or dominantly different elements on all people, process, and technology layers.
On the people layer, there are mostly similarities, meaning threat awareness and individualized competence development for each specific role is the way to follow.
On the process level, the difference is more significant due to the different priorities - having safety first, which is closely followed by continuity in production. There is just limited flexibility within OT processes but on the other way, the complexity of them might be lower.
Through the technology layer, there are both similarities and differences. The similarity is brought by the leading trend of production digitalization, which results in similar technologies to grow (server-client infrastructures, cloud, IoT, machine learning, digital twin, etc.), but still, the non-intrusive nature of security tools is a must and due to the utilization of industrial network communication protocols another portfolio of sensors and perimeter security instruments are necessary.