Sponsored By
Sean Tufts

August 10, 2020

2 Min Read
(Image: viperagp via Adobe Stock)

Question: Can I use the same security tools on my IT and OT?

Sean Tufts, practice director, product security, ICS and IoT, Optiv: You can absolutely leverage information technology and operational technology (IT/OT) tools in either environment. My soapbox: The worst thing the cybersecurity industry did was pretend it involves anything more than great IT fundamentals. I'm seeing OT walk down this same path. The most important factor in security tooling is culture.

Ask yourself:

Does this tool fit my project? Many people are rushing into the Internet of Things (IoT) market for visibility, but they need deep packet inspection for OT protocols. The culture of the code base can be mismatched, which leads to overspending. It’s the same thing with network monitoring. People buy on promise without seeing how the technology scales into OT. One great use case does not make a tool.

Does this tool fit my corporate culture? The best example here is whether staffing is required to run it. I had a client spend a year baking off products and bought the "cool" brand with all the bells and whistles, but it had zero plan to onboard the technology. Three months later the tool was shelfware.

Does its code base match my operating sensitives? You can use any IT tool in OT as long as it "fails open" and has redundancy. Don't think you can pivot a tool outside its skill set. For example, don’t expect to push a cloud client into an on-prem solution. If it feels unnatural, it is.

Overall, quit worrying about IT tools in the OT environment. The OT networks are historically terrible. We need to embrace both new capabilities and organizations trying to help.

Related Content:


About the Author(s)

Sean Tufts

Practice Director, Product Security, ICS and IoT, Optiv

Sean Tufts is the practice director for the OT/IOT business at Optiv. He's a former NFL linebacker turned critical infrastructure security leader. Post NFL, he worked for utility operators and O&G hardware suppliers. Prior to his current leadership position at Optiv, Sean was on the digital transformation team for General Electric, focusing on security services for the O&G market. In 2012, he was honored by Forbes as a "30 Under 30" recipient.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights