Question: Can I use the same security tools on my IT and OT?
Sean Tufts, practice director, product security, ICS and IoT, Optiv: You can absolutely leverage information technology and operational technology (IT/OT) tools in either environment. My soapbox: The worst thing the cybersecurity industry did was pretend it involves anything more than great IT fundamentals. I'm seeing OT walk down this same path. The most important factor in security tooling is culture.
• Does this tool fit my project? Many people are rushing into the Internet of Things (IoT) market for visibility, but they need deep packet inspection for OT protocols. The culture of the code base can be mismatched, which leads to overspending. It’s the same thing with network monitoring. People buy on promise without seeing how the technology scales into OT. One great use case does not make a tool.
• Does this tool fit my corporate culture? The best example here is whether staffing is required to run it. I had a client spend a year baking off products and bought the "cool" brand with all the bells and whistles, but it had zero plan to onboard the technology. Three months later the tool was shelfware.
• Does its code base match my operating sensitives? You can use any IT tool in OT as long as it "fails open" and has redundancy. Don't think you can pivot a tool outside its skill set. For example, don’t expect to push a cloud client into an on-prem solution. If it feels unnatural, it is.
Overall, quit worrying about IT tools in the OT environment. The OT networks are historically terrible. We need to embrace both new capabilities and organizations trying to help.
- Remotely Hacking Operations Technology Systems
- Retooling the SOC for a Post-COVID World
- I Want to Work in Industrial IoT Security. What Lingo Do I Need to Know?
- The Threat from the Internet—and What Your Organization Can Do About It
- Special Report: Computing's New Normal, a Dark Reading Perspective