Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Ask The Experts

8/10/2020
05:20 PM
Sean Tufts
Sean Tufts
Ask the Experts
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Can I Use the Same Security Tools on My IT and OT?

You can quit worrying about IT tools in the OT environment.

Question: Can I use the same security tools on my IT and OT?

Sean Tufts, practice director, product security, ICS and IoT, Optiv: You can absolutely leverage information technology and operational technology (IT/OT) tools in either environment. My soapbox: The worst thing the cybersecurity industry did was pretend it involves anything more than great IT fundamentals. I'm seeing OT walk down this same path. The most important factor in security tooling is culture.

Ask yourself:

Does this tool fit my project? Many people are rushing into the Internet of Things (IoT) market for visibility, but they need deep packet inspection for OT protocols. The culture of the code base can be mismatched, which leads to overspending. It’s the same thing with network monitoring. People buy on promise without seeing how the technology scales into OT. One great use case does not make a tool.

Does this tool fit my corporate culture? The best example here is whether staffing is required to run it. I had a client spend a year baking off products and bought the "cool" brand with all the bells and whistles, but it had zero plan to onboard the technology. Three months later the tool was shelfware.

Does its code base match my operating sensitives? You can use any IT tool in OT as long as it "fails open" and has redundancy. Don't think you can pivot a tool outside its skill set. For example, don’t expect to push a cloud client into an on-prem solution. If it feels unnatural, it is.

Overall, quit worrying about IT tools in the OT environment. The OT networks are historically terrible. We need to embrace both new capabilities and organizations trying to help.

Related Content:

 

Sean Tufts is the practice director for the OT/IOT business at Optiv. He's a former NFL linebacker turned critical infrastructure security leader. Post NFL, he worked for utility operators and O&G hardware suppliers. Prior to his current leadership position at Optiv, Sean was ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
   OVER THE EDGE
A Swift Reminder About Cybersecurity

Source: The Security Awareness Company

What security-related videos have made you laugh? Let us know! Add them to the Comments section or email us at [email protected].

Name That Toon: Masks and Manners
Flash Poll