Australia necessarily finds itself at the forefront of the IT/OT convergence trend: the bringing together of information technology and operational technology in the pursuit of lower operating costs and improved operating efficiency.
The country is home to a thriving industrial sector, particularly built around mining and resources. Government figures show the sector makes up over 8 percent of Australia’s economy and accounts for more than 70 percent of Australia’s goods exports.
Achieving efficiency gains in the extraction, processing and production of minerals and natural gas has often meant enhancing the operational technology (OT) systems that are ‘in charge’ of these processes by either bolting on IT capabilities or passing data via cloud-based services, such as artificial intelligence or machine learning algorithms, for further analysis and generation of actionable insights. Some OT systems now have native IT or internet-connected capabilities that make bolt-ons unnecessary.
Of course, IT/OT isn’t just limited to the resources sector: it’s a trend seen across other industrial sectors such as utilities (energy and water), manufacturing and assembly, and even commercial building and facility maintenance and management.
Regardless of the industry involved, or whether it’s IT or OT that is driving the need for convergence, the challenges of such an exercise remain much the same.
IT and OT traditionally operated as silos in a single business, or increasingly as two interdependent departments.
Converged IT/OT operations are still the exception rather than the rule. While hardly a scientific measure, a LinkedIn search for Australian professionals with IT/OT in their job title turns up a shade over 500 results. That proves there is some recognition of the importance of convergence, and that convergence is happening in pockets of industry.
However, search for ‘OT’ professionals in Australia, and the number balloons to 8800. Clearly there is still some way to go before IT/OT convergence hits mainstream acceptance and adoption, insofar as it is reflected in more people’s job titles and in a higher number of converged operations.
But it will happen, and sooner rather than later.
A well-planned merger of IT and OT is necessary for companies to fit into the post-pandemic environment.
The ongoing adoption of digital transformation efforts across the industrial sector is driving increased levels of convergence. There is anecdotal evidence that the speed of adoption of IT/OT convergence is accelerating due to the introduction of technologies and concepts such as AI, Industry 4.0, 5G, IoT sensors and platforms, nanotechnology and machine learning in operational technology areas of the
Convergence is a natural step in the direction of digital transformation because it leads to improved asset management and operational visibility, and gives companies a competitive edge.
While convergence may be a necessary step to achieving efficiency dividends and improving prospects of a successful digital transformation, companies must also consider the cybersecurity implications of pursuing such a strategy.
For many organisations, their defences may be lowered during the convergence process, leaving them vulnerable to attacks while actual convergence work is underway.
Additionally, cultural differences in approach can leave converged environments vulnerable.
IT and OT teams are known to approach cybersecurity from different perspectives. As Australian researchers have previously shown, there is a “variance in cultural values [that] explains the difference in importance placed by each group on information security properties: OT values
availability and IT values confidentiality”. This needs to be accounted for in any convergence work.
Traditionally, most of the cybersecurity work associated with IT/OT convergence has been typically targeted at the OT side. Legacy OT assets can pose a serious risk when they become integrated with IT because they are not designed to withstand malicious cyber attacks. There are challenges in bringing these systems up to date and integrating them into a new flow, and a learning curve for
security teams involved in convergence projects.
However, the reality of the situation is that IT and OT standards need to be included in overall cybersecurity plans because threat vectors can come from any direction.
IT and OT leaders must share the responsibility to mitigate risk. This isn’t the time to point fingers. Everyone is responsible for cybersecurity.
One of the best things that teams on both sides - IT and OT - can do in a converged landscape is to keep communication lines open in order to thwart threats. This is just one example of how IT and OT can work together to create a stronger and more efficient security boundary across the enterprise.
Ultimately, the road to convergence can take months or years, depending on what the adopting company needs.
Talk to your teams. Create an open dialogue so that you can determine what is warranted, and how to address challenges and goals. And don’t forget to listen to what is said.
If you remember to focus on people and the process, then the end goal of becoming more efficient, productive and competitive will be a natural outcome.