Bridging the IT-OT Gap Is the First Step to Combating Cybersecurity Threats

June 7, 2021
Cybersecurity should be at the forefront of every manufacturer's mind. The key element to this journey starts with uniting the disparate and independent departments of IT and OT.

Attacks on operations technology (OT) in manufacturing continue to increase, most recently with the ransomware attack on JBS, which had to shut down production in nine beef plants. Many companies are rightfully looking at what preventative measures can be put into place. The modern IT-OT Assessment can be an effective change management program to address vulnerabilities; however, one of the biggest challenges to getting started with change management is getting corporate IT and the shop floor (OT) to work together. This is truly a very big issue without having a change management program in place—and based on a data-driven, methodical approach—there is really no way for an operation like JBS (or any company) to know how to recover from an attack in a timely, efficient, and trusted manner.

We are combating tribalism. I’ve worked on both sides – the first part of my career I was selling digital transformation solutions out on the factory floors that would feed to the IT system. The second half of my career has been spent in machine control and automation. Having been on both sides, I can tell you that we’re way more alike than different. One of the reasons that we grew apart was how we facilitated the assets on the corporate side versus the operations side. Corporate IT implements policies and procedures to prevent loss of data and OT is concerned about loss of productivity.

I hear all the time “Don’t tell IT we’re doing this” when visiting shop floors. And red flags are going up. But there’s a reason for that—the tribalism and the division. But we’ve got to come back together.

IT and operations need a couples therapy session. Relationships take work. Our tribes are all on the same team, the same company. We need to work together to fight the nefarious forces seeking to disrupt and destruct our manufacturing operations. How do we do this?

Step One — acknowledge that there’s a disconnect.
We all can see that we’re not working together as we should. We have to be clear that mistrust has been developed and why.

Step Two — agree on what the future looks like. 
Everyone needs to be committed to a shared future state. What does the future look like for all of the different groups in your organization? It will be a little different depending on which group you ask, but what’s the common ground for all of them? A shared mission and vision is critical to success, as it’s the basis for collaboration between the tribes within your facility.

Let the data drive the plan.
That current state assessment will drive the plan for digital transformation changes. Then let empirical data drive the plan, not who has the loudest voice or whose division is bigger. Those may factor in at some point, but let the data do the talking.

Communicate, communicate, communicate.
Once you have a plan developed, communicating the plan and its benefits—early and often—is key. This goes for all levels of the organization, from top to bottom. Everyone needs to understand what the future state is and how you will get there.

Step Three - action.
What are you going to do? What does the change management program look like? It should benefit operations, consider the diverse needs of the organization, and still meet corporate expectations and goals. Is there empirical data to inform funding, priorities, and decisions? There’s still going to be emotion, but at least you will have a baseline of data. Once you have this information, what is the strategy to execute and accelerate to realize benefits more broadly across the organization? Where is the funding going to come from? Who is responsible for what? What’s expected from everyone? This is where the modern OT assessment comes into play. Our goal with the modern IT-OT assessments is to help companies create a strategy and plan to keep both sides up, operational, efficient, and secure 24/7!