Cyber convergence is the process of combining the IT environment (Information Technology - infrastructure, hardware, software, and systems that an organization relies on every day activities) and the OT one (Operational Technology - hardware and software to control industrial plants which mainly interacts with the physical world). This process brings together two traditionally separate technology domains, with the ultimate goal of creating a more streamlined, efficient and secure infrastructure in an industrial environment.
The OT environment differs significantly from traditional IT systems, especially in terms of priorities and risks. These include significant risks to human health and safety, serious environmental damages, and financial problems such as production losses.
Typically, the development of security policies in IT environments is based on the CIA triad, which is a model based on:
- Confidentiality - Preserve the privacy and confidentiality of data
- Integrity - Keep data authentic and original, avoiding its corruption
- Availability - Allow authorized users to access the data as needed
Conversely, in OT the priorities are reversed and follow the SRP triad:
- Safety - Preserve health and life of people
- Reliability - Trust in obtaining results consistently and effectively
- Productivity - Ensure optimal and efficient operations
In general, the top priority for IT is to protect data. The priority within OT environment is to protect safety, as well as the availability and integrity of the process.
An effective integration of cybersecurity in the context of IT/OT convergence requires the definition and execution of a comprehensive program, starting from the notion of visibility, because a company cannot protect unknown elements in the industrial environment.
The convergence between IT and OT worlds represents a great development and growth opportunity for companies, as it brings greater efficiency and security to the industrial environment. This is also an ongoing process, since new technologies are constantly being developed and implemented, allowing further integration of the two domains. Therefore, it is important to approach this change with good understanding and be aware of the cyber threats that IT/OT convergence involves.