To view this page ensure that Adobe Flash Player version 11.1.0 or greater is installed.

CYBERSECURITY AND IT/OT CONVERGENCE SCOTTMADDEN, INC. | 20 A December 2015 Ukrainian power outage demonstrated how a cyber attack on an electric utility might unfold. The attack targeted utilities’ operational technology (OT), including an operator’s ability to monitor power flow. This demonstrates utilities’ need to include OT, along with information technology (IT), within their enterprise cybersecurity programs. IT and OT Have Historically Been Distinct There Have Been Differences in Security Priorities: IT vs. OT • IT and OT have had distinct asset types, fulfilling distinct missions, managed by distinct organizations • Corporate IT was responsible for the IT that supported corporate users, back office, and customer support functions • Engineers supported the OT that supported generation, transmission, and distribution operations • IT assets were commodity and open technologies, while OT assets were proprietary, often unchanged over years or decades • IT priorities were generally related to the confidentiality of data, while OT priorities were focused on availability of systems IT focused here: Customer, employee, operational data, and intellectual property CONFIDENTIALITY SECURITY TRIAD OT focused here: Safety and reliability Recent Developments Are Challenging This Model • OT systems are moving toward standard and commodity technology platforms (IP networks, Windows, etc.) • New technologies (e.g., Internet of Things, mobility, cloud) are creeping into operating environments, providing monitoring, data collection, and asset and work management capabilities • Real-time energy trading, demand response requirements, and grid transformation technologies have forced integration of IT and OT systems • IT and OT are no longer independent actors; they are converging INTEGRITY AVAILABILITY IT/OT Convergence: A Macro Trend When compared with previous industrial revolutions, the Fourth Industrial Revolution [cyber-physical systems] is evolving at an exponential rather than a linear pace. Moreover, it is disrupting almost every industry in every country. And the breadth and depth of these changes herald the transformation of entire systems of production, management, and governance. -World Economic Forum