In the past, Operational Technology (OT) has relied on isolated networks. While the interconnection of IT and OT promises major business benefits, what do you see as the main reason for hesitation when connecting OT with IT?

1.8k views1 Upvote5 Comments

GVP in Software, 10,001+ employees
Adding   and  to add their thoughts. Thank you!
CEO in Software, 11 - 50 employees
There’s no one answer to the problem of hesitation, IMO some of the more common reasons for keeping OT isolated are fear, uncertainty and doubt.
OT isn’t managed by IT (in most cases) and success metrics or KPIs are different. Merging the two networks successfully requires leadership focusing on removing silos and using a “systems” approach.

Another reason is that OT is often made up of protocols, equipment and providers that IT security teams aren’t familiar with. So, without leadership focus on driving a higher set of benefits, both operations and IT hesitate because they are NOT measured on creating value from a connection, they are most often measured on limiting risk.
CTO in Software, 201 - 500 employees
made excellent comments regarding the complexity of the OT (which tends to be legacy, often by necessity not choice) & IT (which tends to be more open to change) relationship.

There's no easy solution here. Possibly, we need more innovation for bridging the gap. Here's an example -

New technology shows promise in detecting and blocking grid cyberattacks
CISO (CISO) in Software, 1,001 - 5,000 employees
IT and OT networks don't have to be "air-gapped" (with physically separate network wires), but there should definitely be logical segmentation (VLANs), and ideally with a firewall between the IT and OT networks.

Keep in mind that some Information Security tools (like vulnerability scanners) only exist in the IT realm, so if you want those systems to be able to "scan" the OT network for vulnerabilities, you will need to allow some limited traffic between the two networks, but those routes and ports should be tightly controlled.

If you have an abundance of IT Networking resources, you could further reduce your risk by segmenting OT networks by "device type" (for example, locating internet-connected televisions on a VLAN that is completely separated from internet-connected HVAC systems). - This results in fewer available ports per VLAN, and makes it much easier to detect anomalous activity.
Director - Information Security and IT Risk in Energy and Utilities, 10,001+ employees
The three main reasons are:
1. Cultural, since, still, individuals that work on each domain tend to see the other part as not having the right knowledge to deal with their own problems. There is a resistance to accept that technological evolution has leveled most challenges regarding cybersecurity and IT in general.
2. Risk Management, despite the fact that technological evolution has leveled systems and networks management challenges in both domains, still the systems from IT and OT have different characteristics and properties to assure (OT more focus on availability and safety and IT in confidentiality and integrity). So join both domains might introduce some risks not fully controlled or even clearly identified by the organizations.  
3. Finally, organizational, related with the previous ones. Organizations are, historically, arranged in silos regarding the IT /OT and the change is not simple to perform (organization’s inertia, because people feel threatened) and in a situation where risks are not well known, organizations are adverse to change.

Content you might like

Yes, most security leaders.24%

Yes, some security leaders.63%


Not sure2%


985 views1 Comment

crowd strike35%

sentinel one60%

carbon black5%




CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
46.5k views133 Upvotes324 Comments