Both information technology (IT) and operational technology (OT) capabilities are increasingly necessary to deliver desired mission and business outcomes. More and more, these outcomes rely on digital sensors and the data they provide to optimize operational systems and higher-level business and management applications.
There is a rapidly growing explosion of digital sensors across governments and industries. And the connected data from these sensors is increasingly essential to the operational effectiveness, flexibility, and resiliency of both business and mission-critical systems. Additionally, Artificial Intelligence/Machine Learning or AI/ML-driven capabilities enable infrastructure to respond to changing conditions dynamically. This means that performance and operational effectiveness can be improved in real-time, and threat response can be automated to deliver more secure operational outcomes.
Modernizing and digitizing our critical infrastructures enables governments and organizations to provide better and more equitable access to critical infrastructure services. And if the pandemic has taught us anything, it’s that what can be delivered digitally must and will be delivered digitally. Most importantly, we must ensure that upgrades to water, communications, transportation, power, and other critical infrastructures deliver resiliency in the face of ever-increasing cyber threat activity. These modernization efforts provide the opportunity to employ a more holistic architectural approach that better aligns both IT and OT components, especially with regards to security.
Orchestrated IT/OT Security is Paramount
An aligned IT/OT approach is essential for business and mission success and infrastructure resiliency and security. In a digital world, IT/OT modernization efforts must be both synchronized and grounded in systems security engineering to achieve successful business and mission transformations (see NIST SP 800-160v1 Systems Security Engineering Considerations for a Multidisciplinary Approach and NIST SP 800-160v2 Developing Cyber Resilient Systems – A Systems Security Engineering Approach).
The 2021 cyber-attack on Colonial Pipeline’s IT-supported business systems that resulted in a business-driven denial of service impact to their OT systems confirms this new reality. This chilling example illustrates the growing need for a holistic IT/OT cybersecurity approach. It expands the definition of what is now considered part of our “critical infrastructures” to include the growing interdependency of IT and OT systems. An end-to-end IT/OT architectural approach and the arrival of AI/ML-enabled digital transformation capabilities are potential game-changers for infrastructure optimization. They also act as an “ace up our sleeves” in our ability to dynamically regain the cyber high ground against our adversaries.
Where Do We Begin?
A good starting point is the National Institute of Standards and Technology’s (NIST) Zero Trust Architecture (ZTA) (SP 800-207). It identifies a security Policy Decision Point (PDP) in the Control Plane, coupled with Policy Enforcement Point(s) in the Data Plane, as the Core Zero Trust Logical Components necessary to deliver effective cybersecurity risk management in both IT and OT environments. Cisco ZTA and network solutions provide orchestrated security across both IT/OT environments, in many cases leveraging investments in components, capabilities, and tools you already possess.
Our Way Forward
The unstoppable drive toward increased digitization requires that we rethink how we protect our ever-expanding ecosystem of “critical systems and data”. This is essential to key government and industry services, innovation, and business and mission success. Securing these critical infrastructures means we can no longer afford to invest in separate silos that often fail to consider complex linkages between digital IT and OT infrastructure elements.
Adversaries are constantly evolving their approaches to achieve maximum gain and/or disruption with minimal effort. We must be no less dedicated in our efforts to deliver more effective, efficient, and secure operational outcomes by safeguarding and optimizing our critical infrastructures and systems. Breaking down long-standing organizational and functional silos to achieve this holistic approach is a cultural challenge that we must address to deliver more responsive and protected critical infrastructures.
Cisco stands ready to assist our clients and partners in this endeavor! If you want to read more about our government solutions, check out our portfolio explorer.