Why CIOs Need Full Visibility into ‘Opaque’ Operational Tech

Increasingly sophisticated attacks on the building blocks of 21st-century life — from oil pipelines to power plants and telecommunications — have prompted growing government pressure for industries to strengthen their defenses.

Cyberattacks that led to the shutdown of Seattle’s port and airport and disrupted New York’s emergency services, for example, prompted the NSA and CISA to urge critical infrastructure providers to make improvements as long ago as 2020.  

While the response has been slow and businesses are wary of the cost, integrating operational technology that controls physical equipment with information technology that focuses on data management and digital services can help. 

Not only does it increase service reliability and avoid disruption, it can unlock opportunities for innovation that boosts revenue, experts told CIO Upside.

“By integrating (Internet-of-Things) and OT systems, you gain visibility into processes that were previously opaque,” Sonu Shankar, chief product officer at industrial security provider Phosphorus, told CIO Upside. Well-managed systems are a “launchpad for innovation,” said Shankar, allowing enterprises to make use of raw operational data.

“This doesn’t just facilitate operational efficiencies — it would potentially generate new revenue streams born from integrated visibility,” Shankar added. 

So what counts as operational technology? Any legacy machine, hardware, or device whose operation is essential to a company’s service delivery. That includes anything from factory floor machines to production lines, distribution warehouses, and even smart office printers. 

Though updating tech stacks may seem like a daunting task, especially for critical service providers and other industries that rely on legacy hardware, OT-IT management isn’t about breaking the bank. Simple technologies like network segmentation, zero trust security architecture and OT-IT cloud platforms are widely available and cost-effective:

• Network segmentation, the splitting of a main network into many sub-networks, can prevent non-authorized users from accessing critical resources and machines.
• Zero trust architectures, meanwhile, force users to continuously verify themselves to maintain access. This secures digital IT and minimizes human errors and misconfigurations.
• And cloud platforms often provide necessary, centralized visibility that can prevent attacks and offer insight into what may or may not be working within your OT stack. This includes historical detailed reporting, automated maintenance and AI-powered analysis and threat detection. 

Fused OT-IT environments lay the groundwork for faster product development and better service delivery, said James McQuiggan, security awareness advocate at KnowBe4. Real-time operational data can feed directly into things like research, development and analytics, he said. 

“When OT and IT systems can communicate effectively and securely across multiple platforms and teams, the development cycle is more efficient and potentially brings products or services to market faster,” he said. “For CIOs, they are no longer just supporting the business, but shaping what it will become.”