Privacy policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

When two worlds collide: The uncomfortable convergence of IT and OT environments

By Eyal Asila, Head of Digital Cyber Consulting, Atos

The fourth industrial revolution has seen two different domains – IT and OT – forced together, causing a convergence that benefits industry and consumers but can also leave operations, sometimes critical operations, open to risk.

Learning to manage the risks and understanding how critical this is will enable further digital transformation and, importantly, safeguard citizens and economies.

Not designed to be connected

The OT environment was not originally designed to be connected. In many cases, the OT environment is extremely expensive to build and complex to change. It does not run on the same operating systems used in a modern technology environment and does not easily lend itself to upgrade and adaptation.
For this reason, when the two environments converge, a potential major cyber risk is introduced, and this must be managed. Regulators and governments are now increasingly aware of the risks and seeking to ensure industrial organizations manage and control it. Many critical infrastructures: utilities, logistics, healthcare, and more, are based on these complicated systems.
Across the globe we have seen cyber criminals and threat actors use these vulnerabilities for ransomware attacks and cyber warfare which, in the worst cases, have put people’s lives at risk, changed economic situations and even introduced a strategic game-changing factor to international government relationships and warfare.

Knowledge gap

One of the key issues in this area is the huge knowledge gap in the market. This is an extremely specialized area, and it is rare that you have professionals with expertise in both IT and OT security.
I am aware of an incident, where an expert insisted that an HMI (Human Machine Interface) in a production line be shut down due to a minor security breach. What he did not know was that this single HMI was critical to business operations and also under the control of regulators. The entire production stopped needlessly and could not run again until the regulator had approved the process, this took more than six months.

Understanding processes, people, and organization

For this reason, the first step Atos takes when looking at securing a complex environment is developing a deep understanding of the entire environment and business processes, including what is being produced and why. Indeed, it is essential to ensure that everyone working and operating machinery or systems within the process has a clear view of the end-to-end business, especially what in the process is critical – which machine is their crown jewel. This information ensures a correct assessment of the risk as well as of the daily operations; it also supports the incident response process and allows the organization to minimize its risk exposure.
Moving on to defining each components’ capabilities is the next stage and then a full evaluation process is undertaken called the discovery phase. A deep dive into the overall converged environment that contains IT (including cloud, on-premises, third party, etc.) and OT assets. Running visibility and behavioral anomaly detection through the entire process and searching for any vulnerabilities means a well-defined mitigation program can be developed and put into action. Only once these steps are complete can the work begin to upgrade digital security.

The solutions are not straight-forward in the OT environment – technology systems such as patch management, antivirus and updating operating systems are all irrelevant so bespoke solutions are often necessary. That is why Atos has invested in specialized tools and products for securing complex environments and ongoing threat detection and management to be able to address such specific challenges. However, nothing can be done without the proper risk management strategy at its core. It is therefore crucial for organizations to put a strategy in place. This should cover all relevant areas such as policies, procedures, and processes, including any incident response plans that need to be in place and training people in the management and detection of risks.
The work is in progress, but it needs to go faster.

For digital security, organizations need to:

  • Understand what their security vulnerabilities are,
  • Understand what impact should be expected if an attack were to occur,
  • Decide what is critical to secure
    and how.
Extreme environments call for extremely reliable communication solutions and we were looking for a French specialist to help coordinate and secure our first offshore wind farm in France. The experience of the Atos teams, their knowledge of offshore and the very specific digital and OT technologies associated with this area are very valuable to us

Javier Garcia Perez

President of Ailes Marines
International Offshore Director of Iberdrola

Share this Page

Eyal Asila, Head of Digital Cyber Consulting, Atos

Email Eyal about this article