The White House National Cybersecurity Strategy highlights a growing risk at the intersection of information technology (IT) and operational technology (OT).
As factories, power grids, and water treatment facilities move from old analog controls to modern digital systems, cyberattacks become “inherently more destructive and impactful to our daily lives,” the strategy warns.
Agencies may not have the internal talent needed to address security when they’re implementing networks that must support not only desktops and servers, but also power grids and water infrastructure. “There’s a limited set of these skills available, and everyone, agencies and industry, is competing for them,” said Michael See, CTO of Alcatel-Lucent Enterprise’s (ALE) Network Business Division.
How best to succeed in this environment?
Partnership Is Key
To operate securely in a converged IT/OT landscape, agencies need not just a technology vendor, but a true partner, one that can align the right tools with the most pressing mission needs.
“Citizen expectations are on the rise, even as utilities and other critical services are incorporating industrial Internet-of-Thing (IoT) devices into their operations,” said Aaron Cole, ALE’s Vice President for Strategic Industries. Yet OT vendors typically focus on physical security, while IT vendors may not understand the operational environment. “That can make it difficult to align yourself with the right technologies.”
At Alcatel-Lucent Enterprise, “we’ve put a lot of time and effort building out a portfolio with the functionality to address both IT and OT needs,” See said. Through its partner ecosystem, ALE delivers best-of-breed solutions that support emerging industrial and infrastructure use cases, along with the robust security that agencies expect from their information technology providers.
With secure code and a diversified supply chain, ALE delivers this high level of security on a single network framework. “You only have to deploy one physical network to support both your IT and OT needs,” See explained.
Next Steps
Government organizations can bolster OT security by extending the safeguards they’re already using on the IT side. For example, they can apply zero trust to IoT devices just as they do with desktops and servers. “Nothing should enter your network ‘trusted’ at a time when you’re trying to leverage the same network for multiple programs or multiple missions,” Cole said.
And just as they do with IT, agency technology executives should understand what is operating on the OT side of the network, and how things interconnect. “Know what devices are being put onto the network and establish the policies for where they’re allowed to connect, where the traffic is allowed to go,” See said. “Leverage tools like micro-segmentation so that network traffic from those devices goes only where it’s been allowed to go by policy.”
Agencies also should be looking to partner with an experienced integrator, one with proven experience working at the intersection of IT and OT. New tools alone won’t solve the problem. To drive effective change, See noted, agencies require “trusted partners they can work with, to build the solutions they need.”
This article appears in our guide “Conversations With CXOs: Lessons Learned in Management, Workforce and Technology.” For more insights from the C-suite, download it here: