EY helps clients create long-term value for all stakeholders. Enabled by data and technology, our services and solutions provide trust through assurance and help clients transform, grow and operate.
At EY, our purpose is building a better working world. The insights and services we provide help to create long-term value for clients, people and society, and to build trust in the capital markets.
Many organizations aren’t prepared for the cybersecurity challenges that come with digital transformation of operational technology.
In brief
AI and automation technologies are bringing unprecedented business growth opportunities for organizations.
As operational equipment becomes connected in digital transformation, OT technology becomes more exposed to cyber threats.
Cyber leaders need to champion the secure integration of OT and IT to better realize the benefits of digital transformation.
Across almost every industry, artificial intelligence (AI), machine learning (ML) and automation are driving new insights, fostering faster innovation and transforming how organizations seize market opportunities. But while those organizations are embracing the positive, progressive change to their businesses from AI, many aren’t fully prepared for the operational impact they’re bringing — nor the growing necessity for enhanced and integrated cybersecurity. This next era of digital transformation goes far beyond the traditional corporate IT environment to touch and reshape many aspects of operational technology (OT) processes, systems and equipment. While these technologies can improve reliability, performance, productivity and safety, they’re also increasingly connected in an expanding Internet of Things (IoT) universe of machines, devices and apps that together make the already complex act of securing operations even more challenging. As organizations embark on their OT digital transformation journeys, it’s crucial for leaders to adopt a more holistic view of IT and OT cyber protection that begins with a comprehensive assessment of their current technology environments, analyzes processes and workflows, and puts into place the controls and changes required for this next era. Here’s how to start and the important factors to consider.
Benefits of digital transformation and integrated OT and IT systems
Integrated operational and information systems provide real-time visibility into operations, enabling faster decision-making and better resource allocation. This can be particularly crucial in just-in-time manufacturing where production schedules, supply chain data and equipment performance can be seamlessly aligned.
Convergence of OT and IT is key to managing complex and increasingly remote workflows and workforces. In oil and gas, for instance, a unified OT and IT framework can seamlessly manage offshore rigs with remote monitoring to reduce on-site interventions that can reduce downtime and boost employee safety.
The most transformative aspect of OT/IT alignment is the ability to unlock new value streams. Integrated systems generate actionable insights, empowering organizations to innovate and remain competitive, or gain an advantage. For manufacturing, as an example, that means harnessing data to develop new products, optimize supply chains and deliver enhanced customer experiences.
Three essential steps to OT cybersecurity enhancement
Chief Information Officers and Chief Information Security Officers exploring the next stage in their digital transformation of operational technologies should work through three important steps:
Conduct a comprehensive asset inventory to enhance risk awareness.
Many organizations struggle with limited visibility into their OT environments, hindering their ability to evaluate vulnerabilities or identify threats. Begin by compiling a complete inventory of assets and establish a business continuity and disaster recovery plan to maintain resilience in the face of an attack.
Analyze the processes and workflows supported by assets.
While many companies prioritize perimeter security, interdependencies of processes are sometimes overlooked. Create a detailed map of how OT assets contribute to operational processes and identify potential risks. Perform risk assessments to evaluate the consequences of a security breach and establish a response plan to recover operations.
Increase control and monitoring of the OT network and systems.
Implement network segmentation to isolate critical OT systems from IT networks. Implement a secure remote access solution to control third-party access to critical OT systems and increase visibility into remote user sessions. Additionally, deploy a real-time monitoring and anomaly detection solution to identify unusual activities before they escalate into a breach.
Forward-thinking leaders realize that an integrated cyber approach to protecting both operations and information technologies is essential for business success.
How to champion effective OT transformation within your organization
While the benefits of operational digital transformation can propel productivity, security and performance, adoption is not a given. Many industries face challenges in investing to upgrade their aging technology systems, and the perceived difficulty of transitioning can hinder real progress. With the right strategy, however, organizations can effect change. To do this, an essential first step must be the alignment of OT and IT leaders within the organization, as the push for transformation must originate from the top. Agreement on both the cost-benefit analysis and the transformation process is crucial for success. Starting this process may involve investing in training for current employees or hiring new talent to enhance workforce capabilities. Most importantly, organizations must assess their ability to scale: Do we have a cloud-based solution essential for integration or the internal expertise to manage the transition? If there is uncertainty regarding either aspect, it may be beneficial to engage an external provider to facilitate the technology transition and cultural change.
George Ifebuzo, Senior Manager, Technology Consulting, contributed to the writing of this article.
Summary
We’re entering a new era of enlightenment for operational technology, reminiscent of IT transformations a decade ago. It’s an era that transcends siloed approaches and demands true integration. Those organizations that can create connectivity between the data that governs sourcing, manufacturing and distribution, with systems that drive performance, safety and security, will be the ones able to adopt a faster pace of digital change. Those that hesitate to be early adopters of necessary transformative changes, or delay implementation, will soon find their competitors significantly ahead, equipped with the insights to identify opportunities and the integrated cybersecurity required to chase them.