Q&A

Has cybersecurity increased in priority in system integration (SI) projects?

Dan: We are seeing a larger IT influence on projects regarding cybersecurity, so things like control system access, role-based security, and industrial control system (ICS) asset identification are becoming more prevalent in operational technology (OT)-centric projects.

What are some of the biggest cybersecurity obstacles in SI projects?

Dan: Unfortunately, we still run into many industrial control systems with limited or no restrictive security access and authorization. At the same time, cyber- and data-security departments are trying to pursue zero-trust security frameworks. This issue is compounded by the information technology (IT) team’s un-familiarity of the OT side of the house, so the overarching issue is alignment between these groups.

How do you help turn that challenge into a strength?

Dan: We have had high success with IT/OT convergence by involving the right people from the customer and within our organization from the start. If a security conversation is not already happening, we broker a meeting with the customer’s IT and cybersecurity groups and gain credibility by having our industrial network and security engineers present, to speak their language. Building trust with the enterprise IT and security departments is paramount to helping the customer achieve cybersecurity goals.

Has the COVID-19 pandemic changed the approach to cybersecurity?

Dan: Secure remote access to industrial control systems received a lot of attention from IT and security departments during the pandemic. This has been for the better because IT personnel have gotten to see some security struggles OT has had for years. IT can only help if they understand the unique requirements of ICS equipment and applications.

What has Malisko learned from the increased focus on cybersecurity?

Dan: Accurate asset inventory and a means to monitor network traffic in ICS environments are starting to become a requirement of many IT departments, and these directives are, many times, from the chief information security officer (CISO) or CEO. Increased media visibility on cyber-attacks in manufacturing has many stakeholders realizing they are, in many cases, years behind where they need to be with ICS security.

What other advice would you give about cybersecurity in system integration?

Dan: e a champion for IT/OT conver-gence and help spread the message to the
OT side of the house that IT folks can help. Embrace building relationships with the IT and security personas on the enterprise side to build trust. They will help you achieve best-in-class cybersecurity practices in the ICS environment, if you let them.