A Definitive Guide to OT-IoT Modernization
Srinivas Kumar

A Definitive Guide to OT-IoT Modernization

Band-aids may serve as a dressing on open wounds but do not heal infections. Don't band-aid your network to cover fissures on your device, instead of providing treatment to the device. Whether you are a CISO, CTO or product security architect, the difficult decisions you must make, to deal effectively in the long term with sophisticated cyber risks from supply chain compromise to ransomware, require strategy. Resist the temptation to settle for a solution based on popular brand names, a vendor’s annual revenues, or the vendor’s stock price after a high-profile breach. In the long term, untreated fissures will break open.

Simply stated, information technology (IT) is a mesh and operational technology (OT) is a maze. The collaborative and innovative nature of digital transformation for IT/OT convergence requires holistic solution engineering. The strategic initiative to fighting and winning cyber warfare is not a last mile detection or prevention outpost, but a deeply rooted supply chain protection platform. The four fundamental factors to evaluate a protection platform are: technology, workflow, total cost of ownership, and operational efficiency.

The technology from a cybersecurity perspective may be partitioned based on the underlying methods into detection, prevention, and protection. How does the technology combat emerging and evolving attacks? Is the technology scalable to thousands, perhaps millions, of geographically dispersed devices? Does it provide agility to incrementally fine tune protective controls without service disruption? Is the solution ubiquitous across a plurality of device types? Does it help achieve a high bar on compliance objectives? Is it extensible across device platforms? Is the technology providing adequate immunity and plugging gaps in incumbent solutions, for protection against the sophisticated tools and methods in the arsenal of cyber criminals? 

The workflow must dovetail into established corporate policies and processes, and procedures that administrators, operators, and users observe (or are accustomed to with awareness training). It must offer a unified approach for IT and OT operators to optimize administration with zero or one touch provisioning, authenticated self-service capabilities, and scripted automation. 

The total cost of ownership (TCO) must identify any implicit capital and operational expenses from infrastructure build-out, to additive cost of components, hands-on training and incremental resources required with OT subject matter expertise. Can the per device incremental cost of protection be amortized over the serviceable lifetime of the device? Do the gains in operational efficiencies significantly reduce operational expenses in the long term for the modernization program or project under consideration?

It takes a multiverse (multiple universes) to achieve digital transformation. The operational efficiency metric must address the cycle of deployment, configuration, maintenance, and support tiers – from the primary solution provider to the ecosystem of partners, collaborative services, and supply chain. Digital transformation embodies the prospect for optimization and automation of operations for scalability and sustainability.

Protecting OT and IoT devices will require a higher degree of cadence than traditional IT service cycles, from reactive patch management and security countermeasures on IT managed assets based on published CVEs and threat intelligence, to on-device risk monitoring and remote remediation actions to alleviate service outages.


To view or add a comment, sign in

More articles by Srinivas Kumar

  • The AI Act and Implications for IoT/IIoT Initiatives

    The AI Act and Implications for IoT/IIoT Initiatives

    The Artificial Intelligence (AI) Act, approved by European Union member states, lawmakers, and the European Commission,…

  • The IT-OT Dichotomy and Passage to Digitalization

    The IT-OT Dichotomy and Passage to Digitalization

    The difference between information technology (IT) and operational technology (OT) must be viewed from the perspective…

  • The Sherpa Guide to Keys and Certificates

    The Sherpa Guide to Keys and Certificates

    When it comes to salesmanship, the quintessential difference between computer salesmen and car salesmen is that the car…

  • Cyber Proofing Devices and Data

    Cyber Proofing Devices and Data

    Over the past decades it became evident that compromise of user and service accounts could play a major factor in high…

  • Innovation Requires Walking on a Tightrope

    Innovation Requires Walking on a Tightrope

    Launching a new technology startup, with just a novel idea and passion to build no-nonsense solutions for problems you…

    1 Comment
  • Cyber Attacks on Devices in the AI-ML Era

    Cyber Attacks on Devices in the AI-ML Era

    Any offensive advance in a conventional war requires taking down ground defenses with air power before launching a…

    2 Comments
  • Cyber Safety in the Era of Quantum Computing and AI

    Cyber Safety in the Era of Quantum Computing and AI

    As Sophocles, the ancient Greek tragedian, stated over 2400 years ago, “Nothing vast enters the life of mortals without…

    1 Comment
  • The Moral Imperative of Artificial Intelligence

    The Moral Imperative of Artificial Intelligence

    Historically, human society has evolved by turning the wheels, and adding the axles, before tightening the grip on the…

    1 Comment
  • Miles Per Cyberattack

    Miles Per Cyberattack

    If cybersecurity was an automobile, a key performance indicator would be “miles per cyberattack”, with infinite as the…

  • Rationalizing Trust in Cyberspace

    Rationalizing Trust in Cyberspace

    “All our knowledge begins with the senses, proceeds then to the understanding, and ends with reason. There is nothing…

Insights from the community

Others also viewed

Explore topics