Bridging the divide: Unifying IT and OT in U.S. manufacturing

What you’ll learn:

The U.S. has the highest concentration of OT-targeted cyberattacks anywhere in the world, accounting for a staggering 49% of all such incidents.
50% of companies identify differing priorities between IT and OT as the primary roadblock to collaboration.
IT and OT teams may speak a technical language unique to them, often leading to misunderstandings.

U.S. manufacturing stands as a cornerstone of the American economy, yet it faces a critical internal challenge: the persistent friction between operational technology and information technology. This divide, characterized by differing priorities, technical languages, and even corporate structures, hinders progress and exposes organizations to significant risks.

While IT often pushes for modernization and innovation, OT teams, responsible for the smooth operation of production lines, often resist change for fear of any disruption. Their reliance on legacy systems, while seemingly safe, has inadvertently created a breeding ground for escalating costs and, most alarmingly, cyberattacks.

Webinar rewind: Getting the ‘Ts’ to get along

The urgency of this issue is underscored by a recent Orange Cyberdefense report, revealing that the U.S. experiences the highest concentration of OT-targeted attacks globally, accounting for a staggering 49% of all such incidents.

Even more concerning, half of these attacks aim to seize physical control of industrial equipment, posing a direct threat to safety and operations. This vulnerability is further exacerbated by the findings of Smart Industry’s own 2024 State of the Initiative Report, which highlights that 50% of surveyed companies identified differing priorities between IT and OT as the primary roadblock to collaboration—a figure that has worsened since 2023. This disconnect is not merely a technical challenge; it’s a cultural one that demands immediate attention.

The roots of the divide

Several factors contribute to the IT/OT divide. OT professionals, steeped in the practicalities of production, often view IT initiatives as theoretical and disruptive. Their focus is on maintaining uptime and meeting production targets, and any change, even a beneficial one, is perceived as a potential risk.

This perspective is understandable, given the potential consequences of a production line halt. They also fear that an embrace of IT will present new vulnerabilities. As OT systems become more interconnected, there are more ways for cybercriminals to get in or attack them. On the flip side, sticking to outdated legacy systems lacking modern security features also paves the way for cyberattacks. It’s a Catch-22.

What is your company doing about cybersecurity?

Communication barriers exacerbate the problem. Companies in highly vertical markets likely will be more aligned, but the IT and OT teams in others may speak a technical language unique to them, often leading to misunderstandings.

Even when the intention is good, the inability to effectively communicate needs and concerns can derail even the most well-intentioned projects. Adding to this complexity, different corporate structures, where IT and OT report to separate chains of command, can create silos and hinder collaboration.

The physical separation of teams, with IT often located offsite or outsourced, further complicates matters, making it difficult to foster a sense of shared purpose and understanding.

The security imperative

The consequences of this divide extend across an organization, but the most pressing concern is undoubtedly security. As industrial systems become more interconnected, the potential points of vulnerability multiply.

Podcast: Easier-to-accomplish automation projects that bring real ROI

Older systems, often lacking fundamental security measures, become prime targets for malicious actors. The possibility of an attack targeting and manipulating equipment presents a serious threat to operations, potentially leading to disruptions in production, compromised product quality, damage to machinery, and even risks to personnel safety.

The lack of proactive security measures stems directly from the IT/OT divide, as effective security strategies require close collaboration and a unified approach.

Bridging the gap: A path forward

Overcoming this divide requires a multifaceted approach that addresses both the technical and cultural challenges. Here are some tips that can help:

Education is paramount. Encouraging collaboration and teamwork will enable a deeper understanding of factory-level challenges and needs. Creating opportunities for IT and OT teams to learn each other's languages, understand each other's priorities, and appreciate the interconnectedness of their roles is crucial.

OT cybersecurity challenges: Q&A with Rob Larsen

Cross-training programs, workshops, and site visits can foster empathy and build a shared understanding of the challenges and opportunities. Establishing communities of practice, where IT and OT professionals can share best practices and learn from each other's experiences, can further strengthen collaboration.

Leadership buy-in is equally essential. Executives must champion the importance of IT/OT convergence and provide the resources necessary for training, technology upgrades, and process improvements. Clear communication from leadership about shared goals and the benefits of collaboration can help break down silos and foster a culture of teamwork.

This message must be tailored to resonate with both IT and OT, emphasizing the value proposition for each group. It’s crucial for a Chief Information Security Officer to play this role of mediator, as this position holds the influence with all parties to ensure a shared sense of purpose.

Implementing a robust cybersecurity framework is not negotiable. This framework should be tailored to the specific needs of the organization, considering the unique risks and vulnerabilities of the manufacturing environment.

The cost of downtime: Manufacturing's worst nightmare and how to solve it

A risk-based approach, prioritizing the most critical systems and processes, is essential for maximizing impact and minimizing disruption. This requires close collaboration between IT, OT and cybersecurity teams, leveraging the expertise of each to develop and implement effective security measures.

A phased approach to modernization is crucial. A wholesale rip-and-replace of legacy systems can be disruptive and costly. Instead, organizations should prioritize upgrades based on risk and business value.

This allows for a more manageable transition, minimizing disruption to operations while steadily improving security and efficiency. This phased approach also allows for continuous improvements and adaptation, ensuring that new technologies are integrated effectively and securely.

The IT/OT divide in U.S. manufacturing is a significant challenge, but it is not insurmountable. It’s less about deploying the right technology and more about creating a human-centric culture.

By prioritizing education, fostering leadership buy-in, implementing robust security frameworks, and adopting a phased approach to modernization, organizations can bridge the gap and create a more secure and productive future.

The convergence of IT and OT is not merely a technical imperative; it is a strategic necessity for ensuring the long-term competitiveness and resilience of the U.S. manufacturing sector. Smart industries have the potential to transform business and society. The time to act is now.