Closing the IT/OT Gap: Cybersecurity Tips for Plant Teams

Closing the IT/OT Gap: Cybersecurity Tips for Plant Teams

Operational convergence is growing ever-popular in a landscape where companies are striving for peak efficiency, performance, and cost-effectiveness. In fact, McKinsey & Company suggests that a successful convergence of IT and OT could bring firms hundreds of millions of dollars.

However, converging IT and OT carries several operational and cybersecurity risks that require strategic planning. Without careful risk assessments, convergence efforts could end in data loss, reputational damage, and revenue downturn.

Understanding the IT/OT Divide

IT (Information Technology) and OT (Operational Technology) have long occupied separate stacks inside shared operations:

  • IT focuses on operations such as data handling, management, and storage, networking, cloud platforms, and digital security.
  • OT focuses on operations such as real-time machinery monitoring and control, infrastructure safety, and purpose-built industrial stack design.

Divisions of IT and OT may have occurred naturally over time – for example, through the two groups simply being used to working in separate areas of a business. 

Typically, OT teams will rely on legacy systems and be extra cautious about downtime risks – whereas IT teams are used to working in fast-paced environments with the latest tools, and facing potential downtime regularly. This difference in mindset and process may have continued to keep things divided.

There are also some arguments for keeping IT and OT separate. John Attala for Optigo Networks states that isolating OT helps to boost cybersecurity to an extent, such as through firewalling singular connections between networks. He also argues that, due to the unpredictability of IT communications, sharing a silo could result in OT operations suffering during peak usage times.

However, arguments against the IT/OT divide – claiming that converging is better for security, uptime, and efficiency – are growing in number.

Why Closing the Gap Is Critical for Plant Security and Uptime

Although OT teams are often reliant on legacy systems and processes, this reliance runs against their need to protect uptime at all costs. As a result, bad actors using threats such as ransomware are seeking out siloed OT teams that not only use outdated technologies, but that are also vulnerable to downtime.

According to Honeywell, attacks on industrial plant operators have exploded by 46% in just one quarter – leading to downtime spiking millions of dollars in revenue loss. Therefore, those arguing in favour of IT/OT convergence see it as an essential step towards fortifying both ends of a plant operation.

Alongside running regular security checks, such as detailed penetration testing to uncover internal weaknesses, closing the IT/OT gap can help once-separated teams and systems to finally work together to fight shared threats. Specifically, unifying IT and OT can help to protect the latter’s uptime rather than leave it at the mercy of hackers.

Converging IT and OT can lead to:

  • More efficient processes
  • Enhanced real-time data and hardware tracking
  • Sharing of best practices (particularly to strengthen OT)
  • Easier security management and patch rollout
  • Lower upkeep costs (through the streamlining of legacy systems)

Common Cybersecurity Risks in Converged Environments

While IT/OT convergence can bolster security and reduce downtime risks, there are still some cybersecurity risk vectors worth considering in blended environments, such as:

  • Continued reliance on legacy systems (which may be weak to cyberattacks and even used to share malware)
  • Industrial control downtime due to delays in data flow
  • Broader attack surfaces (due to blending hardware together, including obsolete technology)
  • Confusion regarding which cybersecurity frameworks to follow (IT and OT may use different templates)
  • Human error, lack of training, and resistance to support convergence 
  • Missed software patching or security processes, through negligence or malice

Sadly, these issues can arise even with the best of intentions to avoid them – meaning careful collaboration at the start of convergence is a must.

Practical Cybersecurity Measures to Bridge IT and OT

While converging IT and OT can be extremely complex and will take time to complete, there are some common and practical cybersecurity measures worth following regardless of the setup:

  • Go zero-trust: Regardless of legacy systems and processes, avoid granting control access unless stringent requirements (such as multi-factor authentication) are met.
  • Monitor all devices: Continuous device management ensures the user can spot and stop suspicious activity on sight.
  • Simulate potential breaches: Run penetration testing and controlled hacks to spot weaknesses and learn which areas need the most support.
  • Regularly update software and hardware: Work to a strict schedule to update systems that are in regular use, particularly focusing on legacy hardware due to fall obsolete.
  • Remove obsolete systems: The more systems in play, the broader the attack surface. Remove systems that no longer serve a purpose or that can be consolidated into modern processes.
  • Avoid implementing new Internet of Things (IoT) devices for the sake of doing so: Again, more technology means broader attack surfaces, and adding new systems may confuse and overcomplicate the convergence process.

Building Cross-Functional Collaboration Between Teams

Ultimately, a secure IT/OT operation collaborates and communicates with clarity. A big part of bringing IT and OT together is ensuring stakeholders and operators all receive the same training, understand the same incident response procedures, and know who is responsible for which areas of the network.

This can mean redesigning the wheel to an extent. However, rather than allowing IT and OT to keep running on their own processes, it’s more efficient and more secure to create a new roadmap and retrain all staff to work towards a shared goal.

Cross-functional collaboration means impressing that no one wants downtime – and that the most secure operation is transparent and open to innovating against threats.

Embedding Cybersecurity in the Plant Culture

Cybersecurity is no longer optional for plant operations. Reports show that a staggering 92% of industrial sites are at risk from cybercrime, with losses likely to reach around $1.5 million per incident.

Therefore, now is the time to focus on weaving in cybersecurity into plant culture – and that might look different from company to company. 

However, key steps include establishing security training and refreshers as part of employee management, updating legacy systems to incorporate modern access control standards, and ensuring personnel understand the true risks of ignoring security best practices.

Converging IT and OT isn’t just about speeding up processes or boosting productivity. It’s also about bringing separated teams together to fight against increasingly worrying threats – and while it can be a complex process, the benefits are far-reaching.

Author Bio:
Thomas Patterson

Thomas Patterson

Vice President of Product Management: Platform, Mobile, Risk, and AI at VikingCloud

Thomas Patterson is a highly experienced and passionate product leader in the cybersecurity and technology industry. With a strong background in product management, security, and data privacy, he has a proven track record of driving innovation, growth, and successful product launches. Currently serving as the Vice President of Product Management: Platform, Mobile, and AI at VikingCloud.

Thomas is responsible for overseeing the VikingCloud Platforms, Mobile Applications, and Artificial Intelligence. He is skilled in building core services, shared infrastructure, and centralized experiences for a seamless platform experience.

Publish Your Article

Quick Links

IconOur Services IconMedia Pack Download IconNewsletters IconIndustrial Events
Ortac O'Brien Energy M.B. Automation Schweiger Group Wire Tube China 2026

Related Articles