ITS Partners Insights

Move Integration and Optimization to the Front of Your OT Execution Plan For Better OT Cybersecurity Outcomes

Written by Fritz Byam | July 10, 2023

Changing how you think about the OT journey will help you start on the right foot.

A couple of years ago, Gartner put out a thoughtful piece on the journey that most organizations take when considering the management and security of their connected operational technology (OT) assets. 
 
The OT Journey defined by Gartner contains valuable thinking and has shaped my ideas regarding the maturity path for OT. I wish I had written it, and it is very relevant, even though I am about to challenge parts of the thinking or bend it in a direction the authors never intended. I hope they are the forgiving type. The goal is to get the OT ecosystem thinking differently about engaging operations, earning their sponsorship, and driving a broad range of value from OT management workload.

Gartner OT Journey Thinking


The general interpretation of this has been to deploy a Cyber-Physical Security (CPS) tool like Dragos, Nazomi, Claroty, or Armis, validate that your operational environment is not protected, firefight the big security problems, and then think about integration and optimization down the road.

It adds up; the board demands OT risk reduction, and security leadership prioritizes those outcomes. This will certainly improve your security position, but there will be unintended consequences if you wait until phases #5 and #6 to discuss integration and operational benefits. It also feels like we are putting operational concerns as an afterthought; that's not an excellent way to start an OT relationship. Don't be surprised if your plant manager does not get on board when they are informed that their priorities will not be addressed until some undefined time.
 
The source of operational leader’s skepticism is their knowledge that many organizations will never get around to these final phases of the program and that their team will be left holding the bag on an OT program that is not integrated, difficult to manage, and is not designed to support any operational priorities beyond cyber security. If this is the case, the quality of the OT data collected will degrade rapidly as operational sponsorship fades. You will never get operational benefits, and more importantly, you will struggle to maintain the prioritized cybersecurity improvements. My hypothesis is that operational sponsorship equals trusted OT data, and trusted OT data is a prerequisite for an effective cybersecurity program. 
 
Even if this worst-case scenario does not play out, if you are not thinking about integration right up front, how can you design an effective program that minimizes the technical debt of managing OT and maximizes the value of OT data? There is no good reason to wait until phases 5 or 6 to define and plan for your OT program's integration and operational benefit phases; they must be part of the OT discussion and planning from day one. In a previous blog, I outlined the case for putting ServiceNow at the Center of Your OT Strategy.

BLOG: Driving ServiceNow to the Center of Your Operational Technology Strategy 


Pointing out the problem is always the easy job; let's talk about how you can reorganize the components of the Gartner journey to more effectively and sustainably execute on OT. I believe it is better to include elements of all six of the Gartner elements (Awareness, Outreach, Oh Wow, Firefighting, Integration, & Optimization) in each step of your OT journey, starting with the first one!

Here is a different way to look at the challenge of executing on OT management:


This model will start you off on the right foot, engaging operations to think through operational priorities at each step of the OT journey. Involving operations in the Vision and Strategy phases is likely the best opportunity for authentic change management; leaving them out of these early stages will make OT management more difficult. When you are ready to test your strategy via a pilot, you will need operational support. The Pilot is a critical step. Remember, if you earn operational sponsorship, you are more likely to sustain trusted data and succeed at reducing the OT cybersecurity risk that set all of this into motion.

If you want to explore other success factors for your OT program or pilot, check out our Customer OT & Insights Session! Reach out to start a conversation today.

ITS Partners: The Leader in Managing and Securing Critical Assets and Critical Infrastructure With ServiceNow!