<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=314913&amp;fmt=gif">

Think Beyond OT Visibility…For Operations Sake!

Fritz Byam
May 15, 2023

Most organizations know that Operational Technology (OT) assets comprise a newly exposed attack surface that demands the same level of protection as IT assets. It's also broadly accepted logic to first establish "visibility" into those assets; that's good advice. Fewer people discuss what happens next and how it impacts the operational team.   

Thanks to the energy sector, we have excellent passive discovery tools for OT. These tools do a great job identifying what OT assets are connected to the network at multiple levels of the Purdue model; most also have other functionality related to OT security workloads. These tools are an absolute necessity and a beneficial element of the OT ecosystem; the data they discover is foundational to any OT program. In many cases, these discovery tools make getting the foundational data relatively easy; you can turn them on and reasonably quickly begin collecting data. Things are good so far. We have a list of connected OT assets, so you might say we have "visibility," but we still have work to do. 

What happens next is entirely independent on which tools or processes you use to manage your OT data. When you begin storing, validating, contextualizing, and adding necessary attestation to any new data set, new workloads will be required. A new set of business-as-usual workloads will be created, probably for operations. Suppose you accept this hypothesis and agree that this data is necessary to secure our plants. In that case, the best strategy is to clearly articulate what new work streams will be required, reduce the overall work by making things as easy/automated as possible, and then extract the maximum operational value from the new data. To me, this screams ServiceNow.

If we look beyond our initial visibility priority, we will see planned changes (patching or Vulnerability Response) for OT in the not-too-distant future. Consider that patching OT assets will be even more complex than the same activity for IT assets. OT assets are tightly integrated with many organizational functions, requiring close coordination. Consider supply chain partners, production planners, maintenance teams, safety inspectors, IT practitioners, and line operators as stakeholders conducting joint operations during the constrained period available to patch an OT asset. This is more like a mini-project than a planned change. Again, ServiceNow is the platform that can reduce the overall work and make this all manageable (not easy).   

I am not trying to paint a picture of doom for operations teams as they become more integral to cyber-security; it is the opposite. Having this data in ServiceNow cannot only solve the cyber security problem of today, but it can also provide a platform to enable benefits across the organization, especially for operations. Think about how this data can support even the most basic operationally connected workloads such as training, SOPs, changeover, and mean time to remediation (mttr) for non-security related downtime; there is a real return for operations.  

This is a complex story, and there might be some skeptics! This means that we have Organizational Change Management work to do. We can earn operations sponsorship if we show them that getting this OT data into ServiceNow creates several opportunities to advance the manufacturing priorities of safety, worker experience, quality, and productivity. It is an authentic story, and convincing operations will require transparency, discussion, and vision about what's ahead for a connected (and inherently vulnerable) manufacturing, distribution, or packaging operation. 

I would love to be a part of the discussion! - Fritz 

Schedule a Call Today

ITS Partners: The Leader in Managing and Securing Critical Assets and Critical Infrastructure With ServiceNow!

Subscribe by Email