Bridging the IT/OT gap for cyber resilience in critical infrastructure

For networking operators in factories, utilities, and government agencies, the convergence of Information Technology (IT) and Operational Technology (OT) is no longer a theoretical concept—it’s reality, and fraught with increasing cybersecurity risks that exploit the gap in between, exposing critical infrastructure to sophisticated threats. Understanding and actively bridging this divide is paramount to maintaining operational resilience and security.

Distinct worlds connecting

Traditionally, IT and OT are separate domains. IT cybersecurity prioritizes data confidentiality and integrity, with frequent patches and system upgrades. OT focuses on availability and uptime. Interruptions for patching are uncommon in OT, sometimes even intolerable. Even in less-critical industries such as manufacturing, downtime can cost up to hundreds of thousands per hour.

With IT/OT convergence, OT operators now worry about ransomware, miscellaneous malware, and cloud vulnerabilities. A recent example is the INC Ransom ransomware group’s attack on the OnSolve CodeRED platform, which disrupted local emergency alert systems across the U.S. Such attacks underscore how disruptions to even seemingly “IT-managed” services can impact critical operations and public trust. And if the attack reaches OT systems directly, not only is OT more vulnerable, but its stakes are also higher, concerning physical injury, nationwide disruptions, or damage to the environment.

On the other hand, physical attacks to OT are still widespread, if not increasing. Physical and cyberattacks are not that distinct either. In many cases, cyberattacks can involve physical access to sites, whether by malicious insiders or unwitting employees and contractors. The bottom line: Security is security. No component is safe by itself, and no single security measure works for all.

The way ahead, together

Many critical infrastructure organizations are subject to stringent regulations designed to protect essential services. But due to lack of resources, incompatible legacy systems, or simply failure to translate IT-centric compliance requirements into OT-acceptable security practices, a high percentage of cybersecurity frameworks are not followed closely.

Networking operators are at the forefront of this challenge and hold a key role in fostering secure integration. Here’s how:

1. Know the risks: It’s hard to fight what you don’t recognize. And with cyberattacks, the evolution never ends. IT network operators should gain exposure to OT protocols (e.g., Modbus, DNP3), while OT personnel can benefit from understanding IT security best practices. IT and OT teams need to understand each other’s priorities, share threat intelligence, discuss operational constraints, and collectively plan security initiatives. Regular, structured meetings foster mutual understanding and build trust.
2. Shared visibility and tailored tools: Look for security solutions that provide unified visibility across both IT and OT networks but are specifically designed for the nuances of industrial protocols and devices. For example, BlackBear NIMBL is a versatile and customizable network management tool that understands industrial protocols and OT-specific anomalies. Using different accounts in the same system, operators configure devices on site or remotely, while managers can monitor system health and receive anomaly alerts.
3. Prioritize defense-in-depth for OT: Focus on robust segmentation strategies and layered controls like endpoint protection, access management, and physical security. Unidirectional gateways such as BlackBear’s BIG9000 enforce one-way communication for critical data flows. In practice, it prevents lateral movement of threats coming from externally connected IT but allows IT to access protected OT data, creating a secure bridge between OT and IT.
4. Secure every node: A system is only as strong as its weakest link. Minimize attack surface by granting access strictly on a need-to-know basis, with role- based and least-privilege controls applied. Encrypt all communications to prevent eavesdropping or manipulation, particularly traffic crossing IT and OT network boundaries.

By proactively fostering collaboration, networking operators can recognize and address the distinct needs of each domain, giving integrated systems the resilience to withstand today’s complex cyber risks.