OT market poses challenges and rewards

This year has seen momentum around the operational technology (OT) market as an increasing number of channel players, particularly those operating in the security space, pitch solutions to customers keen to reduce their risk exposure.

The growth of interest in operational technology environments has been fuelled by customer moves to digitally transform their environments and link systems – both IT and OT – across their networks.

“OT networks are often expansive, having grown organically over time through incremental changes and without comprehensive records of the devices and technologies of which they’re composed. This limited visibility leads to incomplete knowledge of the attack surface, resulting in potentially unknown vulnerabilities,” said Ric Derbyshire, principal security researcher at Orange Cyberdefense.

Richard Oliver, director of strategy at Conscia UK, said there are challenges that need to be understood by channel players looking to get involved with OT.

“The main challenges are outdated and disconnected systems, old or proprietary protocols, and growing cyber security risks as OT and IT come together. Many customers struggle to connect these systems securely. Creating consistent and secure data flows is key to turning information into insights that drive better outcomes across the business,” he said.

Chris Dyke, sales director UK and Ireland at Allied Telesis, said OT technology was often not designed to work in harmony with other IT systems.

“The main challenges are that many of the systems were never designed to communicate outside of a very defined environment. As such, they have often been designed with very limited support for protocols that the IT world would recognise. These environments are often closed, so the equipment they contain is likely designed to talk only to other devices of the same type, or a controller which may manage these devices,” he said.

It is also worth recognising that securing OT systems is still a process in its infancy for most customers. Patrick Scholl, head of OT at Infinigate Group, cautions against going in with an IT mindset.

“OT security is still in its early stage, although it is now held to the same regulatory standards as IT security, creating a unique set of challenges. Organisations are now under pressure to catch up quickly and meet compliance requirements, often without the right expertise for assessments, concepts or implementation in place,” he said.

“While there is some overlap with IT security, the technologies, processes and priorities in OT security are very different. The assumption that IT skills can be applied directly to OT is misguided, as OT requires its own specialist knowledge and approach,” Scholl added.

Despite these issues, there are clear attractions to being able to tap into an area that requires IT expertise.

James Neilson, senior vice-president international at Opswat, said the channel needs to recognise the distinct requirements of OT customers, with rewards on offer for those capable of developing skills in the area.

“In the past, we’ve seen organisations directly apply IT controls to OT environments, which presents a false sense of security and causes disruptive false positives. However, customers are now looking for security solutions and controls tailored to ICS/OT systems to ensure effective risk management,” he said.

“The convergence of IT and OT has exposed an expertise gap that the channel can fill. As security teams face systems beyond their experience, customers are turning to partners with deep IT and OT knowledge who understand how IT threats affect critical operations,” he added.

“As OT and IT systems converge, there’s a growing opportunity for those who can manage data flows. Organisations now recognise the need to detect and neutralise hidden threats before they reach critical OT environments, driving demand for solutions that secure data in transit,” he said.