FEBRUAR 17 2025

8 MIN.

Risk management for OT networks: Getting IT/OT convergence right

If you attend a cybersecurity trade fair or event with a focus on industrial production, you’ll hear the same question again and again: How can we harmonize our IT and OT systems?

In the face of ever-increasing cyber crime threats, companies must raise awareness of cyber risks throughout their organization, and prioritize their elimination. Sufficient space should be created for the important exchange between IT and OT specialists in the company.

In this article, we want to examine the fundamental challenges that arise when integrating shop floor assets into the Information Security Management System (ISMS), and highlight strategies that organizations can put in place to overcome them.

The fundamental differences between OT and IT

1. Operational priorities

In the IT environment, the top priority is confidentiality and data integrity, while in OT networks, organizations are more concerned with availability and process stability. Production downtimes have a direct impact on the business, and cannot be compared with a quick system restart in IT.

2. Life cycle of the systems

Production systems are planned over decades due to the high acquisition costs. As a result, many systems that are still in use today have outdated hardware and software, and were never designed for networking. In contrast, IT systems have much shorter life cycles, and receive continuous manufacturer updates for their entire service life.

3. Network communication

Industrial systems often communicate using specialized network protocols and standards, for example, to enable real-time connections with the lowest possible latency. Due to the high workload and expense, these protocols are rarely updated during the runtime of the machines, making them incompatible with the IT networks. For example, many older OT systems still require the Server Message Block (SMB) protocol in the insecure version SMBv1, while most IT systems work with the updated SMBv3.

However, software tools such as the edge.SHIELDOR from TRIOVEGA can be used to enable monitoring of network traffic and bidirectional communication between the networks. This patented solution for OT security can, for example, convert files in the IT network in SMBv3 to the outdated SMBv1, and synchronize them with an OT network directory. The software also supports synchronization in the other direction. The files are continuously checked for malware signatures, and any threats are isolated, which enables communication with the system while reducing security risks.

Key elements of successful IT/OT convergence

1. Uniform risk management

Companies must take the unique features of both system landscapes into account when assessing corporate risks. Successful risk management combines the operational and security-related effects of all IT and OT components in a common strategy for the ISMS, and also includes communication across network boundaries

Existing ISMS guidelines should be expanded to include OT-specific aspects:

Special patch and update processes that take production times into account

Customized backup strategies for control systems

OT-specific incident response plans

Special access controls for maintenance personnel and external service providers

New cyber security regulations, such as the EU NIS 2 Directive, which affects most industrial companies, require the integration of OT systems into the cross-organizational security concept. If you include the above points in your ISMS, you will be well-prepared to meet the new legal requirements.

2. Training and raising awareness

This joint approach requires a mutual understanding of the specific challenges in the IT and OT departments within the company. In the past, OT and IT work was siloed. Nowadays, employees in production need to be sensitized to IT security risks, while IT staff need to understand the unique requirements of the production side of the business. It is essential that companies provide regular training and liaison opportunities between the two business areas.

3. Network segmentation and monitoring

Companies must preserve a strict separation between IT and OT networks to prevent malware from spreading through the entire organization. A traditional approach to network segmentation enables the necessary connection via open ports, but this provides a gateway for cyberattacks.

Software solutions such as edge.SHIELDOR can help. Using the air gap concept, we can achieve a complete separation between the networks. Data traffic between production facilities and company IT is selectively permitted via positive or negative filter rules. Intrusion detection and intrusion prevention systems identify and block unwanted communication attempts. The network ports can remain closed.

These basic strategies help companies efficiently manage the convergence of IT and OT. Naturally, each company has individual factors and issues that must be addressed carefully.

More questions? Book your consultation appointment

With these basic strategies, companies can efficiently shape the convergence of IT and OT. Of course, many aspects need to be considered in greater detail, depending on individual factors. Our experts will be happy to advise you online on our product portfolio.

Author: René Janz

René Janz is an industrial engineer with extensive knowledge of the shop floor. He has been with TRIOVEGA GmbH since 2023, and as Director Business Development, René is responsible for the strategic expansion of OT security and digitalization in the production industry.

Book your individual consultation here!