HOMELAND SECURITY
Converging IT and OT Security: Learning lessons from the golf course If 21st century golf tournaments can get security convergence right, writes 2021 #1 IFSEC Global Influencer in Security Jennie Vickers, why is it that organisations’ Boards and C-Suites struggle to do so? One memorable weekend in the 80s I attended my first one-day county cricket match in Sussex, England. The cricket was a cover story for a pub crawl around Youngs’ Pubs to secure Young’s Passport Stamps (I am yearning for the days when this was the only passport that mattered to get you into a pub). We had two tickets to the cricket and there were four of us. I went in with my ticket and followed the lead to the back of the ground, where there was a cute
New Zealand golfer Ryan Fox recently won on the DP World Tour
38
garden gate. The rest of the group strolled in via the open gate. This was a typical scenario of 80s slack, almost non-existent perimeter security and no concerns about the security of the scoring data – the tin with the numbers was under the fierce eye of the octogenarian scorer. Fast forward to 2022 and the DP World Tour Abu Dhabi Golf Championship was underway. With 47 tournaments around the world, the DP Team CTO Michael Cole said: “[we are not] building small towns, we are building smart cities.” Regardless of your definition of a smart city, it is hard to disagree that this model of convergence between physical and IT security, is an emerging feature of our times. The topic of IT/OT security convergence is not new. Known potential threats to infrastructure climbed up risk registers decades ago. Even though it has been a topic of discussion – particularly in utilities – for years, IT/OT convergence continues to vex many businesses and many professional communities to this day. From one perspective, the decision way back to air gap OT systems and to keep them distanced from IT and its incessant growth and change, made perfect sense. However, it also meant a growing gap not just of air, but of everything. Risk appetites, capex, opex, staff, strategic prioritisation etc, etc. IndustrialCyber’s Essential Guide to IT/OT convergence says: “Just like in the famous relationship book by John Gray, Men Are from Mars, Women Are from Venus, the folks behind the IT and OT networks are extremely different with disparate perceptions, worldviews, and purpose.” Mars and Venus views are hard to converge. Digital Transformation and the speed of the arrival of IoT, has caused many organisations to recognise that the Venus and Mars teams need to work together. Not everyone has found this obvious imperative easy to implement. Line of Defence
