Tech Deep Dive

ICS and IT: Integrating cyber and operational security

IT and OT: Security without blocking production

Industrial cyber security

1 August 2025

Table of contents

  • IT and OT: Two worlds colliding or converging?
  • The main risks of IT/OT convergence
  • IT and OT collaboration: A cultural shift
  • Hybrid network architectures and segmentation
  • Checklist for secure IT/OT convergence
  • Case study: Siemens and OT security in data centers

IT-OT convergence is one of the most sensitive and crucial issues in industrial cyber security.

Manufacturing, energy and logistics companies today find themselves having to seamlessly integrate two traditionally separate worlds: on the one hand, Information Technology (IT) , made up of computer systems , digital networks and data management; on the other, Operational Technology (OT), i.e. the set of physical devices, sensors, actuators and hardware and software that control industrial processes in real time.

IT and OT integration presents a tremendous opportunity to improve efficiency, automation, and real-time data . However, it also introduces new cyber threats and potential vulnerabilities that, if left untreated, can compromise the entire industrial control system.

In this article, we will explore how to facilitate collaboration between IT and OT, what the cyber security threats are in integrated environments, and propose a practical checklist to guide companies on this strategic path, without blocking production.

IT and OT: Two worlds colliding or converging?

The first step in integrating IT and OT systems is to understand the differences.

Information Technology is oriented towards the management of digital information , sensitive data and network security. The main priorities are confidentiality, integrity and availability of information.

In contrast, Operational Technology OT focuses on the reliability and continuity of physical operations. The goal is to avoid downtime and ensure the operation of industrial plants, assembly lines, refrigeration systems or energy distribution.

In the past, these two environments were isolated. But the spread of the Internet of Things and connected devices has made IT-OT convergence inevitable, with clear advantages in terms of efficiency, but also with new risks of cyber attacks.

The main risks of IT/OT convergence

Integrating IT and OT environments is not a risk-free process. Cyber security threats increase exponentially when the historically closed OT world is exposed to IT cyberspace.

Among the main risks:

  • Ransomware attacks that encrypt not only IT data but also OT systems, as happened in the case of Colonial Pipeline.
  • Compromised Remote Access
    Opening VPN tunnels to remotely manage facilities can be exploited by malicious actors.
  • Missing patches on obsolete OT components that cannot be easily updated.
  • Poor visibility into OT assets by IT teams: Up-to-date inventories of physical devices are often missing.

Example
The TRITON malware, which was able to disable the physical security systems of a refinery by exploiting a vulnerability in Schneider Triconex controllers. This demonstrates that cyber threats can directly compromise physical security.

IT and OT collaboration: A cultural shift

Effective integration requires collaboration between IT and OT, not only on a technical level, but above all on an organizational and cultural level.

IT and OT teams often speak different languages: IT specialists prioritize updates, network segmentation and authentication; OT operators, on the other hand, fear that any change could stop production.

To create a true collaboration between IT and OT, you need to:

  • Establish a common language based on risk.
  • Involving OT teams in cyber security projects from the beginning.
  • Define shared SLAs (Service Level Agreements) that ensure security without impacting productivity.
  • Introduce hybrid roles such as the OT Security Officer or the OT/ICS Cyber Security Architect.

Only a unified strategic vision can lead to effective convergence.

Hybrid network architectures

Hybrid network architectures and segmentation

One of the pillars of integrated IT and OT security is the design of segmented networks.

An effective model is the Purdue model , which divides the industrial network into hierarchical levels:

  • Level 0-1 : field, sensors and actuators
  • Level 2 : SCADA, HMI, controllers (PLC)
  • Level 3 : Production supervision and management systems (MES)
  • Level 4 : ERP and Enterprise IT Systems

The logical and physical separation of the levels allows to isolate the impacts of a possible attack. The connections between the levels must be controlled by firewalls, proxies and intrusion detection systems specific for ICS environments.

Checklist for secure IT/OT convergence

Here is a checklist of actions to take for a secure IT/OT convergence:

  • Map all OT devices connected to the network.
  • Segment the network based on Purdue levels.
  • Implement monitoring systems (SIEM or OT-aware solutions like Nozomi, Claroty).
  • Update OT devices in a production-ready manner.
  • Introduce strong authentication for OT access as well.
  • Establish backup and disaster recovery policies for OT as well.
  • Train OT staff on cyber risks.
  • Conduct penetration tests specific to ICS environments.
  • IT/OT incident response plan
  • Monitor critical OT events in real time.

Case study: Siemens and OT security in data centers

Siemens recently launched an initiative to integrate OT operations technology into its industrial data centers. The goal was to protect complex plants where business continuity is critical, such as turbines, transformers and production lines.

Among the measures adopted:

  • Introduction of a separate OT network with secure gateways.
  • Real-time monitoring via AI-based platforms.
  • Multi-factor authentication for OT technicians too.
  • Access policies based on the principle of “least privilege”.

The result was increased visibility, a drastic reduction in accidents and continuity of production even in the event of an attack.

In summary

The integration between IT and OT is no longer a choice, but a necessity. But it can and must happen in a safe, conscious and progressive way, avoiding the risk of compromising operational continuity. Collaboration between IT and OT is the heart of this transformation: it is not just about technologies, but about strategies, languages and corporate culture.

To protect industrial plants from cyber security threats, it is essential to take a holistic view, taking into account OT operational technology, IT information systems and their convergence within the digital factory.

Questions and answers

  1. What is IT/OT Convergence?
    It is the integration between information technology (IT) systems and industrial operating systems (OT) to optimize processes and safety.
  2. Why is integrating IT and OT risky?
    Because it increases the attack surface by exposing OT devices to typical IT threats.
  3. What are the main threats to OT security?
    Malware, ransomware, unauthorized access, unpatched vulnerabilities.
  4. How can I segment an OT network?
    Using the Purdue model, firewalls, proxies and specific monitoring systems.
  5. Do we really need a dedicated OT security figure?
    Yes, it is advisable to appoint an OT Security Officer to manage the interactions between security and production.
  6. What does IT-OT collaboration mean?
    Mutual involvement in projects, definition of common goals and cross-training.
  7. Are there standards for OT security?
    Yes, for example IEC 62443 is one of the main references.
  8. What is the role of IoT in IT/OT convergence?
    Connect OT devices to the Internet, increasing efficiency but also exposure to risks.
  9. Can I use a SIEM for OT environments?
    Better to use OT-aware platforms, capable of interpreting industrial protocols.
  10. How to balance security and production?
    Through planning, segmentation and constant dialogue between teams.
3
To top