In cybersecurity, the divide between IT (Information Technology) and OT (Operational Technology) remains a problem that practitioners, vendors, and consultants must navigate daily. The differences between these two mindsets — one rooted in the world of delivering data and maintaining software, the other firmly planted in the realm of continuous uptime of industrial systems — can lead to conflicting priorities and misunderstandings. Even as the industry strives to align these domains, this divergence is still evident, as I was reminded just this week.
During my usual morning LinkedIn browsing, I stumbled upon a post featuring the “Top 50 People in ICS/OT Cyber Security You Need to Follow”. At first glance, I panicked. My immediate assumption was that the list featured individuals responsible for securing operational environments — the unsung heroes safeguarding critical infrastructure around the globe.
A closer look revealed that it wasn’t a list of functioning OT practitioners, but vendors, consultants, and advisors focused on OT-related training, advisement, and issues. After thanking the foresight of the original poster, the comments section revealed an interesting perspective. A fellow commenter with an IT and OT background pointed out the glaring absence of individuals who work within critical infrastructure environments. This observation struck a chord with me and highlights one of the most fundamental issues in the IT-OT landscape: representation, understanding, and perspective.
For those who operate in IT, the world is often one of rapid iteration, software updates, and a focus on data confidentiality. Meanwhile, OT professionals prioritize uptime, safety, and maintaining control over systems that often run on legacy hardware and software. These differing priorities create a natural unease that can be exacerbated when an IT peer advises without direct experience in the OT environment.
The cybersecurity challenges facing critical infrastructure today are immense. From ransomware attacks targeting utilities to state-sponsored threats aiming to disrupt national supply chains, OT environments are at the front lines of global cybersecurity battles. These threats to our nation make the collaboration between IT and OT professionals more important than ever. It also underscores the need for a more inclusive approach that values not just the strategic input of consultants but also the on-the-ground expertise of those living and breathing the OT world.
To bridge the gap between IT and OT effectively, cross-training programs should be a priority for organizations managing critical infrastructure. By training IT professionals with a deeper understanding of OT systems, such as uptime and regulatory requirements, jump-boxes, air-gap systems, real-time operations, safety protocols, and providing OT specialists with foundational IT knowledge around cybersecurity and data management, both sides can develop a mutual appreciation of each other’s challenges. This combined approach fosters stronger communication and enables IT and OT teams to come together to brainstorm innovative solutions for simplifying the complex cybersecurity challenges that span both environments. Cross-training builds the shared expertise necessary to combat modern threats and protect critical systems effectively.
As we continue to navigate the complexities of securing critical infrastructure, the industry must ensure that all voices, whether from an IT or OT practitioner, vendor or the consulting space are heard and valued. Cross-training programs should play a central role in this effort, equipping IT and OT teams with shared knowledge to bridge their differing priorities and perspectives. This combined training not only builds mutual understanding but also enables teams to come together and brainstorm ways to simplify cybersecurity challenges across both environments. Progress will only come when we embrace diverse perspectives, foster collaboration, and cultivate the expertise needed to tackle the exclusive challenges of this growing threat landscape.
Image credit: SergeyNivens/depositphotos.com
Heather Case-Hall is a senior security solutions architect at Myriad360, a global systems integrator specializing in data center modernization, cloud, cybersecurity, and artificial intelligence solutions. Follow Heather on LinkedIn.
