Industrial Defender recently hired Pike Research to write a research report titled: Convergence in Automation: Systems Protection, Monitoring, Managing, and Securing Control Systems, and it’s available for free with registration on the ID site. There also is a webcast scheduled to discuss the report as you can see by the image in this post.
These sponsored reports have to be read with a bit of skepticism because they are often written with an agreed upon point of view going in, but that doesn’t mean they can’t be valuable as ARC Advisory Group, Gartner and others have proven.
This report promotes the benefits of having an integrated and automated system to manage, monitor and protect the ICS — which is inline with ID’s product and services strategy. The report is written for a management level reader, not a technical audience.
Section Four, three pages, is the highlight of the report and discusses the benefits of integrating security, compliance and operations management. It avoids duplication of effort and brings both the IT and Operations groups into the effort. A bit of motherhood and apple pie, but still a message that is not widely accepted.
I had some issues with the earlier sections promoting the value of integration and single solution purchases because they require less knowledge about how the system works. For example:
First, network topology often does not exist to define exactly what communications are in place. Second, the lack of an architecture may mean that many non-compatible solutions have been deployed. So, it may incorrect to assume that all the automation capabilities interface with each other and form a working whole, unless quite a bit of customization has occurred.
The ICS team needs to understand the inputs and outputs, protocols and other information flow information whether the system is bought as a complete system or integrated by the team. While the “don’t touch it because no one knows how it works” situation is common in Operations Technology (OT), it’s not something that should be accepted.