RSA 2019: How IoT security is changing the ways IT and OT work together

Infosec is quickly becoming where the two have an opportunity to finally join forces or risk leaving vulnerabilities wide open.
By Tom Sullivan
09:49 AM

Oscar Miranda and Ellen Sundra speaking at RSA 2019 in San Francisco.

SAN FRANCISCO — With Gartner predicting some 20 billion IoT devices that will be connected by 2020, healthcare organizations are in for significant operational challenges, and it’s not just the IT department anymore.

“The world is going to change and it’s going to make our lives very, very different,” said Matt Watchinski, VP of Cisco Talos, here at RSA 2019. “In the future, IoT, OT and IT will all be connected.”

That’s not typically the case today, added Liz Centoni, SVP and GM of Cisco IoT.

“The reality is that IT and OT don’t really talk to each other,” Centoni said. “Who makes a decision in the IoT world?”

While that answer will depend on the organization and particular IoT devices, it highlights a disconnect that Watchinski and Centoni said smart organizations will work to address moving forward because, among other reasons, of the ever expanding and increasingly more sophisticated cybersecurity threat landscape.

Consider, for instance, the case of popular fitness trackers and so many other personal devices that employees are using on their own.

“It becomes a threat when I take my wearable associated over Bluetooth to my corporate-connected phone,” said Oscar Miranda, director of enterprise information security at MUFG Americas. Miranda also previously served as head of IoT orchestration at Kaiser Permanente. “That’s when you should really worry about it.”

Cybersecurity advice about IoT devices

Miranda explained that any notion of a security shop coming in and dictating how the business should be run is a mistake and, instead, the teams should partner and connect.

“The reality is that I’m not a businessman, so I always have to ask the most basic questions: why attach this to your network? What is the goal? Is there a business reason? Why?” Miranda said. “Once I understand that, I can help identify the risk associated with it.”

From there, Miranda recommended homing in on visibility of IoT inventory.

“IT, OT, and IoT, if you look at best practices — SANS, NIST frameworks — step 1 is always hardware asset management,” added Ellen Sundra, VP of sales engineering, Forescout.

Sundra and Miranda agreed that visibility is everything with IoT.

“I’m not a ghost hunter. I can’t protect what I can’t see. I need a dashboard to give me my bearings,” Miranda added.

Infosec is the intersection point

With the wild proliferation of IoT devices, some of which manually connect to your network, it will be more imperative than ever for IT and OT to align in support of the broader mission.   

Indeed, that will mean breaking down silos between the two, which have historically differed in terms of what IT believes is important to protect against, notably data loss, breaches and network break-ins, and what OT prioritizes, as in production line uptime even during outages or failures,

“Security is the reason IT and OT are forced to work together,” Cisco’s Centoni said. “Security is a superset of what IT believes is important to secure and what matters to OT.”

Twitter: @SullyHIT
Email the writer: tom.sullivan@himssmedia.com

Healthcare IT News is a HIMSS Media publication. 

RSA 2019

Hottest news and views from the premier cybersecurity conference. See our full coverage right here.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.