Why do NIS2 compliance and IT-OT convergence go hand in hand?

‍

What is NIS2?

From summer 2024, the NIS2 (Network and Information Security) standard will come into force, bringing significant changes to strengthen the protection of critical infrastructures. As a reminder, the latter adds its own set of constraints and sanctions for manufacturers:

• Compliance obligation: Companies will have to comply with the security measures set out in the NIS2 standard. They will have to set up incident detection and response systems, manage vulnerabilities and protect sensitive data.
• Responsibility of subcontractors: Greater vigilance will be exercised over subcontractors in terms of cybersecurity. They will have to comply with the strict requirements of the NIS2 standard, ensuring a consistent level of security throughout the supply chain.
• Financial penalties for non-compliance - (approx. 2-4% of sales): Companies that fail to comply with the NIS2 standard will be subject to sanctions, including financial fines. It is essential to take proactive measures to ensure compliance and avoid such consequences.
• Holistic approach to cybersecurity 𝗜𝗧 𝗲𝘁 𝗢𝗧: companies will need to adopt measures to prevent, detect, react to and recover from cyber incidents on the IT and OT perimeters.

‍
It's time to start thinking about your OT/IT convergence strategy!

‍

Why work towards OT/IT convergence?

Today, the need for real-time production data (OT) is becoming ever more pressing for operational staff. It's only natural, as this data serves the 𝗼𝗯𝗷𝗲𝗰𝘁𝗶𝗳𝘀 of 𝗽𝗿𝗼𝗱𝘂𝗰𝘁𝗶𝗼𝗻, 𝗾𝘂𝗮𝗹𝗶𝘁𝗲́, 𝗺𝗮𝗶𝗻𝘁𝗲𝗻𝗮𝗻𝗰𝗲 or even 𝗲́𝗰𝗼-𝗲𝗳𝗳𝗶𝗰𝗶𝗲𝗻𝗰𝗲.

Meanwhile, the IT department tends to close the doors as much as possible to protect the integrity of the plant. It's only natural, since its role is to ensure thesafety of the run.

As a result, numerous pilots are emerging: they're quick and easy to set up, respond to a precise use case and upload data directly to the cloud, often without the IT department's knowledge (via IoT 4G & VPN, for example).

‍

How can driver strategy be a problem?

In general

• Prevents the contextualization and formatting needed to master production data before use.
• Reproduces data silos and slows down the deployment of use cases that need it.
• Significantly slows down scaling.
• Compromises system integrity and production.

And if we add to the equation 𝘀𝗽𝗲́𝗰𝗶𝗳𝗶𝗰𝗶𝘁𝗲́𝘀 𝗱𝗲 𝗹'𝗢𝗧

• Multiplicity of specific protocols, real-time, determinism, no stopping
• Potential need for physical update
• Equipment often not inventoried (on average 30% of stock unknown)
• Machines communicating via deprecated / exotic protocols that no longer run on up-to-date operating systems.

Understandably, this further weakens the plant system, which was already under strain.

It is therefore essential to seize on these issues and embark on a real IT-OT convergence process, bringing together teams who didn't necessarily talk to each other beforehand, to build a secure, scalable infrastructure that meets business needs and the challenges of the "factory of the future".

‍

How are you preparing for this paradigm shift?