Governance & Risk Management , Operational Technology (OT) , Security Awareness Programs & Computer-Based Training
Bridging the IT-OT Cultural Gap
Lorena Nunes of Braskem on Overcoming Cultural Gaps in Industrial CybersecurityBusiness leaders often consider culture a soft topic, but this can create a divide between the IT and OT departments, leading to significant challenges for industrial cybersecurity. Bridging this cultural gap requires understanding and addressing unique operational needs, said Lorena Nunes, industrial cybersecurity specialist at Braskem.
See Also: The CISO Playbook for Cloud Security
Even though culture is a theory, organizations "see it on a day-to-day basis and behavior" that can affect cybersecurity, she said, adding that building a strong cybersecurity culture requires support from both leadership and rank-and-file employees. Nunes highlighted how operational continuity often conflicts with cybersecurity measures, making cultural integration essential.
"When you get cases that are in the industry,= where someone, for instance, used the same password they had for Facebook … we will see that a Colonial Pipeline type of incident can happen due to bad culture on the industrial side," she said. "When you start showing this type of graph, that's when the leadership says, 'I better start implementing this from the ground.'"
In this video interview with Information Security Media Group at the Cyber Security for Critical Assets USA Summit in Houston, Nunes also discussed:
- The combination of technical and relational skills needed to promote cybersecurity culture within industrial settings;
- Strategies to convince business leaders that tackling cultural issues is imperative for their success;
- Going back to basics to identify cultural gaps in an organization.
Nunes is a cybersecurity expert with more than 15 years of experience in the engineering of automation projects. She focuses on instruments, SCADA systems and automation network integration.