SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
SIEM
#
IoT Security
#
Zero Trust Security

Australia faces OT security gaps as IT & SOCs converge

Today
Author image
By Melvin Hipolito, Editor

The convergence of Information Technology (IT) and Operational Technology (OT) in Australia is exposing a critical security visibility gap for organisations reliant on industrial control systems, utilities, and smart manufacturing processes.

As the nation accelerates the adoption of smart infrastructure and Industry 4.0 initiatives, the integration of IT and OT has become an operational reality. Despite this, current Security Operations Centres (SOCs) and Security Information and Event Management (SIEM) systems are often unable to effectively monitor and respond to OT-specific threats.

Recent years have seen a rise in the frequency and sophistication of attacks on OT systems. Incidents involving programmable logic controllers (PLCs), SCADA systems, and field devices have been reported at power plants, water utilities, and transport networks. These events often elude detection within IT-centric security frameworks, enabling attackers to remain undetected until significant disruptions occur.

A primary challenge stems from the inherent differences between IT and OT environments. IT systems are typically designed with confidentiality, integrity, and availability in mind, supported by layered security measures. In contrast, OT systems prioritise performance, operational uptime, and physical safety, often operating in isolation from external networks.

Cisco has highlighted that OT devices are often legacy-driven and built with different requirements than their IT counterparts. Many OT systems operate using outdated operating systems, lack encryption, and cannot be patched without interruption to critical operations. These characteristics create significant barriers for traditional SOCs attempting to ingest and interpret OT telemetry.

Protocols commonly used in OT environments, such as Modbus, DNP3, or OPC-UA, present behaviours unlike standard IT traffic. SOC teams often do not possess the necessary tools or expertise to analyse these protocols, further limiting security oversight.

Traditional SIEM solutions were developed for corporate enterprise environments, capable of processing Windows logs, firewall events, user behaviour analytics, and endpoint data. While effective within IT environments, these tools often provide limited visibility or insufficient contextual understanding for OT networks.

A 2024 industry report by Control Engineering cautions that integrating OT into IT-centric SOCs can be misleading. The report asserts that, "plugging OT into an IT based SOC will automatically yield security benefits" is a flawed assumption, and that this practice may "create an illusion of coverage, while attacks on OT continue unnoticed, often using legitimate commands or configuration changes that wouldn't raise red flags in an IT context."

For example, malicious modification of a setpoint in a water treatment plant may not register as a threat in IT systems, even though it can result in substantial physical consequences. Without protocols and threat models that are specifically tailored to OT, many SOCs lack the visibility needed to identify and respond to such attacks.

There are also organisational and cultural hurdles. IT and OT teams often function in isolation, with separate key performance indicators (KPIs), management structures, and vendor relationships. Addressing these issues requires more than the right technological tools; effective convergence depends on collaborative processes, shared governance, and a common understanding of operational risk.

"You can't secure what you can't see, and you won't act on what you don't understand," said Jayaprakash Muthusamy, CEO of Borderless CS. "Until SOCs are trained to speak the language of OT, we're leaving critical infrastructure exposed to silent sabotage."

According to Muthusamy, successful convergence efforts are initiated through dialogue among plant engineers, IT departments, CISOs, and risk managers. "One local council we worked with was unknowingly exposing building management systems (BMS) through remote access protocols until a combined audit uncovered the vulnerability. This kind of cross-disciplinary discovery is only possible when OT visibility becomes a structured part of SOC operations," he added.

Industry experts recommend modernising SOC architectures to support both IT and OT domains. Best practices include deploying specialised OT monitoring sensors, integrating asset inventories with security platforms, and enriching alerts with operational context. Adopting tools for behavioural baselining, anomaly detection, and zero trust principles within industrial networks is also advisable.

Recent frameworks from global cybersecurity authorities advise a layered approach, ensuring that OT security events are not only collected but also contextualised. Solutions from providers such as Nozomi Networks, Dragos, and Claroty now enable organisations to map and monitor OT environments; however, these capabilities require integration with incident response protocols to be effective.

Smaller businesses and local governments may lack internal resources to support OT security operations. Managed Security Service Providers (MSSPs), such as Borderless CS, are increasingly extending their SOC services to incorporate OT networks. This offers councils and SMEs additional assurance as cyber threats focus more intently on critical sectors that may be perceived as less protected.

"In our work at Borderless CS, we've seen that successful convergence initiatives start not with tools, but with conversations, between plant engineers, IT teams, CISOs, and risk managers. One local council we worked with was unknowingly exposing building management systems (BMS) through remote access protocols until a combined audit uncovered the vulnerability. This kind of cross-disciplinary discovery is only possible when OT visibility becomes a structured part of SOC operations," stated Muthusamy.

As digitalisation continues to progress, the need to fully integrate OT within the SOC view is prompting Australian organisations to reassess their operational and security frameworks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Your personal SaaS accounts could trigger a million-dollar corporate breach
Gurucul launches self-driving SIEM to automate security ops
Verkada appoints new regional VPs for ANZ & ASEAN
Kiteworks reveals the top data breaches of 2024 report
Kaspersky reports record revenue, USD $822m in 2024
Top stories
Check Point named leader in GigaOm’s AI-powered firewall report
DigiCert posts record Q4 growth driven by digital trust demand
Motorola unveils SVX & Assist to boost AI in policing
Logicalis launches Cisco XDR managed service in Asia Pacific
Gigamon appoints Simon Oliver to Channel Sales Lead for APAC