Expanding the Role of the CIO in OT

The role of the CIO (Chief Information Officer) has changed dramatically in recent years. Some elements of the job — the network you manage, the server footprint you’re responsible for, the size of your team — are all getting smaller. Those factors leave CIOs facing another question: how do they stay relevant and useful to the business as a whole? 

The responsibilities for CIOs have transformed from managing costs while delivering functional technology into something much more broad. You’re not just staying within budget while ensuring the network remains operational. Many are now asked to be strategic change agents who help foster business growth.  

This shift is quickly becoming apparent and widespread. A recent global CIO study showed that 90% of CIOs report their roles and responsibilities have greatly expanded beyond just managing technology. The change is especially apparent in the manufacturing sector where coordination and collaboration, as well as technical expertise, are essential to delivering value as a CIO. 

Operational technology (OT) traditionally has occupied its own distinct space, separate from IT. OT security often amounted to little more than putting it on an air-gapped or segregated network and assuming none of the system would ever need internet access. But due to the OT/IT convergence, the continuous rise of IoT elements, and the interconnectedness of operations and supply chains, the role of the CIO in governing OT is much different than before. 

Make Sure Your Business is Protected: Connect with our cybersecurity experts to get started on your tailored security solution today.  

Security is a Still a Huge Part of the Role of the CIO 

Securing OT components and managing risk for manufacturers should arguably be a primary responsibility for CIOs working in this sector. But, it often isn’t. Previously, many organizations were content to be relatively hands-off in bringing OT under the umbrella of IT management, or didn’t see the need to do so. Let IT and the CIO handle the network, and let the plants or factories handle what was needed to keep production going.  

That’s simply unfeasible now. Proper oversight and cybersecurity considerations are top of mind for Boards of Directors, and with good reason. A host of attacks targeting OT in recent years — the Colonial Pipeline attack in 2021 was a major wake-up call — has driven home the need for CIOs to more involved in securing OT components. As the traditional infrastructure supporting OT erodes, CIOs need to be examining how to take more ownership in this area. 

Today, virtually every OT environment now includes some IT components, or in the very least some IoT technology. If CIOs working in the manufacturing sector aren’t planning to get more involved in OT security, examining the role the cloud could play, and other considerations, they’re doing themselves and their organization a disservice. OT can’t simply be left to its own devices any longer. If, as a CIO, you haven’t thought about the factors at play here or are actively dealing with them, you will be soon — or you’ll be replaced by one that will. 

Engagement Now is an Important Part of the Role of the CIO 

Figuring out how to take ownership of OT, or engaging in important collaboration with those internal teams overseeing it, is a critical part of the role of the CIO. Every CIO should be thinking about how to manage such elements in an effort to improve their value and best meet the new expectations of their role.  

As CIO, have you thought about taking ownership of those OT elements that have typically been outside your purview or operated on their own? 

• If you won’t own it, how are you and your teams getting involved? 
• If you aren’t involved today, are you going to be involved if something bad happens? 
• If so, you and your business are best served if you get involved now. 

Take Steps to Better Engagement 

The role of the CIO governing OT now hinges on being more involved — with people working with OT, the technology involved there and the processes employed. How do you foster engagement with OT personnel? Here’s a short list of ways to bridge the gap from IT to OT, and ensure your relevance and value moving forward. 

Process for New Tech 

It doesn’t work to keep OT siloed any longer. As a CIO in this space, you need a process that ensures you’re involved when new technology is acquired. You should be looped in so you can weigh in and help create standards governing the pieces in place — and ones that will replace them.  

Vulnerability Scanning & Tabletop Exercises 

These are staples for corporate IT, but are often neglected when it comes to OT. Vulnerability scans can give you visibility into where weaknesses in OT equipment lies.  Tabletop exercises can help you understand how OT and IT teams will work together on an incident that affects both.  Expanding these core security principles into OT allows you to develop relationships with personnel on that side of the business, generate buy-in from those departments, and provide better security resiliency.  

Product Development 

Traditional IT and the CIO can become more integrated by offering support in this area. Perhaps your company makes OT products, or products that rely on IoT to connect with customers. Any product with an IP address can use input from IT about their use and potential for cybersecurity risk. Product development can be a key touchpoint, and is often underutilized for CIOs looking to make more of a positive impact.  

Start Small 

As a CIO, you won’t have carte blanche. In a corporate environment, separate departments can be territorial and protective. You can help, yes, but you may need to start small, generate engagement, and then scale up. Pick one plant, or product line, and start there. Use it as a pilot case. Figure out what works, and then grow it. 

You’re There to Learn 

You’re the CIO, not a dictator. Again, most departments will be protective of their work and their processes. Entering and declaring sweeping changes — to OT or otherwise — is a sure way to generate frustration on both sides. Ask questions, work together and understand their side of the problem before you institute changes. 

How the Cloud has Changed the CIO Role: The evolving role of the CIO has been impacted by the development of the cloud and further digital transformation.  

Inversion6: Helping Redefine the Role of the CIO 

Our team of expert fractional CISOs have been where you are and faced the same kind of challenges. Each of our CISOs has experience overseeing IT in the manufacturing sector, or are actively working with clients in the sector now.  

At Inversion6, we’ve seen the same problems you have in terms of governing OT. We’ve helped build consensus to address security issues, and built bridges to help organizations to get on the same page. We’re often called on by manufacturing companies to help lead them through the process. 

Our extensive experience and partnerships with leaders in the cybersecurity space mean we’re bonafide subject matter experts on the technology relevant to helping CIOs manage OT and further development engagement for their rapidly changing role. We build out programs that secure what you’re doing — from developing new products to the production line.  

The role of the CIO is changing as is how companies alter their view on and manage OT. Connect with our team today to learn how we can help.