Australian Information Security Management Conference

Document Type

Conference Proceeding




Originally published as: Murray, G., Johnstone, M.N., & Valli, C. (2017). The convergence of IT and OT in critical infrastructure. In Valli, C. (Ed.). (2017). The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Western Australia. (pp.149-155).


Automation and control systems, such as SCADA (Supervisory Control and Data Acquisition), DCS (Distributed Control Systems) and are often referred to as Operational Technology (OT). These systems are used to monitor and control critical infrastructures such as power, pipelines, water distribution, sewage systems and production control,). Traditionally, these OT systems have had a degree of physical separation from Information Technology (IT) infrastructures. With changing technologies and a drive towards data-driven and remote operations the two technology environments are starting to converge. With this convergence, what was a relatively standalone secure and isolated environment is now connected and accessible via the Internet/cloud. With this interconnection comes the cyber security challenges that are typically associated with only with IT infrastructures. OT data that is then accessible from these environments could include critical information such as pressures, temperatures, proximity levels, control signals and other sensor signals. Due to the aforementioned convergence, OT data and associated control mechanisms are now significantly vulnerable to cyber-attacks. This paper provides an understanding of cyber security in an operational technology context (rather than traditional IT environments) and discusses the underlying causes, vulnerabilities, and the risks that are created by convergence and interconnection. We report on evidence of convergence between IT and OT, and use Hofstede’s model of organisational culture to explain the different attitudes and value drivers in IT and OT.