Critical Convergence for enhanced safety: A Literature Review on Integrated Cybersecurity Strategies for Information Technology and Operational Technology Systems within Critical Infrastructure

Cyberattacks targeting critical infrastructure highlight that both information technology systems (IT) and industrial control systems (ICS) are vulnerable to cyber security events and that cyberattacks targeting IT can have effects on ICS and vice versa. These events indicate a need for an improved understanding of the similarities and differences between IT security and ICS/operational technology systems (OT) security. This paper explores the technological aspects of tools, methods, and approaches used to secure IT and OT systems, and the crisis decision-making processes related to management, strategy, organization, and governance. The methodology of this exploratory study is a literature methods approach using PRISMA methods that gather academic articles from the "Web Of Science" database. We discuss fifteen papers on IT and OT systems similarities in terms of security needs, and in terms of significant differences between the two that must be considered. The paper explores the trade-offs between applying IT-focused cyber security tools and approaches to ICS and OT. Results are disseminated in terms of two main research questions that are RQA) What are the similarities and differences between IT and OT security? And RQB), how can these disparities be effectively addressed to protect these systems from cyberattacks? We conclude by outlining future research directions aimed at expanding on the findings of research questions A and B.

Keywords: IT, OT/ICS, Security, Cyber crisis management, Critical infrastructure.

Download PDF