Friday, March 20, 2026
Security challenges specific to industrial control systems, at the convergence of IT/OT
PROTECT
IT/OT Convergence: The Crucial Challenge of Industrial Cybersecurity
On the occasion of the first edition of Lyon Cyber Expo, Thierry Rouquet, VP – Digital League, Franck Bonnard, Connectivity and Cybersecurity Consultant for Converged IT-OT Environments – NXO – Adira, Hicham Ben Hassine, CEO & CTO – AlgoSecure, Ludovic Benhamou, Security Engineer – Tenable, and Jean-Christophe Marpeau, Consulting engineer at Cap’tronic addressed the crucial issue of IT/OT convergence, a strategic challenge for securing industrial infrastructures in a context of digitalization and strengthened regulations.
The digitalization of industry, a driver of competitiveness and innovation, also exposes infrastructures to increased cybersecurity risks. As standards such as IEC 62443 and directives like NIS2 impose growing obligations, the convergence of IT and OT (information technology and operational technology) is becoming a strategic imperative for industrial companies.
For Thierry Rouquet, former cybersecurity entrepreneur and vice-president of Digital League, " The price to pay for industrial digitalization is an increased attack surface. Cybersecurity challenges in industry are not limited to protecting data, but also concern production continuity and the safety of personnel. »
A complex reality, between heritage and modernization
Integrating IT into OT raises specific challenges, particularly related to the obsolescence of industrial systems. Ludovic Benhamou, an engineer at Tenable, emphasizes: “Industrial equipment was not designed for cybersecurity. Its recent connectivity makes it visible and vulnerable, requiring a completely different approach from that of traditional IT.”
This specificity is also evident in the equipment lifecycles. Hicham Benassine, technical director of AlgoSecure, gives a telling example: “During an audit on an oil platform, it was imperative to guarantee a state of safety in 2023, knowing that the platform would remain in service for 30 years without any upgrades.” But beyond the technical aspects, it is also a question of culture and skills.
Franck Bonnard, consultant at NXO, insists: IT and OT are two worlds that have long ignored each other. It is crucial to create mixed teams where everyone can contribute their vision and expertise. »
Best practices for successful IT/OT convergence
While the challenges are numerous, the solutions lie in a progressive and pragmatic approach:
- Start with a risk analysis : Identify critical systems to allocate resources where they are most needed.
- Gain complete visibility of the equipment Understanding who is connected, what vulnerabilities exist, and how they can be exploited.
- Adopt proven standards such as IEC 62443 This standard offers a clear methodology for segmenting networks and limiting the impact in the event of an attack.
Franck Bonnard proposes an approach based on "small victories": Start with accessible projects, such as secure remote access or basic network segmentation. These initial successes will strengthen collaboration between IT and OT, paving the way for more ambitious initiatives. »
A human and organizational challenge
At the heart of this convergence, field operators play a central role. Their awareness and training are essential to avoid costly human errors, as Franck Bonnard humorously points out: "During an audit, we found an operator charging his phone at a critical station. This kind of practice can ruin all security efforts."
The key to success also lies in the support of senior management. Involving senior management in risk analysis, presenting them with concrete scenarios, and quantifying potential impacts are powerful levers for mobilizing the necessary resources.
A strategic imperative in the face of regulatory deadlines
With the NIS2 directive, the Cyber Resilience Act (2027), and new machinery regulatory requirements, manufacturers no longer have a choice: they must act now. According to Thierry Rouquet, "Companies must adopt a phased approach. Waiting could be far more costly in the event of an attack or non-compliance."
In conclusion, IT/OT convergence is not simply a technical issue. It is a global challenge, encompassing cybersecurity, business continuity, and cultural adaptation. Faced with growing threats and an increasingly stringent regulatory framework, successfully achieving this convergence is a crucial priority for the industry of tomorrow.