Business Trends tion to an executive CISO to which they both report. The benefit of having an IT CISO and an OT CISO is to support a cybersecurity separation strategy meant to prevent a cyberattack moving from the IT to the OT environment, or vice versa. A two-CISO strategy is illustrative of a broader strategy to distribute cybersecurity responsibilities in a manner that prevents attacks moving from one environment to another. The administrators responsible for the IT firewall should not also oversee OT's firewall. This makes sense on a practical level-two teams of administrators better separate systems and controls-and on a philosophical level, using one line of thinking to create and maintain two firewalls leaves a system more hackable than using two lines of thinking. A prerequisite for effective distribution of cybersecurity responsibilities is complete asset visibility. The ability to monitor assets means first getting and maintaining visibility of critical assets, then using riskbased methods when planning and implementing protective security monitoring. Enhancing capabilities. Broadly-tested reference architectures and more-specialized solutions relating to data management and storage can enhance an organization's IT/OT convergence efforts. Network security reference architectures and zero trust. Establishing a reference architecture for network security during IT/OT convergence will yield a multitude of benefits. Reference architectures help all stakeholders collaborate and communicate effectively throughout a process-a notoriously tricky task between IT and OT teams. With a reference architecture in place to anticipate network security questions that may arise and provide objective guidance to answer them, the subjective differences in opinion between IT and OT will be minimized. ISA/IEC 62443 standards can be a valuable resource for organizations undergoing IT/OT convergence. The standards address security issues unique to connected OT systems. Among the security-related convergence tasks that IEC 62443 addresses are: * OT cyber risk assessments * Building cybersecurity management teams * Patching and other protective controls * Segmenting and securing network zones and conduits * Creating processes and governance * Establishing appropriate roles and responsibilities for users or resources. Additionally, choosing and managing the right connected devices for a unique OT system are important for securing networks for IT/OT convergence. IEC 62443 addresses this and provides guidance to improve existing processes for technology project scoping, vendor selection and procurement. It also contains a set of prescriptive requirements and processes for secure product development lifecycles fit for a connected OT environment. Traditional approaches for securing OT networks have long been dependent on maintaining the separation of industrial applications from IT networks. However, for organizations undergoing IT/OT convergence, traditional separaAPI's Process Safety Site Assessment Program (PSSAP®) continues to update protocols to enhance process safety performance. Recently added, the Product Storage & Transfer protocol aims to prevent loss of containment and mitigation measures while improving overall operations. To learn more visit: www.API.org/PSSAP ® PSSAP halfPage_Print Ad_hp_productstorage.indd 1 New PSSAP® Protocol: Product Storage & Transfer PROCESS SAFETY SITE ASSESSMENT PROGRAM Hydrocarbon Processing | AUGUST 2022 11 7/7/2022 9:45:52 AMhttp://www.API.org/PSSAP