Access Control Conflicts in Information Technology and Operational Technology

Access controls are a key area for any security program. However, the recommended access controls cannot always be implemented across the entire organisations. This is the case within critical infrastructure organisations that have both Information Technology and Operational Technology assets where many of the controls cannot be implemented on Operational Technology. Also, safety is a key concern for critical infrastructure organisations which is not always the case with many standard commercial organisations. This means the access controls while maintaining security must not impact safety which can occur if considerations are not given to Operational Technology and safety objectives. This paper will provide ways to manage the conflicts and issues that can occur and provide a process to allow critical infrastructure organisations to implement the required controls without impacting safety and security.