Traditionally, operational technology (OT) and information technology (IT) would have been separate from each other. However, with industrial equipment and processes increasingly coming online, these two worlds are intertwining, bringing both benefits and challenges.
The implementation of Industrial Internet of Things (IIoT) technology is ultimately good for business. Capturing and analysing data from industrial equipment enables manufacturers to make data-led decisions, which empowers the improvement of production and maintenance processes.
However, you’re likely to already have a collection of automation networks and software being used on the factory floor. Digitised machinery is known as your operational technology (OT), while your business’ networking, security and applications are known as information technology (IT). The successful implementation of IIoT depends on the unity of these systems.
As the lines between the traditional OT and IT silos start to blur, both technical and cultural differences must be understood and addressed in order to gain real benefit from IIoT and the digitisation of manufacturing.
What is operational technology (OT)?
As described by Gartner, “OT is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise.”
In the context of manufacturing plants and industrial settings, an example of OT is SCADA (Supervisory Control and Data Acquisition), which is used to gather and analyse data in real-time. Many industries rely heavily on SCADA systems to monitor or control plant equipment.
Another example of OT is the use of Industrial control systems (ICS). These are often managed by SCADA and consist of any systems used to monitor or control industrial processes. Using the ICS’ human machine interface (HMI), users can observe, manage, and control industrial processes.
What is information technology (IT)?
In business, IT is a very common term that most people are familiar with. It constitutes the technological backbone of most organisations and refers to anything related to computer technology, including hardware and software.
Gartner describes IT as, “The entire spectrum of technologies for information processing, including software, hardware, communications technologies, and related services.”
How do OT and IT differ?
In short, IT deals with information, while OT deals with machines.
The former manages the flow of digital information, while the latter manages the operation of physical processes and the machinery used to carry them out.
There are many differences between the two (not least the cultural differences in their management), as the two systems have traditionally existed in separate silos. A team of control engineers will sit in one silo, whose objective is to consider how to use data to control, manage and monitor machines. This includes functions such as condition monitoring and using that information to gain operational insights.
In another silo, an IT team will be using enterprise platforms for functions such as procurement and stores management.
There is often a gap between OT and IT, blighted by poor communication between the two sets of data - as well as the teams managing them.
For many organisations, the operation of the two areas is culturally very different.
On the one hand, OT devices (which are usually highly specialised, isolated and self-contained) require custom software to run, rarely using standardised operating systems (like iOS or Windows). This means they require trained engineers to operate them, and tend to run autonomously. They may not need updating for months or even years.
Errors within OT can result in product quality issues, equipment damages, and - in some hazardous environments - even injury or loss of life.
These consequences have rightly led to a ‘safety-first’ approach. But despite this, the firmware and software used in industrial systems are often not maintained or upgraded with the same rigour and frequency as standard IT systems. ‘If it works, leave it’ is often the attitude with OT systems, particularly if the skills needed to maintain and upgrade the systems are not readily available.
This ‘fit and forget’ approach often leads to a lack of oversight on managing security. Indeed, a recent study found that over 73% of manufacturing companies were using the device supplier’s default passwords for devices, network connections and process control systems.
On the other hand, access to IT programs are typically less restricted, with many employees in the organisation able to use them.
IT systems are connected by their nature. They have little autonomy, generally run using readily available operating systems such as iOS and Windows, and are updated frequently.
Unlike the ‘safety-first’ approach of OT systems, the attitude often associated with IT systems is ‘fix fast, fail fast’, where software testing can take place in separate virtual environments, and continuous upgrades and patches are considered normal.
Why are OT and IT coming closer together?
Until recently, the integration and cooperation between OT and IT usually took place at the individual project level, rather than as a planned and structured enterprise-level activity.
This bottom-up approach often leads to delays in implementation, as each project is assessed on its own merits, causing holdups in approval and even cancellation.
As a standalone system, inputs on many OT devices would have traditionally been limited to a physical panel or keypad. However, with the emergence of IIoT and the integration of machinery with networked sensors and software, the lines between the two are beginning to blur. These machines are now generating data, which is the domain of IT. As such, OT devices are now being controlled and monitored remotely using IT systems.
The connectivity and integration of OT and IT has many benefits.
Combining the IIoT data coming out of connected machinery and processes with operational data assists with understanding its context. It will ultimately lead to better, more actionable insights.
For instance, by monitoring an ICS or other OT device remotely, an IT system can alert operations staff when a component is starting to fail, avoiding costly downtime and secondary damage.
IT systems can also provide employees with real-time reports on the condition of the OT device, or provide visibility of historical operating data.
What are the challenges of connecting OT and IT?
While there are many opportunities in bringing these two worlds together to create a manufacturing improvement service, it’s not without its difficulties.
As connecting OT to IT at a technical level is becoming increasingly widespread, there is growing recognition that all the well-established governance practices of IT - such as management of user access, updates, and security patches - need to be applied to existing OT systems.
Additionally, when OT systems become cohesive with IT systems, it’s important that their management is unified under a single point of control. When this happens, the cultural differences in how these diverse systems are operated may make organisational integration more challenging than even the technical integration.
Cyber Security Threats
Arguably, the biggest challenge of bringing these two worlds together is cyber-security.
Historically, the closed systems of OT devices relied on physical security to ensure integrity. These standalone systems were virtually inaccessible to the outside world. However, the recent overlap between OT and IT systems - and the resulting shift from closed to open systems - brings with it concerns over security.
While external cyber threats have long been a worry for traditional IT teams, they are new territory to OT teams that are used to working with closed systems.
With OT now connected to the outside world via the internet, a different approach to security is needed. Before integrating IT into OT systems, it’s vital that appropriate cyber-security protocols are implemented. After all, an attack can damage equipment, impacting production and creating health and safety hazards.
If a device is connected to the internet, it can be found by malicious actors. And as more connections and networked devices come online, it means that there are more opportunities for security holes.
What is the future of OT and IT integration?
At present, Chief Information Officers (CIOs) are seeing significant changes in their roles.
Traditionally, a CIO would be responsible for managing, implementing, and overseeing the usability of information and computer technologies. They wouldn’t have any involvement in OT systems, though.
However, in today’s world they need to take active responsibility. The good news is that progress is being made here as, according to Gartner’s 2021 IT OT Alignment and Integration Survey, CIOs are taking more responsibility for OT compared with the previous three years.
This responsibility involves working with manufacturing operational managers to develop an OT/IT security strategy, reflecting not just digital security but also the physical security of factory-based systems, which are often vulnerable to an ‘insider’ cyber-attack.
IT professionals also need to understand the risk-averse, ‘safety-first’ culture of engineering and embrace it, rather than attempting to introduce IT approaches - such as ‘minimum viable product’, ‘fail fast’, and ‘continuous upgrade’. These approaches are not possible when real-world physical consequences can result from OT system failures.
While IT has a role to play in security, the insights garnered from OT/IT integration into production processes and specific asset performance - and the subsequent application of those insights to the physical assets to help improve their performance - will remain the responsibility of production engineers and not IT.
How can you make the right platform choice for your IIoT project?
When implementing an IIoT system, your manufacturing managers will need to prepare for essential cyber security conversations with IT. Choosing an IIoT platform supplier that can support these decisions is essential.
With RS Industria, your data is 100% secure, so there’s no risk of disruption to your production systems. All our applications and hardware are regularly penetration tested by independent specialists, allowing us to ensure that potential vulnerabilities are identified and mitigated before they can become a security risk.
You’ll also benefit from…
- End-to-end cloud application protection, fully developed using AWS (Amazon Web Services)
- Security reviews & engagement from our dedicated cyber security team.
Equipped with our own cyber-security manager, we can engage with the right individuals in a customer’s IT department and provide them with all the relevant technical and procedural information – right at the start of the specification process.
This early and detailed engagement with key IT stakeholders means that IIoT projects have a far higher chance of approval, and a much faster implementation time.
In the near future, integration between IT and OT will be the norm.
For now, it’s essential that both IT and OT professionals are very aware of the requirement to closely work together. This will ensure that industrial environments are secure, productive and connected, enabling manufacturers of all sizes to reap the significant benefits of the digitisation of manufacturing.
RS Industria is the IIoT-powered manufacturing improvement service that monitors your critical assets in real time.
From high energy costs to high emissions, amount of waste, unplanned downtime and production yield, we reduce the production losses that keep you awake at night.
Ready to learn more?
Read on to ‘Predictive Maintenance Comes of Age’.