The Role of IT/OT Convergence in Driving the Next Industrial Revolution
There has been plenty of industry talk about the need for convergence of information technology (IT) and operational technology (OT). Much of the talk has concerned investment in cybersecurity, but in reaction to what? While there are reasons to be proactive in cybersecurity, is there a more compelling reason to drive IT/OT convergence? How does digitization play into this and what is making the separation happen in the first place.
Numerous industry buzzwords often complicate discussions. "Industry 4.0," “digitization”, and "Smart Manufacturing" represent concepts rooted in linking production machinery, devices, and sensors for operational success. With these connections, businesses can improve manufacturing flexibility, efficiency, and overall effectiveness. The Industrial Internet of Things (IIoT) is essential for establishing these vital connections through network connectivity technologies.
Refining Production Processes Using IIoT-Connected Devices
Previously, production data operated in a closed loop to optimize processes against fixed standards. Now, with IIoT-connected devices, this data serves a broader purpose. Augmented by human or machine learning, these insights empower real-time decisions, driving efficiency and improvement. For instance, combining time series and wear data aids predictive maintenance via digital twin models, enhancing overall equipment effectiveness.
Collaboration Between IT and OT
This level of automation demands two-way IIoT communication paths for efficient data transfer between production and enterprise systems, fostering a closer collaboration between IT and OT teams. In this context, OT expertise becomes instrumental in capturing pertinent production data from machinery, devices, and sensors at the edge of the production floor. This data is then securely sent to on-premise or cloud-based enterprise data centers. Simultaneously, IT expertise is crucial in data storage and management, ensuring seamless data availability for enterprise systems. This availability allows for integrating diverse data sources, providing comprehensive context and insights. Effectively managing this production data and understanding it requires the strengths of both IT and OT disciplines.
Cybersecurity Challenges: Adapting Traditional IT Security for OT Environments
One downside of using IIoT to move data and insights is the cybersecurity implications of connecting and supporting the potentially large and diverse IIoT devices and sensors on the plant floor. This connectivity can create a complex and dynamic attack surface for cybercriminals to target, but IT/OT partnerships can be critical. Traditional IT security solutions are extended to OT environments to take advantage of scale economies. Still, these solutions and best practices are typically insufficient to protect industrial control systems and OT networks. OT systems are usually designed for safety and reliability rather than security. They often do not have the same security controls and monitoring level as traditional IT systems.
Marty Van Der Sloot, Interstates’ Director of Operational Technology, unpacks this, saying, “To address these challenges, industrial manufacturers need to implement a comprehensive data and cybersecurity strategy that includes both IT and OT security measures, such as network segmentation, intrusion detection and prevention systems, access control, regular vulnerability assessments, table-top exercises, and penetration testing. They also need to invest in cross-training programs to ensure that team members collaboratively understand both the IT and OT risks and best practices for maintaining data and system cybersecurity in an IIoT environment.”
IT/OT Convergence is Gaining Momentum
The encouraging aspect is that the significance of IT and OT convergence is widely recognized and gaining more ground. Dan Riley, who heads Interstates’ analytics team, shared an example of this: "We recently were able to interject a quality control step earlier in a production process that includes an IIoT-enabled high-speed imaging system to deliver early process quality measures…We have been able to participate in the conversation between the plant floor OT group and the enterprise IT group as we have built out the data modeling needed to deliver this solution.”
Finding Equilibrium
Convergence between IT and OT doesn't imply one dominating the other. Each discipline retains unique traits. For instance, industrial systems have longer lifecycles than typical IT setups, making security updates more challenging. OT cybersecurity focuses on tailored, risk-based approaches, differing from standard IT practices. Moreover, the impact of downtime varies vastly between IT and OT. Van Der Sloot illustrates, "IT assets can be rebooted with minimal impact, whereas even minor OT downtime significantly affects production, often limited to scheduled maintenance windows." This balance shows the importance of collaboration for enhanced operational efficiency and security.
Investments in Culture for IT/OT Convergence
Microsoft, Intel, and IOT Analytics’ IoT Signals: Manufacturing Spotlight report from August of 2022 lists three imperatives for digital transformation:
- Adopt Industry 4.0
- Integrate IT and OT
- Foster a digital-first culture
Cultural investments for IT/OT partnership involve various strategies to encourage collaboration and align objectives. Pairing IT and OT teams for joint projects, training, and shadowing experiences can bridge the divides. Establishing shared business goals unifies both sectors while acknowledging and valuing their unique expertise. These shared goals also create joint accountability, addressing challenges in data security.
If cultural barriers hinder combining IT/OT groups, partnering with a neutral third party, such as a systems integrator, analytics provider, or cybersecurity firm versed in both domains, can be beneficial. They can bring specialized expertise to projects focused on "data-to-insight" goals and addressing security risks. Additionally, they can facilitate collaboration between internal IT and OT teams, smoothing interactions and paving the way for future joint endeavors.
This blog was originally published on Industrial Cybersecurity Pulse.