IT vs. OT for the Industrial Internet – Two Sides of the Same Coin?
IT and OT – What’s the Difference?
Most people are familiar with the term Information Technology (IT). These teams generally work on the enterprise side of things and cover:
“The entire spectrum of technologies for information processing, including software, hardware, communications technologies and related services. In general, IT does not include embedded technologies that do not generate data for enterprise use.”
I’m emphasizing that last part because it plays an important role in the rest of this discussion.
Operational Technology (OT) is a relatively newer term and as Gartner explains:
“Is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise.”
For the purposes of this piece, we’re focusing on OT in the context of manufacturing plants and the assembly line – the teams responsible for the technology and industrial systems that keep the manufacturing process going.
When Worlds Collide - The Industrial Internet
From the explanations above we can see that, traditionally at least, IT and OT have had fairly separate roles within an organization. However, with the emergence of the Industrial Internet and the integration of complex physical machinery with networked sensors and software, the lines between the two teams are blurring.
Remember that portion of the IT definition I highlighted earlier, “In general, IT does not include embedded technologies that do not generate data for enterprise use”?
Well, one of the main reasons these industrial systems and appliances are being brought online is to deliver smart analytics - using data generated from the machines to modify and optimize the manufacturing process. Generating data for enterprise use? That’s starting to sound more like traditionally IT territory.
Download Oti Network Software
Now, this convergence of OT and IT isn’t exactly news; Gartner predicted this back in 2011. However, in more recent years we’ve noticed the scope of Industrial Internet has started to explode into more general Internet connectivity, as opposed to the historically closed systems that relied more heavily on physical security to ensure integrity. With this shift from closed to open systems comes an even greater interdependence and overlap between the two teams and a slew of new security concerns.
New Concerns for Both Sides
Greater connectivity and integration is obviously beneficial for smart analytics and control, but more connections and networked devices means more opportunities for security holes. While security has always been a priority for both IT and OT teams in traditional systems, these networked systems are presenting new scenarios and risk profiles to both sides. IT now needs to start thinking like OT and vice versa.
New Concerns for IT
Greater scope of impact – There’s no downplaying the obvious detrimental results of a security incident in a more traditional enterprise environment, but the effects of an incident on an industrial system are on a completely different scale. Consider the repercussions if an electricity grid went offline, or if a car’s engine control system was hacked and drivers were no longer within complete control.
Physical risks and safety – Unlike more traditional enterprise systems, networked industrial systems bring an element of physical risk to the table that IT teams have not had to think about. An interruption in service or machine malfunction can result in injury to plant floor employees or the production of faulty goods, which could potentially harm end users.
Outdated or custom systems – IT is used to frequent and consistent software patches and upgrades, but the industrial environments tend to be more systemic, where one small change can trigger a domino effect. As a result, many legacy plant control systems may be running outdated operating systems that cannot easily be swapped out or a custom configuration that isn’t compatible with IT’s standard security packages.
New Concerns for OT
Download Oti Network Manager
Physical risks and safety – Threats to physical safety are not a new concern to OT teams; they’ve been implementing safety measures into industrial systems for decades. However, they’re now facing threats that are potentially outside of their control. Taking machines and control systems out of a closed system brings the threat of hacked machines, which could potentially injure employees (e.g. overheating, emergency shut-offs overridden, etc.).
Productivity and quality control – Losing control of the manufacturing process or any related devices is any OT team’s worst nightmare. Consider a scenario where a malicious party is able to shut down a plant, halting production entirely, or reprogram an assembly process to skip a few steps, resulting in a faulty product that could potentially injure end users down the road.
Data leaks –While data breaches have long been a top concern for traditional IT teams, they are somewhat new territory to OT teams that are used to working with closed systems. Given the nature of the types of industrial systems that are coming online, such as utilities, aviation and automobile manufacturing, ensuring the privacy of transmitted data is critical.
Working with IT – One of the more unexpected concerns I hear from OT teams is around how to work with IT to solve the security threats discussed above, when IT teams generally have little experience with industrial systems and their traditional security solutions typically aren’t compatible with legacy control systems. While many on the OT side see the benefits of moving away from closed systems and increasing connectivity, the perceived lack of IT experience and potential solutions for their security concerns is causing some resistance.
Finding Common Ground
Download Oti Network Provider
While OT and IT may have different backgrounds framing their concerns about the transformation brought about by the Industrial Internet of Things, the main underlying concern for both parties is retaining control of systems and machines and ultimately the safety of their employees and customers. To make both sides happy, key components of any potential security solutions should include:
- Identifying and authenticating all devices and machines within the system, both within manufacturing plants and in the field, to ensure only approved devices and systems are communicating with each other. This would mitigate the risk of a hacker inserting a rogue, untrusted device into the network and taking control of any systems or machines.
- Encrypting all communications between these devices to ensure privacy of the data being transmitted.
- Ensuring the integrity of the data generated from these systems. As mentioned earlier, smart analytics are a major driver in the adoption of the Industrial Internet, but those analytics are worthless if the data is inaccurate.
- Assuming the manufactured goods contain software or firmware themselves, enabling the ability to perform remote upgrades down the road and ensuring the integrity of those updates.
If things continue as they are today, it’s likely we will see the separation between OT and IT continue to fade until they are potentially one and the same. In the meantime, it’s essential that both sides consider the other’s expertise and point of view and work together toward the ultimate goal – a secure, productive Industrial Internet.
Download Oti Network Link
If you’re concerned about the security risk of the Industrial Internet and want to discuss solutions with a member of the GlobalSign team then contact us today.
As recovery progressed, Frank Sanborn, a Federal Emergency Management Administration (FEMA) Innovation Fellow, reached out to RHI about expanding the network to further support recovery efforts in Red Hook. Sanborn recruited volunteers from NYC Mesh and HacDC, a Washington, DC based hackerspace, and coordinated with the International Technology Disaster Resource Center (ITDRC).
OTI already had a store of routers at RHI from before the storm.With technical direction from OTI and operating according to the goals established by RHI, the team set up a FEMA satellite link on the roof of RHI and installed a Commotion router on the roof of an auto body shop down the block from RHI.Previously, the owner of the shop had been reluctant to host a router, as he did not see a benefit in doing so. However, as the community rallied in response to the crisis, the auto body shop became a key link between the Internet gateway at RHI and the router overlooking Coffey Park, which had by then become an important aid distribution point for Red Hook.
Although the satellite uplink was offered for only 30 days and provided modest bandwidth, the mesh network could distribute the Internet connection to key locations where residents, first responders, and recovery volunteers needed it most.
As the community came together to respond to the storm, the need to grow this resilient communications infrastructure became clear.With power and water still off in much of Red Hook in the following month, many local organizations and residents reached out to help. Brooklyn Fiber, a local Internet service provider (ISP), volunteered an additional gateway to RHI WiFi.
To add the gateway into the mesh, OTI, RHI and Brooklyn Fiber installed a 5 GHz Ubiquiti Nanostation Loco router running AirOS (to receive the fiber signal), and a Ubiquiti Nanostation running Commotion (as a wireless access point), on the 3rd floor of the Visitation Church Rectory on the west side of Coffey Park.The church was also without power at the time, but the team installed an uninterruptible power supply that could run the routers for 12 hours at a time.