fbpx

Manufacturing technology and the blurring borders between IT and OT

Connecting the shop floor with the top floor and eliminating security risks.

 

For decades, computer and data networks – known as Information Technology (IT), and industrial control system (ICS) operations and process control groups – often labeled as Operations Technology (OT), have run as isolated and independent networks, with entirely different objectives and requirements. That is beginning to change.

The automated factory used to be a closed environment, but digital businesses now want iPads, not HMI’s to control motor drives. And leaders need to manage IT and OT as a single asset. After all, deploying separate solutions can double operational expense.

By combining industrial automation with communication, IIoT is making production lines and factories—with all their sensors, data, and analytics—as integral to the networked enterprise as employee workstations. That way, companies can leverage the best of IT, like cloud computing and virtualisation, alongside OT advances.

The rise of IOT and Industry 4.0 are radically changing the way manufacturers are doing business. There is a trend towards optimising the manufacturing process through automation, IOT and IT. 

The real time integration of data from the plant floor and across the supply chain enables highly accurate predictive analytics, leading to a more innovative and competitive organisation.

"By 2019 more than 30% of all IT and OT technical staff will have direct project experience in both fields"
(IDC, November 8, 2017)

The challenges of  IT vs. OT

 

Information Technology and Operational Technology teams have traditionally embraced different cultures, objectives and concerns. IT deploys and manages a spectrum of systems such as the data center, communications, networks and enterprise security.

OT teams are responsible for all aspects of the manufacturing and process control systems, safety and output. Historically, factories have deployed proprietary equipment and protocols – operating independently and separate from enterprise IT.

Now the lines between OT and IT are blurring. The business benefits of highly predictive analytics can only be achieved with the integration of operational and corporate networks, data and systems.

Collaboration is essential in addressing security risks

 

The one sticking point to this value proposition is data security. The operations technology (OT) managers in a company may see the benefits of IoT-enabled asset monitoring, but the information technology (IT) leadership may see IoT connectivity as a security threat.

Materials handling solution vendors as well as providers that specialize in industrial connectivity say these security concerns and OT/IT tensions are real, but can be overcome. Better cooperation around system architecture and more effort to show IT leaders that best practice security measures will be used should go a long way to easing concerns.

Done right, IoT-connected machinery offers uptime rewards at minimal risk. But, by the same token, when it’s done wrong, that connectivity into OT systems can pose big threats.

IT and OT teams are discovering the need to work together in order to deploy cybersecurity solutions throughout the enterprise; from headquarters to remote locations, and the factory floor.

Typically IT has been more concerned about user access control, which is a minor component in industrial environments, where IoT presents the greatest security risks.  The lack of IoT security mechanisms is opening not just the factory, but also the corporate network and data centre to greater risk of costly attacks.

The discovery, profiling and authentication of all devices and machines in manufacturing plants and in the field is essential.


Manufacturing is a top five target for sophisticated cyberattacks
. Hackers are going after intellectual property, financial data and customer information. CIOs report that intellectual property can constitute more than 80% of company value. 
Now is the time for OT and IT leaders to develop strong partnerships to promote operational efficiency, safety and competitive advantage.

How to get Started

 

These differences are not intractable. Careful planning and coordination, combined with open communications and effective listening are critical to converging these different environments and reaping the potential benefits. These include:

Strategic executive alignment: Team leaders need to all understand and agree to the business objectives and benefits of converging these resources. Common goals and clearly defined outcomes help all teams drive towards an effective solution.

Establishing a joint task force: Once goals and outcomes are defined, few approaches are more effective than bringing representatives from all impacted teams together to voice concerns, debate strategies, scope out the project, and develop a common set of processes. 

The first objective should be to educate each other on the challenges such a project entails. This will help drive a solution that all parties can embrace. However, be prepared for this process to take some time.

Running pilot programs: This generally goes without saying, but every step of the process outlined by the joint task force needs to be run, sometimes repeatedly, in a controlled environment before turning it on in a production network. 

There is a lot at stake, so fine tuning operational controls, security measures, and contingency plans before applying them to a live environment is essential.

Summary

 

Mitigating the conflicts inherent in IT and OT convergence, and improving ICS security doesn’t happen overnight. This is a serious challenge for any organisation and difficult for many to undertake. 

Managers need to learn to share goals, jointly evaluate business risks and consequences together, and train the broader group on shared skills, which will ultimately lead to appropriate ICS security products, processes, policies and people.

Also, joint governance for IT and OT projects shouldn’t be underestimated. IT commonly has stronger project management models, but they cannot just be taken “as-is” into ICS operations. 

The two collaborating and cooperating departments need to extend their skills to adapting the IT security project models for use in operations with consideration of all the differences inherent in their security priorities and risk biases. An effective industrial cyber security program is a lifecycle and a journey – the first step is getting the journey started.

Follow Us

Based In Keele, SyTech IT provide IT Solutions, Support & Systems for Industry and multi channel distribution businesses within Stoke-on-Trent, Staffordshire, Derbyshire, Cheshire, Lancashire, Warwickshire, Birmingham and Manchester.

© All rights reserved 2018 SyTech IT Limited Registered in England and Wales: 09896931

SyTech Logo FINAL_WHITE_RGB