IoT Operational Technology (OT): Convergence With IT & Key Differences
Though traditionally, Information Technology (IT) and Operational Technology (OT) were kept separate, these two worlds are becoming increasingly intertwined thanks to the internet. This article introduces us to the two technologies, their key characteristics and differences, and the security objectives in IT and OT.
New devices and technologies heavily influence the growth of the IT landscape. That includes the digital realm of servers, networking systems, storage solutions, and other devices for running apps and processing data and the traditional physical world comprising manufacturing systems, electromechanical devices, machines, and other industrial equipment.
In the olden times, the two worlds primarily occupied separate domains, shared little meaningful data, and relied on oversight from business staff with not-so-different skill sets. But the Internet of Things or IoT has changed the game in the past decade.
IoT is an ecosystem wherein physical objects with processing ability, sensors, and other technologies connect and exchange data with other systems and devices over the internet or other communications networks.
What is Operational Technology (OT)?
OT describes specific hardware and software with a distinctive ability to monitor and control the performance of physical industrial equipment, assets, processes, and events. It ensures physical operational systems are running smoothly without any interruptions.
OT is widely used in manufacturing, aviation, oil and gas, and energy among others. It supports mission-critical operations such as production facilities, utility distribution networks, assembly lines, roadway systems, and so on.
IIoT and OT: The ultimate convergence
The industrial IoT (IIoT), more specifically, is revolutionizing manufacturing and industrial processes. It uses advanced technologies such as machine learning (ML), Machine-to-Machine (M2M) communication, and Big Data to derive efficient outcomes and automate processes.
xCombining IoT solutions with industrial applications allows the entire system to proactively maintain itself and scale to meet fluctuating demands. Most industrial processes have been around for generations — with now a significant shift towards industrial automation.
The good news is that digital transformation and technological advances like Industry 4.0 and the IoT network security have enabled greater connections and alignment between IT and OT systems. The convergence has made the physical machines “smart,” offering enefits, such as:
- Predictive maintenance to reduce costs and improve efficiency
- Advanced monitoring, including real-time reports and alerts
- Remote controlling through the public network
- Implementation of AI and ML
- Process automation
OT comes into play in these futuristic processes as it deals with industrial operations where a sensor collects output data from machines and sends it to a service provider. It is connected to a programmable logic controller (PLC) or another industrial mechanism to collect data.
This data can be related to temperature, light, pressure, wind, vibration, and humidity and is stored in a private cloud for further analysis.
Advanced OT systems continuously monitor industrial operations, which help support infrastructure in manufacturing facilities. The feedback from these OT systems indicates when something needs to be fixed in your processes.
For example, if the temperature controllers on a heater or pump fail to work properly, an alert will be raised to fix the issue. The network of these IoT devices works at an industry-grade level, processing operational data from businesses of all sizes to keep them safe.
The need for OT security
But even though IoT connected devices are a massive asset for innovation, they can be an enormous headache for IT. You see, keeping track of all devices and ensuring compliance can get increasingly difficult.
Research shows that M2M connections will be 51% of the total devices by 2022. So you can imagine how important it is to sort out the IoT security fundamentals. However, 15% of device owners do not change the default password for the devices they buy.
Moreover, 90% of companies have had at least one Operational Technology (OT) system intrusion last year. That is where OT comes into play.
Given how IT environments experience various cyberattacks and security threats, the demand for OT security has grown tremendously as the technology advances and converges with networked technology.
OT systems were free from cyber-attack in the past because they were not connected to the internet. However, that is not the case anymore. The separation of IT and OT networks is common, leading to duplication of security measures and a total lack of transparency.
These IT and OT networks cannot keep up with what is going on throughout the attack surface. OT networks ensure safety within industries through constant monitoring while helping with other important tasks such as providing information to prevent accidents and reduce downtime.
Differences between IT and OT
Before we talk about the differences, let us first discuss IT, which stands for Information Security, and it involves the use of systems, primarily computers and telecommunications, to achieve various tasks such as receiving input, retrieving, storing, modifying, transmitting, and safeguarding data so it can be shared among others.
Hardware (physical servers, computers, network equipment), software (applications, operating systems), and auxiliary equipment create an IT network. In every industry, an IT network is utilized for managing company data and computer systems securely.
The convenience of IT products lies in their ability to deliver data and functionality through public cloud-based services. Some IT devices with sensing capabilities can further be classified into different consumer types depending upon their functionality.
OT and IT network infrastructure have similar elements, such as wireless technology, switches, and routers. OT networks can benefit from the rigor and experience IT has developed with standard network management and security controls over the years. However, there are a few critical differences between OT and IT you must know about:
OT network security infrastructure may need to be ruggedized when installed in severe industrial conditions. Having said that, the infrastructure must be resistant to extreme temperatures, vibration, shock, and corrosive air and chemicals.
2. Form factor
OT network devices come in smaller and modularized form factors to be easily mounted in different ways, such as light poles, rails or walls, in cars, and even embedded within other equipment.
OT network devices connect machines and IoT sensors that run communications protocols not commonly used in traditional IT networks. That is why industrial networking products must support various protocols such as Profinet, Modbus, and Common Industrial Protocol (CIP).
4. Network interfaces
Depending on the purpose, OT devices may support networks such as WiSun and LoRaWAN® for connecting IIoT devices.
Bird’s eye view of the key differences between IT and OT:
Security objectives of IoT and OT
The IoT is an expanding area of concern for both IT and OT technologies. The reason is that connected devices can cause tangible consequences in our physical world. They are constantly at risk of being hacked.
Maintaining security measures becomes increasingly important as they are used in critical infrastructures such as transportation systems and water treatment plants. There have been several cyberattacks on unprotected IoT and OT assets leading to dire consequences.
One such example is the Mirai botnet hack, which involved 150,000 hijacked IoT devices that ousted the Internet in the United States for a while. There have also been ransomware strains like NotPetya that crippled entire industry sectors.
IoT is a lot less concerned with operation than OT when it comes to safety. In fact, they are not even comparable. Sensors and devices may be found in many industrial settings, but these critical infrastructure components are handled under OT.
However, OT must always consider IoT challenges, such as verifying the network latency. It is critical as even a simple IT task like installing an update may require rebooting a system. The OT environment must identify it as a cause of downtime.
Hence, OT policies are drafted to ensure compliance with regulatory requirements for the proper functioning of equipment. It considers safety norms as per ICSs (Industrial Control Systems) and SCADA (Supervisory Control And Data Acquisition) systems.
Both OT and IoT devices provide new ways for cyberattacks to occur, but probably OT does not put the system at as much risk as the latter. However, it is advisable to thoroughly inspect every new end-point regardless of whether it is powered by the IoT operational technology.
Some devices may even have similarities in their functions or have distinct characteristics where one type of device might be more susceptible than the other.
The main characteristics of IT and OT devices
At first glance, IT and OT may seem compatible. IT systems are connected by nature and have little autonomy, while OT systems are isolated and self-contained, rely on proprietary software, and are engineered to run autonomously.
However, you cannot ignore the features both technologies bring to the table. IT devices are a great way to keep your business running smoothly. They are usually off-the-shelf, replaceable, and have an average lifespan of 3–5 years, with minimal maintenance required after purchase.
Most of these devices run on standard operating systems such as Windows, iOS, or Linux. On the other hand, OT devices are purpose-built to perform a specific task, so they often have specialized software and run on proprietary protocols. The longer lifetime of Operational Technology devices allows them to act on industrial sites for more extended periods.
They must be capable of being operated without interruption and have low maintenance periods. The devices must update quickly with minimal downtime to continue running 24/7 as needed throughout their lifespan, potentially going decades.
OT devices and IT systems often lack the latest software updates as they may also be difficult to access. Most of these devices are located remotely or sometimes even in harsh environments. Any modifications or software updates are subject to a complex approval process as even a tiny change may have an immense impact on industrial processes.
Over to you
While IT and OT have historically contributed to different aspects of modern organizations, there is now an opportunity to develop new efficiencies by applying the intelligence of IT to the physical assets of OT systems.
For instance, traditional temperature controls linked to OT systems could report readings through a closed-loop readout, which compelled employees “on the floor” to see whether adjustments have to be made on their end.
Times have changed and how. With IoT technology, those temperature sensors can be connected to IT networks, enabling them to communicate in real-time with other assets across facilities to optimize temperature levels automatically for optimal performance.
This article was originally published on https://www.intuz.com/blog/iot-operational-technology-convergence-with-it-and-key-differences on 10th, June 2022.