Feature Article
IT-OT Convergence: The Importance of Aligning
Historically Disparate Technologies
Derek Harp, Co-Founder and Executive Board Chairman
NexDefense
Bengt Gregory-Brown, Cyber Security Researcher and Analyst
Sable Lion Ventures and NexDefense
Since the advent of information technology (IT), occurring several
decades after the onset of operational technology (OT), these two organizational units have existed as separate entities - different in every way yet
linked by a common enterprise. Their history of parallel development has
provided each with unrelated processes and technologies running on distinct
infrastructures, following separate standards and managed by isolated organizational departments.
Historically, OT sits on one side of a spectrum, working as mature,
slower-moving, yet highly reliable technology within systems that operate
tirelessly to ensure the integrity and reliability of critical infrastructure. In
contrast, IT typically resides within business and enterprise operations, a
more corporate environment that is often considered innovative and fast;
frequently making significant improvements to modernize data processing
and storage, communications and connectivity, network availability and
information security.
Although originating as disparate entities, connections between IT and
OT have significantly grown in recent years, largely as a result of OT's
adoption of IT technologies that notably improve efficiency and reduce
costs in industrial and manufacturing environments. The increase in connectivity and open communications technologies have IT appearing and
actively participating throughout the operational space by way of facilitating networking and connectivity requirements for contemporary industrial
devices such as programmable automation controllers, human-machine
interfaces, variable-frequency drives, robots, sensors and actuators, and a
growing variety of other devices linked to common network and communicating common open protocols.
In response to these trends and advancements, some companies have
begun to proactively address their technological dependency by building
internal hybrid IT teams within operational business units, often distinct
and removed from enterprise IT, yet uniquely skilled to apply learnings
and best-practices that interconnect production to business operations. For
other companies, some still retain both intentional and sometimes artificial
separations between their IT and OT staffs that lead to inefficiencies and
even heightened risk across the organization.
While for some a clear divide between IT and OT may seem sensible due
to history and aging technologies, as the OT systems evolve and are
16
www.RemoteMagazine.com
upgraded, it's increasingly recognized that sustaining IT and OT separations
actually creates duplications of staff, similar training requirements amongst
personnel, misaligned priorities and even agendas that lead to broken communications and contention between groups. With labor costs perpetually on
the rise and a growing shortage of appropriately skilled resources, basic business considerations do not favor maintaining segregated IT and OT units.
Compounding the fact that the very network infrastructures and architectures
of IT and OT are more and more similar, a more skilled and streamlined
workforce can enhance company agility, better protect assets and operations
and ultimately amplify profitability.
In addition to operational inefficiencies and financial burdens, the disconnected organizational units create vulnerabilities and significantly widen
the exposure for an adversary to gain network access. Prior to operations
adopting IT technologies, someone with malicious intent would need to
be physically in the facility to break into a control system - and damages
would be fairly limited and localized. With digitally interconnected systems, however, a malicious hacker can gain access remotely into a network
and potentially disrupt every system to which it connects. Without a collaborative and unified OT and IT, unauthorized activities and even successful
attacks may go unnoticed until significant damage results, as happened in
the German steel mill incident of 2014.
Developments in recent history show that the benefits of IT-OT convergence are both diverse and extensive. The power industry, for example,
has made substantial investments in the past decade to align these key
business elements to improve business processes, increase electric systems
performance, and ultimately improve customer satisfaction by reducing
both frequency and length of power outages. IT-OT convergence, providing intelligence to and communication with the lowest levels of distributed
infrastructure, is increasing companies' ability to proactively manage their
resources, optimize their systems and provide workforces with greater
insight and actionable information. Other critical industries and application such as oil and gas, water, pharmaceutical, transportation, food and
beverage and general manufacturing are also similarly moving to greater
convergence between IT and OT technologies, pulling along with it greater
linkage between respective competent staff in each discipline.
The benefits derived from the marriage of IT and OT are fairly recent
phenomena for a majority of industry. In the past, and for some still today,
the deep-rooted disconnects between information and operational technology generated inefficiencies and unreliable outputs that persisted for decades.
The significant benefits to be gained via convergence, including better
reliability and availability, reduced security risks and enhanced performance
and throughput had been overlooked, yet today demand attention across
the technology landscape. The much needed transition to adapt and evolve
older systems to these new, more efficient designs is not an easy undertaking, however, as both IT and OT have significant hurdles to overcome as
each pursues stronger interaction an collaboration - no hurdle greater than
facing the challenge of achieving interoperability without disrupting critical
services or financially impacting the enterprise.
The Challenges of Convergence
Because OT and IT were traditionally managed as separate organizational silos, most everything in separated organizations appears as near
polar opposites. Such stark differences can be seen in organizational
charts, policies and processes, budgets and manpower, commissioning and
lifecycle management approaches, expectations for equipment lifespan,
operational priorities for availability and uptime all the way to company
culture and staff turnover. Such divisions make convergence a difficult task
requiring much more than changes to reporting structures and job descriptions. It requires top-down leadership and support, adequate planning and
http://www.RemoteMagazine.com
Table of Contents for the Digital Edition of Remote - Spring 2015