Balancing the scales: How IT/OT convergence is required to support the next industrial revolution

Courtesy: CFE Media and Technology
Courtesy: CFE Media and Technology

There have been plenty of industry discussions around the need for information technology (IT) and operational technology (OT) convergence. Much of the talk has concerned investment in cybersecurity but in reaction to what? While there is good cause to be proactive in terms of cybersecurity, is there a better reason for driving business value from IT/OT convergence? What is it about digitization, the motivating force behind Industry 4.0, that can deliver business value? And finally, what is it about the separation of the IT and OT disciplines that requires convergence in the first place?

There are plenty of industry buzzwords that can sometimes add confusion to the conversation. Industry 4.0, digitization and “Smart Manufacturing” are all descriptive terms that stand on the concept of digital interconnection – the ability for production machines, devices, sensors and people to connect with each other to drive more business value. This value can be delivered through improved manufacturing flexibility, efficiency and effectiveness. These connections rely on establishing new communication pathways to facilitate the delivery of data, information and insight both from and to the plant floor. One key connection or communication method that can be accomplished through network connectivity technologies is the Industrial Internet of Things (iIoT).

Unlocking new possibilities for production optimization with iIoT connected devices

In the past, process and control data was typically delivered in a closed loop to help measure and optimize production processes against fairly static standards. With IIoT-connected devices, this same data can now be used for much more. Production data can be easily communicated, centralized, aggregated with other data and transformed into production and business information. And, with an additional overlay of human and/or machine learning, new insights can be gained and applied to production strategies. This new context-rich insight can be fed back to the production floor in near real-time to help plant floor operators, cyber-physical systems and automated processes make better decisions to drive competitive advantage through efficiency and continuous improvement. For example, consider the combination of time series and production parts wear information where data can be fed into digital twin models to help with predictive maintenance and improve overall equipment effectiveness metrics.

The need for collaboration between IT and OT in iIoT-enabled automation

This level of automation necessitates new bidirectional IIoT communication pathways to efficiently move data from production to enterprise systems and back again and requires IT and OT team members to work together and more closely than ever. OT subject matter expertise is needed to capture meaningful production data from machines, devices and sensors at the edge of the production floor and securely deliver it to enterprise on-premise and/or cloud-based data centers. IT expertise is needed for data storage and management to support data availability to enterprise systems so it can be combined with additional data sources to provide context and drive insight. Managing this collection of production data along with the context needed to give it meaning requires the strengths of both IT and OT disciplines.

Challenges with cybersecurity and extending traditional IT security solutions to OT environments

One downside of adding IIoT communication pathways to facilitate the movement of data and insight is the cybersecurity implications of connecting and supporting the potentially large number and diversity of IIoT devices and sensors on the production floor. This connectivity can create a complex and dynamic attack surface for cybercriminals to target. Here too, IT/OT convergence is critical. Traditional IT security solutions are being extended to OT environments to take advantage of scale economies, but these solutions and best practices are typically insufficient to protect industrial control systems and OT networks. OT systems are typically designed with safety and reliability in mind, rather than security, and often do not have the same level of security controls and monitoring as traditional IT systems.

Marty Van Der Sloot, Interstates’ Director of Operational Technology, unpacks this, saying, “To address these challenges, industrial manufacturers need to implement a comprehensive data and cybersecurity strategy that includes both IT and OT security measures, such as network segmentation, intrusion detection and prevention systems, access control, regular vulnerability assessments, table-top exercises and penetration testing. They also need to invest in cross-training programs to ensure that employees collaboratively understand both the IT and OT risks and best practices for maintaining data and system cybersecurity in an IIoT environment.”

IT/OT convergence gaining momentum

The good news is the importance of IT and OT convergence is largely understood and is gaining traction in practice. “We are seeing more and more evidence in our own work in support of industrial manufacturers,” says Dan Riley, who leads Interstates’ Analytics consulting group.

Riley offers this great example: “We recently were able to interject a quality control step earlier in a production process that includes an IIoT-enabled high-speed imaging system to deliver early process quality measures. This data is analyzed in near real-time with a machine learning overlay that provides guidance to make incremental adjustments to improve downstream product quality while increasing overall production volume. This same data is combined with upstream ingredient data and downstream final production data to evaluate the impact of ingredient quality by supplier and how it impacts overall production and business value. We have been able to participate in the conversation between the plant floor OT group and the enterprise IT group as we have built out the data modeling needed to deliver this solution.”

Striking a balance: The importance of convergence without dominance

While the evidence of increased convergence is good news, it is important to note that convergence does not mean dissolution, absorption, or over-domination by either discipline. In convergence, the balance between IT and OT is variable by organization and can even be variable over time as the shared knowledge base continues to inform both sides of the house. But IT and OT are clearly differentiated by design, and there should always be appropriate representation from both disciplines.

A few key differences between IT and OT environments and disciplines are worth noting. First, industrial control systems (ICS) have historically been designed to have much longer lifecycles – tens of years in contrast to the typical 18-to-36-month IT lifecycles. In OT, the longer-life legacy systems often have downstream sensors and controllers with operating systems, software and even firmware dependencies, making routine patching and following IT security standards challenging. OT cybersecurity risk is typically assessed in terms of “fit for purpose,” meaning it is right-sized based on risk, production criticality, safety and other production-centric considerations. Other key differences are system availability and the cost of downtime.

Van Der Sloot characterized these differences, saying, “While sometimes painful, most IT assets can be rebooted after a security update or can be down for some period for service and support without significant cost to the organization. By contrast, OT assets are often critical to production, and even simple production machine reboots can only safely be conducted during planned downtime, sometimes as infrequently as quarterly maintenance windows. The monetary cost of unplanned OT downtime affecting production can be significant.”

Cultural investments for IT/OT convergence: Strategies to foster collaboration and common goals

Microsoft, Intel and IOT Analytics’ IoT Signals: Manufacturing Spotlight report from August of 2022 lists three imperatives for digital transformation:

  1. Adopt Industry 4.0
  2. Integrate IT and OT
  3. Foster a digital-first culture

The report beautifully summarizes the second imperative of integrating IT and OT in this way:

“Industrial setups have used operational technology (OT) for many decades, including programmable logic controllers (PLCs) and sensors. The heavy usage of IT systems— for example, ERP and MES—began in the 1990s. Today, advanced technologies (such as AI and cloud and edge computing) enable the convergence of OT and IT ecosystems in factories. To take advantage of information-driven factory dynamics, manufacturers must deploy enterprise architectures that integrate the best of both worlds. And the integration can go in. each direction—for example, adopting IT-based software containerization approaches on the shop floor or virtualizing highly sophisticated OT or asset models in the IT world via digital twins.” (Page 11)

There are a couple of key investments that can help with culturally moving toward convergence. Partnering IT and OT resources for collaboration, training and even job shadowing can help build empathy and understanding across historically siloed environments. Common business goals help unify IT and OT organizations while also standing on and celebrating each area’s specific subject matter expertise. These common goals can also establish joint accountability to help effectively solve the problems associated with securely moving data bi-directionally at scale between the plant floor and the enterprise, providing improved business value and competitive advantage.

Ultimately, if there are cultural barriers that add complexity to IT/OT convergence strategies, it may be helpful to work with a neutral third party such as your systems integrator, an analytics provider, or a cybersecurity firm that has understanding and experience across both disciplines. Engaging a third party to help design and facilitate a project with specific “data-to-insight” goals, along with exposing and solving associated security risks, is a great way to add subject matter expertise. They may also help engage internal IT and OT resources to naturally help reduce friction, facilitate dialogue and set the stage for future collaborative engagement.




Keep your finger on the pulse of top industry news