Though traditionally operational technology and information technology were kept separate, these two worlds are becoming increasingly intertwined, and both forms of technology are becoming more likely to connect to the internet.
What is Operational Technology?
Operational technology (OT) refers to the hardware and software used to change, monitor, or control physical devices, processes, and events within a company or organization. This form of technology is most commonly used in industrial settings, and the devices this technology refers to typically have more autonomy than information technology devices or programs.
Examples of OT include SCADA (Supervisory Control and Data Acquisition), which is used to gather and analyze data in real-time and is often used to monitor or control plant equipment. Industries such as telecommunications, waste control, water control, and oil and gas refining rely heavily on SCADA systems.
Many types of OT rely on devices such as PLCs (Programmable Logic Controllers), which receive information from input devices or sensors, process the data, and perform specific tasks or output specific information based on pre-programmed parameters. PLCs are often used to do things like monitor machine productivity, track operating temperatures, and automatically stop or start processes. They are also often used to trigger alarms if a machine malfunctions.
Access to OT devices is typically restricted to a small pool of highly trained individuals within an organization, and these types of devices may not be updated or changed for months or even years. Since these devices are highly specialized, they rarely run on standardized operating systems (like iOS or Windows), and instead, generally, require custom software to function.
What is Information Technology?
Information technology (IT) refers to anything related to computer technology, including hardware and software. Your email, for example, falls under the IT umbrella. This form of technology is less common in industrial settings, but often constitutes the technological backbone of most organizations and companies. These devices and programs have little autonomy and are updated frequently.
Access to IT programs and connected devices are typically less restricted than to OT devices, and many, if not all, employees at a given organization may be granted access.
The main difference between OT and IT devices is that OT devices control the physical world, while IT systems manage data.
What are Industrial Control Systems?
Industrial control systems (ICS) are a type of OT and consist of any systems that are used to monitor or control industrial processes. This could include a mining site’s conveyor belt or an alarm that lets employees know if a piece of equipment is getting dangerously close to overheating.
ICSs are often managed by SCADA systems, which may provide users with a graphical user interface. This interface allows the user to observe the system’s current status, enter system adjustments to manage the process, and observe any alarms that indicate something is wrong.
How to Intermix Operational & Information Technology with Industrial Control Systems
At first glance, IT and OT may not seem compatible. OT systems are isolated and self-contained, designed to run autonomously, and rely on proprietary software. On the other hand, IT systems are connected by nature, have little autonomy, and generally run using readily available operating systems. However, incorporating IT into your OT operations can have many benefits.
IT Can Improve OT Operations
In the past, most OT devices were utterly cut off from not only the internet but even most internal networks, and could only physically be accessed by a select few authorized employees. However, it’s becoming increasingly common for OT systems (including ICSs) to be monitored and controlled using IT systems.
While inputs on many OT devices may have traditionally been limited to a physical panel or keypad that required workers to input commands or data physically, more OT systems and devices are now being controlled and monitored remotely via the internet.
IT can be used to make operating an ICS or other OT device easier. IT can be used, for example, to monitor parts and alert employees when a component is failing, allowing the employees to procure and install the spare part before the damaged part fails. By replacing the damaged part before it fails, employees can not only help ensure that production isn’t disrupted but can also prevent a cascading effect if the damaged part’s failure could lead to more extensive damage. A damaged part may not only cause a machine to fail, but that failure could also have serious consequences for the health or safety of employees working nearby.
IT can also provide employees with real-time reports on the state of the OT device, and allow them to respond and correct system errors in seconds. This means that if an alarm goes off to let employees know that a piece of equipment is malfunctioning, they can either shut down the device remotely (reducing the chances of an industrial accident) or otherwise address the situation right away before it becomes more serious.
Don’t Forget to Secure Your Connected OTs
IT systems can be a huge boon for ICS and other OT systems; it can also leave OT systems vulnerable to cybersecurity attacks if appropriate precautions aren’t taken. Any time a device is allowed to connect to the internet, or even to a network that can be accessed via the internet, there is a chance that a cybercriminal could gain unauthorized access.
A cyber attack against an OT device could have catastrophic consequences. Not only can specialized equipment be damaged (resulting in costly repairs), but the damaged equipment could pose a health or safety hazard.
Before you integrate IT into any OT system, it’s vital that you create and implement appropriate cybersecurity protocols. A good MSSP (Managed Services Security Provider) can help you do a thorough audit of your current systems, and help you ensure that adding IT to your ICS or other OT device won’t compromise your cybersecurity.