Bridging the IT and OT gap

While Information technology (IT) systems are used for data-centric computing, operational technology (OT) systems monitor events, processes, and devices in plants and process facilities, typically in industrial operations. 

Historically, organizations grappled with the traditional physical world (machines, manufacturing systems, industrial equipment) and the digital world (servers, storage, applications, data). 

Throughout the years, these two areas of industrial operations have occupied separate IT domains and shared little meaningful data or control, resulting in silos of devices unable to communicate and share information, even if both are specialized and electronic. 

But today, the worlds of IT and OT are converging. 

Convergence of IT and OT is catalyzed by advances in technologies such as the internet of things (IoT), Big Data analytics and machine-to-machine communication. 

IoT includes an assortment of sensors that can gather real-world conditions (temperature, pressure, chemical compositions) and an array of actuators capable of translating digital commands and instructions into physical actions (controlling valves, moving mechanisms). For an enterprise to take advantage of all the information from manufacturing or process operations requires the connection between a domain where data is generated (OT) and a domain where data is consumed (IT). 

IT OT convergence can merge business processes, insights, and controls into a single uniform environment if implemented correctly. 

More about IT/OT convergence

Enabling convergence between OT and IT domains is realized by an edge framework and an integration platform, usually located in the cloud or on premises in a data center.

Such convergence improves efficiency, reduces errors, enhances workflows, and allows businesses to gain competitive advantages.

In many industries, IT and OT convergence has been in place for quite some time (such as oil and gas), but it remains a challenge in IIoT (industrial internet of things) developments in practice. Convergence tends to be a challenge as two different worlds that have worked separately in the past with completely different systems, technologies, and vendors, have now to collide in the context of IIoT and the industrial internet. The challenge is more about new ways of thinking than technology, but modern technology is required, particularly for cybersecurity reasons.

With all the challenges and functional questions, it implies, IT OT integration necessary in IIoT.

The graphic below from the Industrial Ethernet Book shows various components of these two domains

IT OT Convergence

IT OT Convergence

As IT/OT convergence is adopted across industries, IT teams must work alongside their OT engineers to contribute to the overall business bottom line.

The Purdue Model is a concept-based model used in industrial control system (ICS) network segmentation to show the interconnections and interdependencies of typical ICS components. The model provides foundational language for control systems security regulatory controls.

IT OT Integration Purdue Model

Purdue Model

The Purdue Model delineates security boundaries between users, ICS networks, and business networks and shows how these boundaries have blurred in recent years as IT/OT convergence gained importance.

Current Purdue architecture breaks down O.T. and I.T. into six functional levels that run from level 0 to level 5 across three principal zones: industrial, DMZ, and enterprise.

Enterprise zone:

where business systems such as ERP and SAP typically live. Here, tasks such as scheduling, and supply chain management are performed. It can be subdivided into two levels:

  • Level 5: Enterprise network; it covers the enterprise IT systems
  • Level 4: Site business and logistics enabled by enterprise resource planning (ERP) systems, database servers, application servers, and

Industrial Demilitarized Zone (DMZ):

The DMZ provides a buffer zone where services and data can be shared between the operational and enterprise zones.

  • Level 5: this level has been created as an IT/OT convergence outcome. It consists of security systems such as firewalls and proxies, which moderate bidirectional data flows between OT and IT systems.

Manufacturing zone (also called the Industrial zone): 

This is where the action is; it is the zone where the process lives. It is the core.

  • Level 3 – Site operations & control: it is where systems that support plant-wide control and monitoring functions At this level, the operator interacts with the overall production systems. Systems typically found in level 3 include database servers, application servers (web and report), file servers, HMI (Human Machine Interfaces), servers, engineering applications.
  • Level 2 – Area supervisory control: Many of the functions and systems in level 2 are the same as for level 3 but targeted more toward a more minor part or area of the overall Systems typically found in level 2 include HMIs (Human Machine Interfaces) (standalone or system clients), supervisory control systems such as a line control PLC (Programmable Logic Controllers) and engineering workstations.
  • Level 1 – Basic Control: This is where all the controlling equipment The primary purpose of the devices at this level is to open valves, move actuators and start motors. PLCs (Programmable Logic Controllers) and controllers are typically found at level 1.
  • Level 0 – Process: This is where the actual process equipment that operators control and monitor from the higher levels Devices such as motors, pumps, valves, and sensors that measure speed, temperature, or pressure are found at this level. As level 0 is where the actual process is performed, and the product is made, things must run smoothly and uninterrupted. The slightest disruption in a single device can cause mayhem for all operations.

IT/OT convergence: Types, benefits, and challenges

IT/OT convergence (also called IT OT integration) usually merges separate networking, management, servers, and tools into one managed product; it does not represent a single effort or initiative. Such initiatives cover several types and categories depending on the utility’s goals and needs.

According to TechTarget, these categories include:

  • Process convergence where IT and OT departments must reform their processes to accommodate each other and ensure important projects are communicated between If a business is, for instance, following a specific method for storing and protecting IT data, such a process might be adapted or extended for converging OT systems.
  • Software and data convergence allows accessing information in business applications and data in the front office to address OT needs. Such technical convergence involves the network architecture of the
  • Physical convergence includes physical devices converging with newer hardware to accommodate the addition of IT to traditional Such operational convergence might include purchasing new OT systems to facilitate data communication and control.

IT OT integration enables more direct control and complete data monitoring from anywhere globally and facilitates digital transformation. The integration allows access to data from devices across applications and establishes relationships between data sources.

Since direct access to real-time and converged data is guaranteed, employees can perform their jobs more efficiently and make better decisions, creating organizational value. This increases competitiveness, improves visibility and responsiveness to avoid unplanned downtime, and allows complete control over parameters and policies, revealing how equipment is always running and when/if an incident might occur based on historical data and conditions.

But we all know that the higher the stakes, the higher the risks. As such benefits do not come without consequences, specific risks and threats should be considered when opting for such integration.

The first thing to be concerned about is both teams’ – IT and OT – have different perspectives. IT is used to dealing with business data and executives and using the latest technology and practices. In contrast, OT is used in manufacturing and physical devices that last for decades. Therefore, it can be quite challenging to create a collaborative environment where both can work and trust the added value of the other.

Communication is also a challenge in that achieving a meaningful level of IT-OT convergence is only possible when IT and OT devices can establish two-way communications with one another. Unfortunately, edge devices are usually only capable of one-way communication; they can produce outbound data but do not accept inbound management traffic.

Another case of discordance is when an OT device does not use standard communication protocols and is therefore incompatible with existing IT networks. So, extra work on both ends is needed to facilitate communication for convergence to be successful.

Scalability is also considered a barrier to IT-OT convergence. As edge devices produce enormous amounts of data, it is possible that they collectively overwhelm an IT infrastructure. Unless the IT systems are prepared for the actual number, the IT infrastructure may be flooded by a lot of data and thus not be able to handle the number of edge devices.

Security is the greatest and most common challenge for IT/OT convergence, especially true when using an older OT hardware. Such devices are often engineered with minimal consideration for security, providing a vulnerability point for cyber criminals to launch an attack against the entire network and IT resources.

Luckily, OT devices tend to produce packets with specific structures. The IT structure can use smart filtering to detect and eliminate abnormal packets that may indicate an attack.

Despite this, valid cybersecurity concerns are delaying IT/OT convergence. Utility companies, for instance, are progressing slowly, even as they invest in such technology.

In fact, and according to a Deloitte report, 59% of companies have experienced a data breach caused by one of their vendors or third parties.

How can executives ensure execution excellence?

It is vital to understand that IT and OT teams must collaborate to enable operational continuity and maintain a digitally secure environment.

So, what is the right way to approach an IT/OT convergence initiative?

A clear picture of the organization’s overall objective is a good starting point. The ‘convergence’ team is well advised to develop a roadmap that outlines how and when IT and OT overlap. Such a plan will enable IT and OT teams to enjoy a mutual understanding of the project’s long-term goals and work toward them together. Remember that the roadmap should help facilitate dialogue between the two groups and define specific roles and responsibilities.

Once roles are clearly defined and both groups have clarity on what the other one does, the tools and technologies that enable the unifying structure to follow naturally, enabling the integration of multiple IT and OT data sources into a single and common format in a secure way.

Such a platform allows teams to perform threat analysis and cyber-risk management, identify process inefficiencies, and perform predictive maintenance on IoT hardware assets.

Integration Objects has developed the Smart IoT Highway (SIOTH®) as an IT OT integration platform. SIOTH® is a highly customizable, scalable IT/OT solution applicable in all industries. SIOTH® ensures the delivery of data and information to stakeholders for decision empowerment efficiently and cost- effectively.

SIOTH - Smart IoT Highway

SIOTH® – Smart IoT Highway

Main SIOTH® features include:

  • OT/IT Data Exchange
  • Built-In Cyber Security
  • High Availability & Scalable Architecture
  • Flexible Data Model & Real-time Historian
  • Orchestration & Synchronization
  • Unified HMI for a Single Interface
  • Flexible User Management

SIOTH® provides a centralized intelligent highway that ensures secure communication between OPC apps, and the unified human-machine interface (UHMI) used to control and monitor critical infrastructures. It establishes secure end-to-end pipelines to collect and store data from edge and IoT devices. It then turns industrial data into actionable intelligence and increases productivity.

Contact us to learn more about SIOTH® and secure IT/OT integration.

Related Posts