How do you integrate industrial OT into an IT network?
The digital transformation is leading to new requirements and expectations. As a prerequisite for Industry 4.0, businesses need to have far-reaching and continuous data flows between their management systems (i.e., for senior management, finance and decision making functions) and their industrial operations (manufacturing and logistics), as well as between production and handling equipment.
Information has to flow from the bottom up—from the workforce up to management. After all, effective production oversight and optimization involves the analysis of large volumes of data from the industrial environment. This analysis is performed by programs that either produce reports and dashboards for managers, or feed artificial intelligence systems.
But information also needs to flow from the top down, with management issuing control instructions to the workforce. Today’s managers want IT systems to handle more of the operations side because they believe that processes can be improved with automation.
In other words, data needs to flow in both directions. But in order for that to happen, the systems need to be connected and communicate using the same language. Until recently, these two challenges were considered almost insurmountable.
Removing the barriers between OT and IT
Traditionally, most industrial businesses have had two separate networks: one for information technology (IT) and another for operational technology (OT). Each came with its own communication protocols, equipment and even cultures, with workers typically using just one of the two systems, not both. In fact, individuals needed separate devices to connect to the separate networks.
The language barrier was the first to fall. Thanks to the power of the Internet, the TCP/IP protocol quickly became the common language for IT networks. And over time, it gradually gained ground as the primary communication protocol for OT networks too. Does speaking the same language mean the two networks can communicate effectively?
In a lot of companies, the answer is yes. In an ideal Industry 4.0 context, you no longer have two separate systems, but rather a single, fully integrated IT/OT network.
It’s clear where you want to go, but getting there isn’t always easy. And the stakes are high because no company can afford to have poorly integrated IT and OT systems. That could create serious security issues. At worst, a machine that stops, overheats or operates abnormally can cause considerable material damage or even physical injury to employees. Or it could simply jeopardize your regular operations.
So how can you make sure your IT and OT networks are properly integrated?
Here’s how in three steps:
1 - Define the exact objective of the integration
Most of the time, the goal is to:
- Converge your OT and IT networks so that operations can leverage the IT system’s computing power and latest technologies, and to connect these systems to the Internet so that data can be sent to external stakeholders (clients, suppliers, etc.);
- Protect operations from any harmful consequences that could arise from the convergence, like intrusions, errors, spying, incidents or disruptions.
Some businesses may have more specific objectives, such as facilitating the analysis of industrial data, enabling remote equipment monitoring, automating processes, etc. Clearly defining your business objectives can help you plan your system integration process.
2 - Determine the specific features of your IT and OT networks and delineate their perimeter
IT network characteristics:
The IT network connects standard computers to:
- Company servers
- Servers used by corporate functions like Finance and Human Resources
- Peripheral devices like printers and security cameras
- The Internet.
A network’s scope and architecture can vary from one business to another, as can the supporting hardware. But regardless of industry, most corporate IT networks have comparable, similar or identical technologies, including: Windows, Linux, Mac OS/iOS or Android operating systems, desktop computers, laptops, tablets, smartphones, WiFi routers, database servers, etc.
Global standards are pushing companies to ensure that all devices within the network can communicate, including those that aren’t recent. As a result, today’s IT networks are fairly homogenous.
In the past few years, two related phenomena have been redefining the perimeter of IT networks, namely:
- The network’s degree of openness to the Internet
- Its wireless accessibility, mainly through WiFi.
Now that laptops, smartphones and tablets have become so commonplace, and with more and more people working remotely, companies are having to draw new borders for their IT networks.
OT network characteristics:
OT networks are much more diverse, with certain features being industry-specific. The OT network of a printing business bears little resemblance to that of a plastics manufacturer, furniture assembly plant or major retailer distribution centre.
In fact, the very idea of a general OT network is mainly theoretical. Certain pieces of industrial equipment are connected to each other, but not all are. As a result, you might have two isolated mini-networks, each of which handles a specific function and has no organic connection to a company-wide OT network.
Many OT networks are still very physical in nature. In order to access a machine, you still need to plug into it directly or use an industrial control system (ICS) that’s already hooked up to it.
But several emerging factors are prompting companies to create an OT-specific digital communication network. These include the addition of sensors, the use of portable devices by industrial engineers, increasingly sophisticated industrial equipment, and requests for data from clients, suppliers and corporate finance departments. In order for businesses to effectively plan IT/OT convergence, the systems must be clearly delineated and documented.
3 - Establish IT/OT convergence rules and implement required systems
Before you can create your IT/OT convergence plan, you first need to establish rules that will allow user needs and security imperatives to be met. For example, you need to determine which internal and external users (using a VPN or cellular network) and which computers will be allowed access to which industrial machines, sensors or data. Will they be allowed to copy, process, export, modify or integrate the data in applications? What security levels should be applied to different data sets, equipment and processes?
Then you need to set up the means to apply these rules, monitor their application and address breaches. To do so, you need a unified IT/OT network architecture that is segmented into IT and OT subnetworks, properly protected, and monitored by reliable standardized equipment which is managed in a unified way.
Good communication between the IT and OT teams is essential for this. Integration does not imply absorption: before applying their logic and technology to the OT network, the IT team needs to gain a solid understanding of operational needs and requirements. This understanding is the foundation for a successful IT/OT convergence project.
NOVIPRO helps businesses with their digital transformation projects. Our Industry 4.0 experts can help get you on track to setting up a connected factory. Contact us to find out what we can do for you.
Read the next article of our OT Security and Availability series: What’s threatening your OT network and how to protect it?