IT and OT (Operational Technology) are two different departments and they often report to two different organizational units in the company. With digitization and all these new technologies introduced into the industrial environment (ICS/DCS), it is very difficult to specify the scope of activities of the two departments, and often their responsibilities are intertwined. This ambiguity and shared responsibility leads to conflicting situations. Do you think it is time and necessary to unite the two departments (IT and OTs) into one unit, called for example "Technology Department", and thus solve the problems with the ownership, responsibility and scope?
Sort by:
With the rise of Industry 5.0 along with digital transformation, IIoT, and increased focus on security is driving companies across industries to rethink their traditional siloed approach to IT and OT.
In my view, IT and OT convergence is inevitable, to have full digital transformation. But there are significant challenges such as legacy equipment, time-honoured, manual processes, and resistance to change—from business, IT and OT, which often prompts questions concerning investment, leadership, and governance. The major hurdles are organisational and cultural, as technological challenges can be easily addressed than the human side.
IT and OT differs in many ways, such as informational activities, data availability, device characteristics, networks etc. Here are a few of the many ways to bring IT and OT together to solve the problems related to ownership, responsibility and scope - strong governance, upskilling IT and OT teams to foster collaboration, using standardised framework, focus on improving visibility (data) & security, upgrading network infrastructure.
- Collaborte to use technology, resources, processes, and governance principles can help to reduce overhead costs
- Enhance operations by upgrading network infrastructure With the right industrial switches, routers, management and security tools can offer many benefits to minimize unplanned downtime, operational cost reduction etc.
- Integrated approach to security by strong collaboration between IT Security Experts with OT teams to formulate an integrated approach to security that caters to the specific constraints of industrial assets and processes to minimize risk.
- Integrate Data & Analytics to gain insights that businesses can use to drive operational efficiency and productivity and while increasing performance and competitive advantage.
I appreciate the responses regarding the convergence of IT/OT into one org. In that same spirit, has anyone considered or actually outsourced the management of core ICS/DCS infrastructure?
Historically in my career I've seen OT projects being deployed much faster and with much more adherence when the OT department is separate. When the company is trying to converge, in the beginning is very common to see IT asking for demands hard to be applied such as three environments (DEV, staging and production) for the systems, when only the production one has real access to PLCs and can have effective tests. OT is still used with Site acceptance test, many times requiring the entire process to be stopped for this test. IT surely can make it better but the demand can't be only for computer systems such as SCADA, but also for the lower level, including the PLCs. This requires a change in the industry, with major players like Rockwell, Siemens and Schneider Electric to provide simulation systems to be used in a practical way for deployment tests, preferably mirroring real time data from PLCs. One disadvantage I see when OT is completely decoupled from IT, specially in smaller corporations, is a naive attitude regarding security. The most popular protocols such as Modbus also don't help in this area. When an IT executive called for the project starts questioning about TSL and user-access, big disagreements tend to arise. I've worked with a large corp that after years struggling, decided to keep both areas separate, but with a team much more prepared to talk to each other. The result was Electrical Engineers in OT being trained for best security practices in ICS and computer scientists on the IT team having a better understanding on what PLC and SCADA systems are and what you can expect from them. This is the best scenario I have seen. OT takes care of SCADA/DCS and PLCs. IT handles the database, hardware virtualization and physical network infrastructure.
No, the scope of responsibilities and compliance requirements in those fields diverging enough that it would probably add extra overhead to OT, which is not subject to the myriad of regulatory challenges IT is.
I'd rather try to define/outline the processes clear enough so at the end, core functions from one unit are a service to the receiving unit, which also adds accountability.
Over time, this convergence is probably inevitable. We have started on this path by having IT take over running the IT-like parts of the OT world (industrial networks in levels 3 and above in the Purdue model), and we are opening the door to further convergence, such as hosting a DCS on an IT-managed hyperconverged infrastructure.
However, for now, there are still some major gaps between the mindset of IT and that of OT, which precludes a quick convergence. Particularly in infrastructure, although many of the technologies are similar, the way you approach processes in IT and in OT are just too different to handle through a single channel immediately... but further down the road, it's going to happen.