What is Operational Technology? The Network Behind Your Network

Operational technology (OT) is a fairly new term that may be unfamiliar to a majority of the population. Upon first hearing the phrase, many individuals may inadvertently think of information technology (IT). While the two technologies are both important in the world of business and industry, they are two distinct entities. This article intends to introduce you to operational technology and discuss how it is implemented.

Operational technology refers to hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes, and events. The primary role of OT has been in stand-alone industrial control systems. In many cases, the controls were mechanical or used proprietary protocols that did not lend themselves to being networked. This was one of the defining factors that separated IT from OT. The functionality of information technology is largely predicated by its ability to take advantage of network connectivity.

The Internet of Things (IoT) has blurred the line between operational and information technology. The intelligence built into smart devices and the prevalence of wireless connectivity afford new levels of functionality to the equipment involved in OT. There is a wealth of data generated by OT implementations that can be made available to an organization’s IT systems. Network connectivity has dramatically affected the importance of an enterprise’s OT resources and how those devices and systems are protected.

Operational technology implementations

Photo by dhe haivan on Unsplash

The industrial and manufacturing sectors are two of the primary consumers of operational technology. OT is a broad term that encompasses computing systems, sensors, and control devices that are used to manage industrial operations such as production lines and mining operations. OT can also be used to control infrastructure components for oversight and automation.

Supervisory Control and Data Acquisition (SCADA) systems are widely used in industry and are an illustrative example of operational technology in action. SCADA systems are used to manage industrial control systems, which are connected to remote terminal units (RTUs) that act as monitors or actuators. Operators gain access to the processes through the SCADA console or display from which they can interact with the control units and RTUs.

Industrial automation and robotic implementations make extensive use of SCADA systems to enable human intervention to address alerts or process failures. Power plants, waste processing facilities, and production lines are just a few of the places you will find operational technology in the form of SCADA systems. In many cases, the failure of an enterprise’s operational technology systems can lead to catastrophic physical damage to a facility and harm to the surrounding population.

The use of operational technology is not confined to heavy industry, manufacturing, and utilities. Another popular implementation is in building infrastructure. Systems that control lighting, heating, and elevators all rely on operational technology. Mail sorting and warehouse fulfillment centers could not function without the benefits of OT systems. OT is behind many of the processes that we take for granted in the modern world.

Networking and operational technology

The ability to network devices increases their functionality. This fact has long been used advantageously by information technology systems. Computer networks are responsible for driving business in the 21st Century. They are intrinsic components of the education and healthcare systems. Human interaction through constructs like the Internet and social media would be impossible without the power of computer networks.

Operational technology has traditionally not required general network connectivity in many of its implementations. While devices within a power plant or assembly line were connected locally, there was no need to integrate with more extended networks. The systems were only used within the physical facility in which they were located.

Miniaturization and wireless communication have presented new opportunities that promise to extend the capabilities of operational technology implementations. Miniaturization has enabled the development of sensors that can be deployed in situations where cabled network connectivity was impossible. This fact has been used by business and industry to monitor and control many more types of systems.

Wireless capability works hand-in-hand with smaller components to allow operational technology to be implemented in new and creative ways. IoT devices are being incorporated into intelligent networks that can help cities manage traffic flow or dynamically tune solar power collectors. OT in some form powers almost all automation implementations.

Security in operational technology

Photo by 30daysreplay (PR & Marketing) on Unsplash

Network capabilities offer opportunities for enhanced functionality as well as introducing more risks to the connected systems. Due to the critical nature of many OT systems, keeping them secure is of utmost concern to security professionals. There have been major cyberattacks directed at OT networks such as the Triton malware infection of December 2017 and NotPetya. These attacks on critical infrastructure highlight the need to take OT security seriously. Cybercriminals associated with nation-states see OT systems as inviting targets for two reasons.

The first is the vital nature of the systems they are targeting. Taking out the control systems of an oil production facility or power generation plant can cause immediate and serious financial and physical damage. Unsecured OT is a liability that needs to be immediately addressed.

The second reason that OT systems are gaining increased scrutiny from hackers is the growing convergence of OT and IT systems. We will look more closely at this phenomena shortly. Cybercriminals can potentially gain access to a business’ sensitive IT data by compromising their operational technology implementation.

Some specific issues impact the ability of organization to fully address the cybersecurity risks to its OT. Among them are:

• Lack of visibility into operational technology systems hinders the ability of cybersecurity teams to detect and respond to threats.
• The complexity of OT networks can pose obstacles to implementing robust security measures. They are often comprised of hundreds of devices from multiple vendors, making it difficult to keep all components secure. A single vulnerability is all it takes to compromise a network.
• The pace of change as OT and IT converge is another factor that limits an enterprise’s ability to fully protect their OT environment. Organizations may move too quickly when integrating systems to maintain a perceived competitive edge.

OT/IT convergence

Systems implementing operational technology have employed computers for many years. Until recently, they were mostly proprietary or stand-alone systems that were isolated from an organization’s main IT infrastructure. That is rapidly changing, and in the last few years there has been a growing convergence of OT and IT systems.

IT/OT convergence is the integration of an organization’s data-centric computing systems with the operational systems used to monitor and control physical processes. This convergence is mutually beneficial, as IT gains access to new data streams, and OT is modernized through its association with an enterprise’s full computing resources.

Companies are faced with several challenges when navigating the new landscape of converged informational and operational technology. Here are some of the most common issues.

The conflicting availability requirements of the OT and IT processes impacted by outages can cause complications when attempting to integrate systems. Operations may not be able to tolerate the weekly downtime required for IT system maintenance.

Security is a major concern for all facets of an organization. Incorporating the OT landscape into a company’s IT security policies is no trivial undertaking. New tools and skillsets may need to be employed to protect the OT systems. These tools may not be fully compatible with the current IT security toolkit, further complicating the work of a security team and perhaps exposing new vulnerabilities.

Internal organizational resistance to the convergence can arise due to deep philosophical differences. An IT team’s primary security concern is protecting data, whereas the main impetus of an operational team is safety and availability. It can be very difficult to find the necessary common ground to successfully integrate the IT and OT environments.

The Internet of Things is driving the convergence of IT and OT as companies struggle to make use of the tremendous quantity of data with which they base their business decisions. An organization’s OT systems are just as important, though perhaps less well-publicized, as their IT resources.

Here's more IIoT articles that may interest you:

• Top IIoT Platforms
• Industrial data: In the Cloud and On the Edge
• IT/OT Convergence: A Key Step on the Path to IIoT