By Challenge
By Industry
Featured content
Cyolo to Advance and Transform Cyber Physical Systems with NVIDIA Cybersecurity AI Platform
SANS 2024 State of ICS/OT Cybersecurity Report
7 Shortcomings of Legacy Secure Remote Access (SRA)
2024 Gartner® Hype Cycle™ for Cyber-Physical Systems Security Names Cyolo as a Sample Vendor
Until quite recently, organizations operated, managed, and maintained information technology (IT) and operational technology (OT) separately from one another. But in the last several years, the increasing digitalization of the industrial sector, coupled with the rise of widespread remote work, has blurred the borders between IT and OT. The resulting phenomenon, which is commonly called IT/OT convergence or IT/OT interfacing, has led to new opportunities as well as well as new risks. But before tackling the challenges of IT/OT convergence, it is crucial to understand the differences between OT and IT and how, when, and why each is used.
What is IT?
IT is the computer technology software and hardware that is used for creating, managing, sharing and storing digital organizational data. This includes the management and maintenance of computing resources (on-premises or in the cloud), networks, databases, servers, computers, and other related systems. Email systems, customer relationship management (CRM) software, and enterprise resource planning (ERP) software all fall into the IT category.
IT infrastructure forms the backbone of the modern digital organization and is used by departments that rely on the flow of data, such as engineering, marketing, sales, finance, and human resources (HR). Notably, IT can be adjusted and retooled and is frequently updated to ensure relevance and security. IT systems are usually though not always connected to the internet.
What is OT?
Whereas IT refers to digital and electronic information, OT is the technology hardware and software used for managing, controlling, and monitoring physical industrial devices and machines. OT is used in physical production industries, like utilities, oil and gas, manufacturing, and more.
OT networks consist of two layers:
The Operational Network – The PLCs (programmable logic controllers), sensors, RTUs (remote terminal units), and actuators. These are the physical components used to monitor and control the equipment itself. They measure metrics like temperature, speed and kilowatts.
The Control Network – The SCADA (Supervisory Control and Data Acquisition) systems. This is the software used to aggregate and analyze the data from the OT network. It includes an HMI (human-machine interface), which is the operational network’s user interface (UI).
In many factories and industrial organizations, the IT network serves as an additional technology layer on top of these operational and control networks.
In contrast to IT, OT systems were traditionally air-gapped and not connected to internal networks (and certainly not to the internet). For the sake of stability, OT was typically not updated or even touched, with only a handful of experts having access to the OT environment. Oftentimes, OT systems are so old that updating or patching is not even technically possible. In rare cases when external connectivity was required, organizations used legacy remote access solutions, such as virtual private networks (VPNs) or jump servers).
The New Era of IT/OT Convergence
Despite the long history of separation between IT and OT systems, digital transformation and recent technological advances like Industry 4.0 and the Internet of Things (IoT) have led to greater connections and alignment. Today, IT and OT are increasingly converging or at least interfacing to allow the exchange of data and analytics. Most frequently, IT systems are being used to help manage and monitor their OT counterparts.
This new relationship between IT and OT is in effect making physical machines “smart” and providing industrial organizations with a wealth of information and abilities they previously lacked. This includes:
Advanced monitoring, including alerts and real-time reports
Automation of processes
Simplified and accessible monitoring
Remote controlling through the public network
Implementation of artificial intelligence (AI) and machine learning (ML)
Democratization of OT information to eliminate silos
Predictive maintenance to improve efficiency and reduce costs
Improved compliance-readiness
Comparison Table: IT vs. OT vs. IT/OT Convergence
| IT Systems | (Traditional) OT Systems | IT/OT Convergence |
Purpose | Business data | Device and machine data | Machine monitoring via data flow |
Components | Computer software and hardware | Industrial device software and hardware | Both + IoT devices |
Users | Most enterprise departments | A small number of on-site experts | A growing number of experts, IT staff, and even remote and third-party users |
Accessibility | Public/private network | Usually a closed system, perhaps with an insecure VPN connection | An increasingly open network |
Security | Frequent attacks based on a large attack surface | Rising attacks based on vulnerable access points (Internal networks, VPNs, legacy systems, etc.) | Both |
RESEARCH REPORT
Managing Access & Risk in the Increasingly Connected OT Environment
Eran Shmuely
Author
Eran Shmuely is the Chief Architect and Co-Founder of Cyolo. Prior to Cyolo, Eran was the Senior Security Engineer at Salesforce and the Open-Source Security Research Leader at GE Digital.
Subscribe to Our Newsletter
