What is the difference between Information Technology (IT) and Operational Technology (OT)? In short, IT deals with information, while OT deals with machines. The former manages the flow of digital information (read: data), while the latter manages the operation of physical processes and the machinery used to carry them out.
A good (though increasingly inaccurate) shorthand to represent this distinction is the office (IT) vs. the factory floor (OT). Another good (and perhaps even less accurate) juxtaposition would be that of software (IT) vs. hardware (OT).
Indeed, hardware (OT) and software (IT) now work hand-in-hand to monitor and regulate essential business processes outside of regular IT workflows. Although these processes will differ from one organization and one industry to the next, they have a central role to play in the success of many modern enterprises — and manufacturers in particular. Experts predict that the market for OT will expand to more than $40 billion by 2022.
Understanding IT
Most organizations understand the roles and functions of IT; but in the context of its relationship to OT, it is probably worth expanding. Put simply, IT refers to the application of network, storage, and compute resources toward the generation, management, storage, and delivery of data throughout and between organizations.
In a broader sense, IT is defined by its programmable capacity. That is, while certain technologies are designed to perform a static set of functions (think: a piston), IT can be adjusted, augmented, and re-programmed in countless ways to fit the evolving networks, applications, and user needs. Moreover, IT encompasses hardware — computers, physical servers, and network equipment, to name a few types — and software — applications, operating systems, and virtualization capabilities among others.
For enterprises invested in cybersecurity, IT presents a range of challenges. Aside from the basic questions of interoperability at the outset and maintenance as time goes on, the ever-expanding number of IT platforms makes it difficult to protect against around-the-clock cybersecurity threats. Especially as IoT-enabled devices bring the physical world online, the possible points of entry for bad actors continue to multiply, putting pressure on CIOs, CISOs, and their IT departments to design systems and networks capable of protecting proprietary information across multiple layers of the organization.
Understanding OT
Whether you’re new to OT or you’re just new to thinking about it in relation to IT, the next generation of connected operational technology demands that decision-makers understand OT in its traditional sense and as an area of exciting innovation. At the most basic level, OT refers to technology that monitors and controls specific devices and processes within industrial workflows.
Compared with IT, OT is unique in that related hardware and software is usually (historically) designed to do specific things: control heat, monitor mechanical performance, trigger emergency shutoffs, etc. Typically, this is done through industrial control systems (ICS) and supervisory control and data acquisition (SCADA).
Importantly, OT has typically required human oversight at key junctures — at least until recent years. If employees have seen fit to change the temperature on a factory floor, raise or lower humidity levels, or shut off machinery for a given reason, OT has provided a quick, clear way of making that happen — a physical switch, a steel lever, or a big red button. Conversely, IT systems have been able to perform key operations without constant human intervention — provided those workflows are within programmed functions.
In the past, cybersecurity in relation to OT has been more straightforward than it has been for IT. While the risks for protecting OT systems and networks are just as high — for example, the integrity of the power grid is essential to national security — the closed nature of most OT systems has made them less susceptible to bad actors. However, that’s quickly changing as the boundaries between IT and OT begin to crumble.
What are the key differences between OT and IT?
IT is the technology backbone of any organization. It’s necessary for monitoring, managing, and securing core functions such as email, finance, human resources (HR), and other applications in the data center and cloud.
OT is for connecting, monitoring, managing, and securing an organization’s industrial operations. Businesses engaged in activities such as manufacturing, mining, oil and gas, utilities, and transportation, among many others, rely heavily on OT. Robots, industrial control systems (ICS), Supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), and computer numerical control (CNC) are examples of OT.
Operational technology can also be found in warehouses and in outdoor areas such as parking lots and highways. Some such OT examples include ATMs and kiosks, connected buses, trains, and service fleets, weather stations, or a system that allows a city to manage chargers for electric vehicles.
The key difference between IT and OT is that IT is centered on an organization’s front-end informational activities, while OT is focused on their back-end production (machines).
What do IT and OT teams focus on?
The IT department is responsible for the informational infrastructure of an enterprise. IT teams focus on maintaining consistent policies and control across the organization. IT is responsible for the protection of sensitive applications and confidential data from unauthorized access.
The OT department is responsible for the equipment on industrial sites. It’s focused on production output and worker safety. Because OT performance is key to the company revenues, the team pays particular attention to the uptime and maintenance of machinery.
Contrary to IT, which is mainly focused on making data available, OT is focused on making machines impact the physical world. Machines can also generate data that will need to be archived for monitoring industrial processes and to be processed to help operators make decisions such as predictive maintenance.
What are the characteristics of IT and OT devices?
IT devices are usually off-the-shelf, replaceable, generally have a lifespan of 3-5 years, and are relatively easy to maintain. They typically run on common operating systems like Windows, iOS, and Linux.
OT devices tend to be purpose-built, so they generally have specialized software and may run proprietary protocols. They have a much longer lifetime, as industrial sites are built to operate many years or even decades. OT devices may need to operate 24/7 without failure, as they control critical infrastructures.
Also, OT devices and systems aren’t updated as often as IT devices and systems and might have numerous software vulnerabilities. Accessing them may be difficult because they might be installed in remote locations or harsh environments. They may even be controlled by partners or vendors. In all cases, modifications to OT devices may be subject to a complex approvals process as any change (even a simple software update) can have numerous cascading effects on the industrial process.
How do OT and IT networks differ?
OT and IT network infrastructure have similar elements, like switches, routers, and wireless technology. Therefore, OT networks can benefit from the rigor and experience that IT has built over the years with common network management and security controls to build a solid network foundation.
However, there are key differences:
Form factor: OT network devices come in smaller and modularized form factors so they can be mounted in different ways, such as on rails, walls, or light poles, in cars, or even embedded within other equipment.
Hardening: OT network infrastructure may need to be ruggedized when deployed in severe industrial conditions. The infrastructure must be resistant to shock, vibration, water, extreme temperatures, and corrosive air and chemicals.
Network interfaces: Depending on their purpose, OT devices may support networks such as LoraWAN or WiSun to connect industrial IoT (IIoT) devices.
Protocols: OT network devices connect IoT sensors and machines, which run communications protocols that are not commonly used in traditional IT networks. Therefore, industrial networking products must support a wide variety of protocols such as Modbus, Profinet, and Common Industrial Protocol (CIP).
On this article, I have shared a few things IT-OT with what I know and learn. Hope it will be useful to everyone.
Modbus RTU PLC Delta Eplan Siemens
Reference source: