The Benefits and Challenges of IT-OT Convergence

Bringing IT and operational systems together streamlines processes and bring major efficiencies to a business, but beware integration issues as well as data overload.

Written by Brien Posey
15th February 2021

Key takeaways in this article are the following:

IT and OT systems help organizations streamline processes and become more efficient.
IT-OT convergence can pose security risks and scalability issues, where OT systems can inundate IT with data overload.
Organizations are best served when they logically isolate their IT and OT systems on separate networks and strive to take inventory of their assets in the environment.

As organizations assess their priorities for 2021, IT-OT convergence should be high on the list. For those who might not be familiar with these terms, IT refers to all of the resources that are generally associated with enterprise IT, such as servers, databases, and so on. OT on the other hand refers to operational technology.

Some examples of OT include industrial sensors, manufacturing equipment, and the supporting infrastructure. In simpler terms, IT typically refers to business systems, while OT deals with an organization’s physical operations.

In a factory for example, IT systems handle all the data related to sales, inventory, payroll, and anything related to the business, while OT systems encompass all the systems on the assembly line and supporting components.

The Benefits of IT-OT Convergence

There are several benefits to achieving interoperability between IT and OT systems, although the benefits vary from one organization to the next based on use case.

One of the primary benefits to the convergence of IT and OT systems is that bringing systems together enables an organization streamline its processes, thereby helping the organization to operate more efficiently. If an organization’s IT and OT systems are tied together, it is far easier for IT analytics to be applied to OT systems.

In the case of a manufacturing facility for instance, this may mean that IT can track how long each step of the manufacturing process takes, thereby helping to spot production bottlenecks. These inefficiencies can be eliminated by purchasing faster equipment or adding additional staff.

At the same time, the opposite is also true. The IT analytics system may identify that a machine on the factory floor operates at a rate far below its duty cycle. If this happens, an can increase the rate of production to take advantage of the machine’s available capacity or reduce its operational costs by trading the oversized machine in for a smaller version.

Another potential benefit to the convergence of IT and OT systems is that it may allow an organization to bring long-standing IT best practices to its operational systems. For example, an organization may be able to extend its IT patch management to its industrial IoT hardware or to other OT systems. That way, the organization can ensure that OT devices are always operating with the latest firmware.

In other cases, however, legacy OT equipment may be difficult to patch and update. That can lead to security breaches, so organizations need to take an inventory of their OT systems and separate legacy OT systems from other parts of the network to prevent an attack.

Similarly, an organization might be able to perform real-time asset tracking for OT devices in the same way that it tracks IT assets. The advantages of centralizing asset tracking go well beyond simplified asset loss prevention.

Organizations commonly use IT asset tracking systems to plan for hardware refreshes. If, for example, an organization replaces its desktop PCs every five years,an asset tracking system can help IT staff know which equipment isdue to be replaced in and can budget for a hardware refresh.

The same concept can also be extended to OT systems. If an organization determines, for example, that its industrial sensors need to be replaced every eight years, an asset tracking system can help the organization to keep track of which sensors are due for replacement.

Yet another benefit of IT-OT convergence is that it may help an organization to improve its operational service-level agreement compliance. IT systems might be used to track the usage of industrial machinery and alert staff when a machine is due for maintenance based on its use.

By ensuring that equipment is properly maintained based on amanufacturer’s recommendations, an organization can virtually eliminate production interruptions stemming from machine breakage. Conversely, however, because IT systems can track machine use, an organization might reduce costs while also improving productivity by eliminating unnecessary scheduled maintenance.

The Challenges of Bringing IT-OT Convergence

Achieving a meaningful level of IT-OT convergence is a tall order. IT-OT convergence is possible only if IT and OT devices can establish two-way communications with one another. Certain “dumb devices” at the edge may be capable only of one-way communication. For example, an industrial sensor might produce a stream of outbound data, but not be able to accept inbound management traffic.

Similarly, it’s relatively common for incompatibilities to exist that inhibit communications between an IT environment and OT devices. Some OT devices do not use standard communications protocols, for example.

Scalability is also a barrier to IT-OT convergence. It’s common for edge devices to produce vast amounts of data. Without proper planning, it’s possible that edge devices may collectively overwhelm an IT infrastructure by flooding it with more data than it can handle.

Finally, security is the greatest challenge to IT-OT convergence. This is especially true for an organization that uses older OT hardware. Such devices are often engineered without regard for security. If an organization brings these devices onto its IT network, then the devices could potentially be used as a platform for launching an attack against other IT resources. The good news is that OT devices tend to produce packets with specific structures, so organizations should be able to use smart filtering to detect and eliminate anomalous packets that may be an indication of an attack.

Making IT-OT Convergence Work for You

In reality, most organizations already have at least some f IT-OT convergence in place, but because IT and OT environments are managed independently of one another, this convergence can be minimal. Establishing a meaningful level of convergence can dramatically improve operational efficiency and reliability, and may even reduce an organization’s operational cost. Even so, bringing the two environments together can be quite challenging.

If an organization has difficulties getting a piece of OT hardware to communicate with its IT environment, it should contact the device manufacturer. Some manufacturers offer software development kits or application programming interfaces that make it possible for back-end IT systems to interact with a device through custom scripts.

Even more important: Companies need to separate IT and OT systems to that if a legacy OT system is compromised it cannot then undermine IT systems as well. Companies need to take an inventory of their IT and OT assets and map a strategy to prevent crippling breaches.