As a control engineer who has worked on many systems involving business and enterprise data, I know the worlds of Engineering and Enterprise, often referred to as OT and IT by those within the sales and corporate worlds. Each area talks a different language to the rest of the world and each other. It is common for each to use the same words to mean different things.
Have you ever stepped outside your normal area of experience? It can be like entering a whole new world, complete with its own language and culture. Trying to understand it can be like learning a foreign language.
Even words that you thought you understood can mean something completely different to what you expected, or the same objects are described using different words.
You would think words like production, operations, redundancy, and real-time are clearly defined English words. But they can have a variety of interpretations depending on the context of the world in which they are used.
Take the word ‘security’ for example.
The meaning of the word is very different in different contexts. How does it change as we step into the different worlds of IT, OT and Control?
In the IT (Information Technology) world, security is about restricting access to users and information through passwords, encryption and firewalls. They need to protect the data. PCs are typically dedicated to a single user and only run common applications such as Office or Email. How secure is their security? An internet search on bypassing firewalls, their prime security device, reveals a huge array of tools and easy methods, demonstrating how easily they can actually be bypassed.
In the world of OT (Operational Technology), security is about protecting the manufacturing plant and its assets. The company must keep bringing money in the door by continuing to manufacture their product as much as possible. Corporate security policies, such as locked screensavers, make sense in an office but not on the production floor, where the concept of individual user passwords is often not practical. The screen used to monitor and control the plant is used by multiple people. Rather than being user-based, each PC is typically equipment-based. I have previously been involved in a two-year argument over locked screen savers. The argument was over the screen saver requiring users to press Ctrl-Alt-Del. On a corporate desktop, having the computers lockout after a period of inactivity is a sensible security policy. In the production environment, the screen needs to be constantly accessible and often viewed from a distance. Have you ever tried to press Ctrl-Alt-Del on a touch screen! It is not possible. The policy was eventually changed as it was determined to be a safety issue. Eventually, the policy was changed, but then any user who found their screen saver annoying could be placed in the “No Screen Saver” group. They still didn’t really get it, proving just how different the two worlds of IT and OT are very different.
In the control world, security is about ensuring devices operate safely and only when required. There may be no humans as operations are automated, and there are often no passwords. (If there are passwords, they are required not to change.) Dedicated node-to-node communication is common, as communication is not needed anywhere else. Devices and methodologies such as unidirectional gateways, edge devices, DMZ (demilitarised zone) or network segregation need to be used in the OT and control world.
As an example of a safe operation, when lighting a gas burner, a critical control function must occur prior to initiation. Regardless of any other considerations, you must ensure the amount of gas is low enough to avoid an explosion! 
An example of a security breach was illustrated in a movie in which a boy found a cool game on the internet. He thought he was playing space invaders, but he actually had control of real missiles.
Other words that have different meanings include production, test-bench, rollout, real-time, automation, connectivity or validation. Several concepts only exist in one world. Typically, engineers understand the OT/Control world but struggle to describe it using non-engineering language. Management understands the IT language and expects that others easily understand it. People can talk the language they know, understanding the words from their context, but often struggle to convey the correct meaning to someone from a different context. Worse still, when both sides consider the message is clear, but they have heard different things.
On the manufacturing floor, a massive amount of data needs to be collected, aggregated and combined with other data to enable well-informed business decisions, decisions that can save money, improve efficiency, recognise issues early and meet the ever-changing consumer expectations. This movement of data and information needs to be done in a way that protects our assets, providing security for the manufacturing plant. Both management and operations need to be on the same page during this process. Any attempt to bridge the gap and converge IT and OT needs to be a team approach.
For more information or assistance with IT-OT convergence, please visit www.mescon.com.au or contact us directly.
