This blog post was written by Bret Van Wyk.
Bridging the IT/OT gap in plant automation
It’s no secret that there is tension between corporate information technology (IT) departments and those who are charged with securing plant floor automation. Though they share some common priorities, they often face-off in conflict over whose standards apply. Automation comes from a process that has focused on isolating production on “islands” of automation believing that this isolation helps keep information safe. IT has had years of focus on security and for more open access to business networks and information.
We live in a world of increasing connectivity. It is no stretch to say that all companies have global connections, through their employees’ relationships as well as with other businesses. Divisions of business that used to operate in isolation must now be integrated with the rest of the enterprise. As an example, business leaders expect to see realtime production information direct from the plant floor in order to evaluate and make decisions for business. Data collection and presentation of that data drives business decisions; protecting intellectual property, overseeing network access and assessing vulnerabilities now must be on-going priorities for all facets of the business.
In this setting, isolation of plant floor automation is no longer feasible. Isolated systems did not require the updates and on-going evaluations that IT has dealt with for many years; process control can learn from IT in this. The idea of “continuous operation” has a different working definition for plant floor automation systems than it does for IT. Network downtime that stops production could represent a financial catastrophe where not being able to access a network printer might be more of an annoyance. Both situations affect network users, but with varied degrees of impact. Collaboration and on-going conversation are no longer options, but required.
Though it is tempting to apply a blanket IT method to the control systems world, this approach is disastrous. What works for corporate IT may not be what is best for control systems. The first step in the process should be to identify “bridges” between the two perspectives. Both sides want security that works effectively without getting in the way of business operation. Both sides want a say in decisions, a sense that their concerns are heard and considered moving forward.
Sometimes there are people in-house who have the ability to understand both perspectives, to speak the language of either side in ways that promote understanding. Such people, who can function as “translators”, are invaluable. If not in a single person, a relationship between individuals that transcends a bias can be that bridge; the strength of a longstanding relationship provides the trust needed to hear and understand conflicting perspectives. If neither of these is a reasonable option, a third party can be brought in, whether another individual to help with bridging the gap in understanding or another company. Interstates Manufacturing IT (MIT) is one such option, a company with a history of working in both manufacturing and IT, capable of speaking on behalf of both perspectives.
Whatever the means of integrating plant floor automation and control systems into corporate IT networks, cyber-security is a living entity. Security threats and vendor offerings change in very short life-cycles. The conversation is not a one-time decision, but an on-going collaboration that must be fostered and factored into the business from this point forward.
