Skip to main content
24 June, 2024

The IT-OT Dichotomy and Passage to Digitalization

24 June, 2024

The difference between information technology (IT) and operational technology (OT) must be viewed from the perspective of visibility, control, and lifecycle orchestration. While these viewpoints may appear to be trivial the inherent dichotomy between IT and OT is profound.

It is not what has “not changed” but what “has changed” that has caused the IT-OT divergence problem to begin with. IT-OT systems have coexisted for many decades across industry segments, however, what has evolved are the requirements for visibility and control of cyber-enabled devices driven by threat and risk management in a cyber physical and connected ecosystem. Therein lies the dichotomy of policies, processes, and technologies between IT and OT, and the need for convergence to optimize the costs, methods, tools, and resources.

Information technology

IT systems are open and traditionally highly connected systems that are managed based on threat management policies as the first principle. The IT orchestration process relies on threat intelligence and security information and event (SIEM) logs for baselining and anomaly detection. Applications generate logs which are then processed by log management systems and SIEM event correlation grammar for analysis and intervention. The technology relies on zero-day threat intelligence that is harvested through post-breach forensics, attack signatures, allow/deny reputation lists, and rules grammar. Maintaining and servicing IT devices is deeply-rooted in the detection, mitigation, and prevention mindsets of IT network/security operations center (NOC/SOC) operators. The operational efficiencies in IT, which may be achieved using big data analytics, requires harvesting large amounts of data from endpoints, supervised subject matter expertise of cyber security analysts, and leveraging externally sourced timely threat intelligence feeds for relevance and context.

Operational technology

OT systems are closed and traditionally air-gapped systems (data diode mode of operation) that are managed based on risk management policies as the first principle. The OT orchestration process relies on operational measurements, functional models, simulation platforms, and data driven insights (e.g., digital twins). In OT, the real-time operating system (RTOS), microcontroller (MCU), and system-on-chip (SOC) based devices and applications do not generate event logs. There may be no (or limited) local storage and no user interactive local console on the headless autonomous endpoints to harvest data for analysis (the dark data problem). The technology relies on field operators to manage OT devices based on function, performance, and observations on dense dashboards (e.g., operator and service workstations). Maintaining and servicing OT device requires running diagnostics (e.g., on-board diagnostics), truck rolls for site visits, and in-depth understanding of the symbiotic relationships between integrated systems (e.g., mechanical, hydraulic, electrical, digital, audio, visual).

Digitalization provides the capabilities and methods to use telemetry at runtime to securely send trusted data with labels and risk classifications from heterogeneous multi-vendor OT systems to on-premises, edge, or multi-cloud platforms and services and modernize with:

  • Data driven insights and design improvements using digital twins.
  • Device layer intelligence to data historians and asset repositories (i.e., data to data lake).
  • Training data to artificial intelligence (AI) and machine learning (ML) models for automated decision logic, control, and risk mitigation with deep learning and reflection.
  • Operational data to processes for workflow automation platforms, manufacturing execution systems, renewables management systems, and robotic process automation.
  • Security for standards compliance (e.g., NIST, IEC-62443, Industry 4.0, NERC-CIP, HIPAA/HITRUST, PCI-DSS, UNR155/156e, EU AI Act).

The operational efficiencies in OT may be achieved through accelerated (unattended) remediation actions using embedded instrumentation, optimal data analytics, and (unsupervised) AI/ML deep learning models. Remote maintenance in OT requires secure collection of device telemetry, health indicators, and remote access for intervention and updates. Resource constraints on heterogeneous brownfield and low-cost greenfield devices (low compute, memory, network bandwidth, and battery life conservation) are major engineering challenges to overcome in OT with future-proof application security by design for long-lived devices.

IT-OT convergence

Despite the dichotomy, cyber threats in IT and OT are posed by users, code (software), and data. Therein lies the purpose of (and reason for) IT-OT convergence. The notion of “trust but verify” must be applied to each entity in a digital operation or transaction. The dotted lines (in the diagram below) illustrate potential vulnerabilities and exposures in connected entities. Trust is a chain. Risks emerge from a chain of events. For example, code signing may offer assurance of trust with supply chain provenance (i.e., no tamper evidence), however, only monitoring and measurements of runtime behaviors and interactions with connected systems (in staging and production environments) establish verified trustworthiness. Data has no perimeters without explicit attestation and authorization for use. In OT environments, command-and-control messages and field measurements are mission critical data for verifiable trust. Cyber connected brownfield and greenfield devices are vulnerable to data driven attacks staged by advanced adversaries and nation-state actors using sophisticated tools and methods. Trustworthy data (device intelligence) will prime, and drive data driven insights with AI/ML platforms and services of the future to deliver categorical trust, operational efficiencies, and cost reductions with factory-floor and in-field automation and workforce modernization across industry segments.

– Verifiable Trust in Devices and Data

Trustworthy IT-OT convergence is the cornerstone of modernization with digitalization, data driven insights, AI/ML, and automation at scale across industries.