In previous blogs about the Industrial Ethernet, we’ve touched on the growing internet connectivity of traditionally offline systems and what that has meant for security. For some, the context of Industrial Ethernet security concerns can get lost in the mix of news articles surfacing regarding critical infrastructure cyber attacks.
To better understand why industrial control systems (ICS) are more vulnerable than ever, we have to take a step back and look at how the Industrial Internet of Things (IIoT) has emerged—through the convergence of information technology (IT) and operational technology (OT).
Everyone Knows IT, but What About OT?
For decades, IT and OT have been separated by a corporate firewall to maintain the integrity of an IT organization focused on business transformation and an OT side concerned with physical production.
Unlike the IT side, which manages the software that drives most corporate functions like finance, HR and sales, OT manages physical pumps, motors, and other equipment in industries like manufacturing or oil and gas. Because of the differences in managing IT and OT, there is a staff training and experience gap between the two.
Employees on the IT side have been undergoing constant change for 30 or 40 years in an attempt to implement the latest technology for greater business value. However, someone working on the OT side (for example, a PLC operator) could operate the same system with the same skills for decades at a time.
Until recently, the static nature of OT employment hasn’t made a difference in the organization as a whole. However, the rise of the IIoT and the need for greater OT connectivity is driving IT-OT convergence.
The Convergence of IT and OT Is Creating Industrial Ethernet Security Concerns
According to Greg Gorbach, VP of ARC, “information tech is almost a distraction” for the OT side. This mindset has kept OT from embracing new waves of technology as the production process for critical infrastructure and manufacturing remained static and secure. However, the new benefits of IoT-enabled industrial processes are impossible to ignore:
- Widen the scope of SCADA to look at the efficiency of every industrial asset across the entire facility and remote sites.
- Real-time insight into predictive failure of business-critical systems
- Gather data with affordable sensors and use big data analytics to yield actionable insight into specific performance metrics
- IoT sensors can increase OT efficiency quickly—one company saw a 271% 20-year annualized ROI from IIoT monitoring.
These benefits are driving the convergence of IT and OT, where IT-developed technology is incorporated into ICSs. OT groups that have never thought about potential cyber threats are now forced to address strict Industrial Ethernet security demands despite a lack of experience with new systems and software.
IT-OT convergence isn’t just a trend—it’s a reality that all OT groups must face. The days of multi-year cycles between system updates are over and security is changing as a result.
Defending the Industrial Ethernet in the Wake of Digital Transformation
The convergence of IT and OT points to a larger movement in the business world—digital transformation. More than half of the companies that were on the Fortune 500 list in 2000 are no longer on the list and one of the biggest factors is a failure to adjust to emerging technology.
Industrial companies used to be able to ignore these kinds of statistics. However, IT-OT convergence has changed things for the future. Addressing security concerns is of the utmost importance for companies working with critical infrastructure—but these companies are often unprepared to deal with today’s security threats.
If you want to learn the fundamentals of addressing security concerns in the wake of IT-OT convergence and digital transformation, download our free white paper, Defending the Industrial Ethernet.