Bridge The IT/OT Gap
EP Editorial Staff | September 1, 2023
Implement these strategies to achieve IT/OT collaboration and maximize digital transformation.
By Claudio Fayad, Emerson
To achieve sustainability results while maximizing production speed, safety, and flexibility, operational technology (OT) teams are under intense pressure to digitalize operations. The digital technologies and strategies necessary to help digital transformation deliver the promised benefits have long been the domain of information technology (IT). As a result, it is essential that IT and OT work together if an organization wants to achieve fast, sustainable return on investment (ROI) for its digitalization projects. Accomplishing such a collaboration requires IT and OT teams to adopt a few critical strategies.
Strategy One: Acknowledge the differences between IT and OT.
Historically, data privacy used to be less of a concern for OT teams because systems were air gapped and hidden. Operations could typically rely on security by obscurity; if nobody knew the systems were there, they were not targets for bad actors. Today, though, OT systems are increasingly connected to the internet.
The complexity of connectivity, and the corresponding added security risk, creates new and often unfamiliar concerns for OT teams.
Fortunately, IT brings a great deal of experience to this realm. OT teams leveraging IT experience typically bring new systems online more quickly and generate faster ROI for their projects.
Even with IT’s vast experience in securely connecting systems, OT has concerns that are not common in the IT industry. Thus, a cookie-cutter IT approach to connecting systems does not usually generate effective solutions. OT teams are required to focus much more directly on safety, production, and plant availability. IT strategies often must change to accommodate those needs.
For example, while it is a standard IT policy to update systems right after fixes or patches are released, that approach does not always work for OT teams. The common IT strategy of updating systems at 2 a.m. on release day can generate concerns for OT systems. If OT is operating a skeleton crew in the middle of the night, and systems do not come back online as expected, the results can go beyond financial and productivity concerns and create safety risks.
Strategy Two: Understand that IT and OT are stronger together.
OT concerns are shifting from just process control to include data and analytics. IT issues surrounding privacy, governance, authentication, and security are becoming part of OT’s day-to-day responsibility.
As OT teams tighten up security and enable remote access, their systems will become an integrated part of the IT fabric. Understandably, this shift is a concern to many OT teams as they see themselves losing authority. Operators know a control system does not function like an enterprise resource planning system, and it takes decades of experience to thoroughly understand the risks and requirements of its operations and maintenance. Just as OT teams need support from IT to manage the complexities of a more connected architecture, IT needs OT expertise to navigate the risks of systems that have a direct impact on the physical world. The best of both worlds is possible when all stakeholders are invested and involved.
Strategy Three: Integrate technology, democratize data, and break down silos.
Today’s most effective organizations operate with a data-driven culture, but that culture can be difficult to establish and maintain within traditional OT structures, which have been siloed by design for decades. As teams move away from air gapping and the hierarchical structures of the Purdue Model, they need to find ways to move data to a higher level, often without providing direct access to OT systems.
Fortunately, modern technology provides an IT-friendly solution. Today, OT and IT teams can securely connect systems at the edge for easier movement of contextualized data using fit-for-purpose edge-specific technologies, data diodes, and defense-in-depth cybersecurity strategies. These systems deliver unidirectional data flow, providing continuous access to selected critical data, without the risk of unauthorized personnel accessing OT systems.
A more advanced solution, and one that thrives on the collaboration between IT and OT, is creating an infrastructure layer to integrate the IT and OT worlds, while keeping them separate enough to accommodate differences and specific needs between IT and OT.
These types of solutions transfer data from disparate systems—with full context—into a centralized or distributed system at the enterprise level, accessible by anyone who needs the data, without those individuals being able to touch the core of OT systems. With such an infrastructure layer in place, IT has access to all data, can distribute it to enterprise systems, and keep it backed up and safe. OT does not have to worry that critical systems might fail if someone makes a mistake.
Strategy Four: Create a culture of collaboration.
To be effective as a collaborative IT/OT culture, teams first must understand the organizational culture and identify the best way to give everyone a seat at the table. To accomplish this, teams need to create a psychologically safe environment—a place where people feel free of interpersonal risks and know they will not suffer for expressing themselves, no matter the perspective of the person across the table.
Furthermore, neither IT nor OT can have more power. Everyone must, in one way or another, take each other’s concerns into account.
Consider a large, hierarchical organization. A team in such an environment might need to bring people under the same leadership to be successful. For example, they might bring IT people into the OT department, resulting in OT having traditional leaders from both groups. Such a structure builds an environment where everyone has a seat at the table, but also has the incentive to work together using top-down leadership.
A more agile organization might look different. Such a company might create a self-organizing team when putting projects together. An effective team might be made up of cross-functional personnel, with combined domain expertise in IT, OT, and the business. That self-organizing team should already have all the necessary perspectives on board, and the cross-functional nature of the personnel working together gives them a built-in incentive to collaborate.
Strategy Five: Ensure strategic suppliers are also ready to collaborate.
If suppliers do not collaborate inherently, IT will go to their strategic suppliers and might be told, “We can handle your OT needs too.” The opposite can also be true with OT suppliers. Regardless of which supplier takes over, the most likely outcome is a solution that is fit-for-purpose for only one of the two groups, creating additional conflict, integration complexity, and data silos.
Piecemeal solutions don’t longer deliver maximum benefits, and they often prevent companies from realizing all the advantages of their IT and OT solutions. The better decision is choosing suppliers with a strong history of structured partnerships with both IT and OT companies. Such a choice unlocks critical advantages, including pre-integrated solutions, a single point of contact for support, and better lifecycle support across IT and OT.
Not only must these suppliers leverage their partnerships to deliver proven, tested, integrated, fit-for-purpose solutions, they should also be prepared to support smaller organizations where IT and OT expertise might be limited to one person. In those situations, experienced suppliers will lower the barriers of entry for new technologies because they already have the connections with other critical suppliers. EP
Claudio Fayad is Vice President of Technology of Emerson’s Process Systems and Solutions business (St. Louis, emerson.com). Fayad holds a bachelor’s degree in engineering from the Universidade Estadual de Campinas and a master’s degree in business administration from Northwestern Univ.