The Business Drivers Acting on OT
June 30, 2023
These systems and networks were the sole dominion of the operational, industrial, and electrical engineers who were focused on reliability and accuracy above all else.
They were highly proprietary to the manufacturers that built the industrial control systems (ICS), such as supervisory control and data acquisition (SCADA) systems, distributed control system (DCS), remote terminal units (RTU) and programmable logic controllers (PLC), as well as dedicated networks and organization units.
These devices used proprietary networking and protocols that gained popularity through market-share including DNP3, Modbus, Profibus, LonWorks, DALI, BACnet, KNX, EnOcean and OPC-UA.
And very often these devices were “air gapped” from any other networks and the rest of the world. You would have to be physically present with access to the network or devices directly in order to access and compromise them.
The infamous phrase “air gapped” in Operational Technology was only coined in 2006 by Gartner in a research paper. This was driven in part by the need to discuss Information Technology (IT) / OT convergence.
The secret garden was soon disappearing. The walls were being torn down to make way for new OT systems and devices built not on proprietary hardware, chips, networks, and protocols. Instead, using common-off-the-shelf- components (COTS) like TCP/IP networking gear, and PC based systems.
This push towards using technology, components, and tools from the IT world provided some significant advantages to the OT ecosystem including:
- Consumers of OT
- Could look forward to more open systems with potentially less vendor lock-in
- Could buy COTS network and system hardware themselves, often from IT vendors
- Manufacturers of OT
- R&D savings by depending on the vast infrastructure that IT provides
- Access to development and engineering personnel from the IT world
- COTS software in particular is very actively probed, assessed, and tested for vulnerabilities resulting in new 0-day vulnerabilities being found in not only the OS software but in the entire software stack
- TCP/IP is THE network protocol used by everyone, everywhere, and on everything.
- Because OT professionals and even OT vendors were less experienced with IT technology they applied the tried and trued goals of reliability and accuracy to this new technology usually at the cost of security
IT/ OT Convergence has been one of the biggest business drivers in OT environments ultimately requiring that OT personnel take responsibility for managing all the systems.
But OT networks and systems aren’t immune to the other big trends we see across IT as well:
- Cost savings and efficiency. Do more with less.
- Become more agile and responsive to the markets and customers - “Smart” devices / systems / processes / plants / grids / cities / etc…
- Integrate into a larger, “just-in-time” supply and distribution chain with other business functions
The net effect of these trends on OT is that it has been pushed to be more open in general, with an increasing amount and variety of data sent between OT and the internet. IT and cloud infrastructure is being made to provide a scaffolding for both IT and OT. And more decisions are being made not on the concept of reliability and accuracy, but on the impact to the financial bottom line.
Continue on to part 3 of this blog series: How to Bridge the OT/IT Knowledge Gap.