Bridging IT and OT: Advancing Modern Industry with Cloud and Cybersecurity
Antonio Matamala, Country Manager, Beamex Germany
Operational Technology (OT) professionals in the process and energy sectors have long been cautious about Information Technology (IT) departments encroaching on their territory. Yet, to realise Industry 4.0, integrating these systems is crucial and complex, particularly given cybersecurity concerns.
In Germany, the integration of IT and OT has been accelerating as part of Industry 4.0. This shift was underscored by Hasso Plattner, co-founder of SAP, in a 2021 Die Welt interview. He highlighted the necessity of innovation and technology adoption to keep German industry competitive on a global scale. His words underscored the urgency of integrating IT and OT systems to ensure the resilience of Germany’s industrial base in a rapidly globalising world.
So, what does “futureproofing” entail in this context? It means adapting to shifting demands across global markets. For Germany’s export-driven industry, this adaptability is essential. The practical and secure integration of IT and OT systems is vital to ensuring that production and information systems operate in concert to meet diverse and evolving demands efficiently.
Cybersecurity Concerns in IT/OT Integration
Integrating OT into the IT landscape inevitably heightens exposure to cyberattacks, potentially resulting in costly ransoms and significant downtime. Traditionally, OT systems like SCADA (Supervisory Control and Data Acquisition) were installed and left essentially unchanged, operating in relative isolation. In contrast, IT systems are routinely updated to address vulnerabilities and issues. However, this approach—rebooting or installing updates—doesn’t easily translate to OT environments, where halting production for updates is impractical.
This disparity in approaches highlights the need for better collaboration between OT and IT teams. OT professionals must be open to integrating more flexible IT practices, while IT professionals should appreciate the operational constraints that OT teams face. Building a common understanding between the two departments is critical to successful integration.
In the merging of these two domains, IT will likely take the lead and embrace OT, as companies like Microsoft, with their IoT offerings, are already demonstrating. Many large organisations have adopted cloud technology, recognising its potential for various applications, including OT. Yet, it’s essential to acknowledge that the threats are real.
The Stuxnet attack in 2010, for instance, targeted Siemens PLCs and successfully infiltrated the OT layer of nuclear facilities in Iran, demonstrating the potential for devastating consequences when cybersecurity is breached. Similarly, a ransomware attack in 2021 on a US pipeline network, while initially targeting IT systems, forced the company to shut down operations out of fear that the attack might spread to the OT side, leading to widespread fuel shortages.
Overcoming Misconceptions and Building Trust
Cybersecurity is just one piece of this complex puzzle. Still, it remains a critical concern that requires professional vigilance, which raises the question: How can cybersecurity be effectively managed in a converged IT/OT environment?
At Beamex, we have been uniquely positioned to bridge the IT and OT technological infrastructures with our ecosystem. In the OT tier, our calibrators play a crucial role at the physical layer, which is home to SCADA systems, PLCs, sensors, and other components that drive machinery. Simultaneously, we engage with IT professionals through our Calibration Management Software, navigating the intersection of these two worlds.
We understand that OT professionals are hands-on, focusing on the physical and operational aspects of technology, while IT professionals prioritise software, data, and business processes. This difference in focus often leads to friction, as seen in cases where shop floor customers prefer to install software locally, avoiding IT involvement. If we propose cloud-based software as a service, one possible reaction that you hear pretty often is, “Isn’t that too risky and insecure?”
This apprehension stems from a lack of understanding. The cloud services we offer, such as those based on Microsoft Azure, are backed by top security experts, far surpassing the security measures of a local, unmanaged PC, for example.
Overcoming these misconceptions requires education and building trust in IT solutions that run in the cloud. If I had the chance to choose between a company the size of Microsoft that is betting its future on cloud technology serving billions of users globally and an IT department that is dedicated to supporting its own company on IT matters, which would I choose?
Bridging the gap between IT and OT, both within our organisation and for our customers, is essential. We aim to shift perceptions, helping customers see IT, cloud technology, and cybersecurity measures as allies rather than threats. Addressing these concerns sensibly, enhancing cybersecurity protocols, and fostering confidence in IT are crucial steps. Adopting cloud technology, along with solid cybersecurity practices, is not just an option but a necessity to stay competitive and avoid being left behind as the industry advances.
You might also find interesting
For a safer and less uncertain world
Welcome to our series of topical articles where we discuss the impact that accurate measurement and calibration has on the world and our everyday lives.