Digitization is the goal of many companies, but the gap between IT and OT is holding them back.
Each of you has probably heard this sentence very often over the past few years: advancing digitization offers enormous potential at all levels. But this is now actually becoming apparent in many ways, on the one hand through the emergence of new business models, on the other hand, through the partially implemented optimization of the organization of production and work processes. However, this undoubtedly places a lot of demands on the employees. Because this process requires, among other things, open-mindedness and openness to new things, ie not wanting to remain in tried-and-tested patterns, and where everyone really has to make their contribution accordingly in order to support the company in the transformation.
It is useful that our brain capacity is so great and consequently well equipped to meet the demands that life continually throws at us. Because of the ability of billions of neurons to communicate, it is possible to activate large networks in our brain – which in principle enables people to adapt to new circumstances. To get physical and online training in Electrical Automation and Electrical Engineering visit our website Burraq Engineering Solutions
It doesn’t work without communication
This shows that an exchange is important in order to be able to cope with difficult or current tasks. This actually applies everywhere – also, to come back to the production and work processes, between IT (Information Technology) and OT (Operational Technology). Because an existing gap between the two areas is still one of the major challenges in digital transformation. Why? Clearly – because it endangers the security of the entire company. To find a solution here, we first have to take a closer look at why IT and OT departments rarely want to talk to each other or are reluctant to do so.
One reason could be the following – they argue from different technical perspectives: IT is focused on software, hardware and communication technology, the OT on production and industrial plants, some of which (still) work in closed systems without connection to the Internet. For the IT department, the priority is to protect the infrastructure as best as possible by implementing appropriate protective measures – because, for them, security means defending against criminal attacks using the technology available. The OT department tends to think conventionally when it comes to safety, so they prefer to think first of concepts for emergency stops or continuity or the need for fire extinguishers. Colleagues from the IT department are used to fast innovation cycles – for OT this term is more of a nightmare.
So all of this makes the gulf between the two departments understandable, but nonetheless, it needs to be bridged. Because with each expansion of the Industrial Internet of Things (IIOT), more and more devices are networked with each other. This increasingly offers new options for cybercriminals to find a vulnerability for an attack and to be able to successfully implement it. Therefore, good cooperation between the two departments is not only desirable but absolutely necessary. But, very important here – it must be set up and implemented correctly.
Cybersecurity: Properly secure every access point to prevent sabotage or espionage
Digitization makes it possible to generate useful information from production data that can be used for decision-making processes at all levels of a company. For example in relation to predictive maintenance – with the aim of either minimizing or at best-preventing machine downtimes. Because the risk of a standstill can be due to timely maintenance, the timing of which can be determined by anomaly detection.
To carry out this task, data from defined data pools are accessed via specified interfaces, which can alternatively only be based on historical data sets or are constantly being supplemented with new ones. No matter which approach is followed where – the data is the be-all and end-all in the evaluation. As a result, compromising these, for example through unauthorized access from outside, could enable an act of sabotage and thus cause serious consequences. If predictive maintenance is optimized in terms of overall equipment effectiveness (OEE) through the use of remote maintenance, there are other safety-related aspects to consider.
So here I come to the sticking point for which a solution must be found: both the measures to protect data and access options and those to secure remote maintenance are managed by IT. However, from the point of view of employees in production and manufacturing, the involvement of those responsible for IT always means that they are confronted with additional hurdles and are thus hindered in their work.
My recommendation is, therefore:
- Take all relevant measures to protect the data: First and foremost, attention should be paid to access rights. This means only granting access to employees who actually have technical/disciplinary authorization
- Clearly define the tasks and authorizations of the individual departments: In the case of remote maintenance, a good approach is for the remote maintenance system to be set up and audited by IT. The setup must be carried out under the provision that the process can be initiated and controlled by the OT. This means that an OT employee can release the process without those responsible here having any influence on the configuration.
In order to be able to map this process securely, it is recommended, among other things, to use two-factor authentication to ensure that the risks of unauthorized access are significantly reduced. Because here it is necessary for each authentication process to use two factors for proof, which are combined to form an authentication chain – for example “knowledge-based factors” such as passwords with “biometric factors“, such as a fingerprint.
The ability to work in a team is one of the most frequently requested soft skills in job advertisements today. But in practice, this quality is sometimes neglected – which can ultimately lead to a dispute over competence because everyone wants to maintain and represent their position. Alpha versus alpha – or IT versus OT in production companies – often still seems to be part of the order of the day. But this is no longer a contemporary approach because the increasing professionalization of cybercriminals requires a unified approach from both departments.