What is operational technology?
Operational technology (OT) is a category of hardware and software that monitors and controls how physical devices perform.
In the past, OT was used primarily in industrial control systems for manufacturing, transportation and utilities -- and unlike information technology (IT), the technology that controlled operations in those industries wasn't networked. Many of the tools for monitoring or adjusting physical devices were mechanical, and those that had digital controls used closed, proprietary protocols.
However, as physical devices are becoming smart, there is an increasing trend toward IT/OT convergence. Wireless connectivity has provided administrators in charge of OT with better monitoring systems and the ability to control physical devices remotely. Advances in machine-to-machine communication and machine learning have created a sea change, enabling the data that physical devices produce to be analyzed in real time to facilitate autonomy, preventive maintenance and improved uptime.
Internet-capable technology has moved into industrial control systems and supervisory control and data acquisitions networks. However, operations technology faces the same malware, identity management and access control security challenges that IT faces. The difference is that vulnerabilities in an OT system can leave critical infrastructure at risk of sabotage that can result in life or death situations.
What is the importance of operational technology?
OT is critical for businesses and society at large. At the organizational level, OT is usually tied to core business processes. In a factory, OT is often the very thing that enables goods to be manufactured. Likewise, hospitals depend on OT devices to diagnose patients who are suffering from various illnesses. For a business or other organization that relies on OT, a service outage would severely impair or even halt the organization's core business activities.
On a broader level, society depends on OT to keep critical infrastructure functioning. In May 2021, a ransomware attack caused the Colonial Pipeline to be shut down. The pipeline, which could, itself, be considered an OT, transports 2.5 million barrels of fuel each day and the shutdown resulted in a major East Coast fuel shortage. This is just one example of how critical some operational technologies can be.
What are examples of OT systems?
It's easy to think of OT systems as being closely associated with industrial equipment and, indeed, OT systems are heavily used on factory floors. However, OT systems aren't solely limited to industrial processes. An OT system can be any special purpose, computerized equipment.
Although industrial robotics are considered OT systems, so are certain medical devices such as MRI machines or other types of radiology equipment. ATMs are also considered OT systems, as are traffic lights. These are all complex, special purpose digital systems that aren't part of traditional IT infrastructure. Likewise, various safety systems fall into the category of OT systems, as do the robots that are increasingly used in retail for stocking shelves or mopping floors.
Operational technology challenges
As organizations work to converge IT and OT systems, they must be aware of the inherent challenges of doing so. Many of these challenges stem from the very nature of the OT systems being used. Although some OT systems are modern and complex, it's also common -- particularly, in an industrial setting -- for OT equipment to be several decades old. When you consider such a device's age and its proprietary design, it can be extraordinarily difficult and costly to connect the device to modern IT systems.
Another challenge associated with converging IT and OT systems is that doing so can introduce cybersecurity risks. This is especially true for legacy OT systems. Such systems were likely never intended to be connected to an organization's IT systems. It was likely assumed that such systems would operate in an isolated environment and, therefore, didn't need protection against cybersecurity threats.
Instead, the design process likely focused on making the device as reliable as possible, rather than addressing myriad security threats. This means connecting such systems to traditional IT infrastructure can make them vulnerable to attack, because an attacker now has a direct communications path through which to access the device. Organizations looking to converge their IT/OT infrastructure must put security at the forefront.
Another challenge is addressing any knowledge gaps. OT engineers are unlikely to be experts in IT. Similarly, few IT pros have a strong working knowledge of OT systems.
Finally, OT devices might not fit neatly into an organization's normal IT protocols. Patch management, for example, is often regarded as a critical IT task. However, patches for OT devices might be released on an infrequent basis or even not at all.
Even if an OT device manufacturer releases a patch, there will likely be some pushback over installing the patch. At best, installing the patch will cause a service interruption while the device is taken offline and rebooted, which affects the organization's revenue. At worst, the patch can introduce problems into a device that was previously reliable, again, adversely affecting the organization's bottom line.
OT vs. IT: What are the differences?
IT has traditionally focused on compute, networking and storage resources. These resources can include servers, storage arrays and network switches in the data center or the cloud but can also include desktop computers, smart phones and supporting hardware. Additionally, enterprise IT is also responsible for managing software at the infrastructure level and application level. This means deploying and maintaining OSes and security and monitoring tools, as well as the applications users rely on to do their jobs.
Conversely, OT focuses on the machines associated with physical processes. These processes can be anything from the manufacturing of goods to medical imaging. Like IT, these processes revolve around the use of digital systems. However, these systems tend to be proprietary in nature and don't generally fall into the scope of traditional IT assets.
IT/OT convergence involves linking operational technologies to traditional IT systems. Bringing these systems together can make it easier for an organization to meet its compliance mandates, while also breaking down data silos. However, there can also be other, more compelling benefits.
Linking IT systems to OT devices helps to bring intelligence to various business processes. In a factory setting, a converged IT/OT system can analyze the entire manufacturing process to spot inefficiencies. Detecting and eliminating these inefficiencies can, ultimately, help make the business more profitable.
Likewise, IT systems can monitor OT equipment use to see when the devices will need maintenance based on their use. This can prevent machines from breaking down, which also helps save the business money.