The Road to IT and OT Integration
Exploring the Challenges and Opportunities in Modern Manufacturing Environments
By Barry Turner, Technical Business Development Manager, Red Lion Controls (www.redlion.net)
The worlds of information technology (IT) and operational technology (OT) in manufacturing plants have traditionally functioned independently of each other. The goal of OT was to keep the plant running smoothly, while IT managed all the business applications within the enterprise. But with the explosion of the Industrial Internet of Things (IIoT), these two technology worlds are rapidly uniting.
Rethinking the IT and OT relationship, along with the technologies at play, can go a long way toward helping your business be more competitive, efficient and secure. But integrating these two worlds — what’s known as the IT/OT convergence – is no easy feat. Security concerns, as well as a need to contextualize OT data for higher-level IT use, are some common challenges.
Fortunately, new solutions — from Defense in Depth security plans to edge connection software — are beginning to bridge the gap between IT and OT, taking smart manufacturing to new heights. Here’s a rundown of some common IT/OT convergence challenges, as well as the technologies that are poised to solve them.
Implementing a Defense in Depth Security Plan
Traditionally, IT and the OT departments have different priorities when it comes to security, making education and communication between the two teams critical – especially when it comes to building the future of industrial networking. For example, it’s important for the OT department to understand and implement key concepts that the IT department has already been using. Embracing a Defense in Depth (DiD) strategy, in which multiple layers of security controls are placed throughout an IT system, can increase the security of a network or application. DiD works by adding multiple layers of protection — which can come in the form of virtual local area networks (VLAN), firewalls and strict user access control — from attacks.
Increasing network and application security by implementing a DiD strategy can help align the IT and OT teams and create a more robust application. One way to get started is to build zones and conduits using VLANs, routers and monitored access control. In terms of the hardware, you only need layer 2 Ethernet switches to create the VLANs. Then, using routers and firewalls, you can build a path in and out of these smaller zones.
It’s also important to implement access control, as well as some type of monitoring and alerting. Many times, you can use access control lists, which would allow access based on the IP or MAC address of a network device. The network should also log and alert administrators if and when unusual activity is detected, ensuring control engineers have as much time as possible to take action and mitigate downtime.
One current technology many IT departments are already using is Syslog, a standard for logging system messages from individual networking devices. Many industrial control products support this feature.
Breaking down barriers with software at the edge
Successful IT and OT integration will depend on enterprise connectivity solutions between the systems that create the data and the users that consume the data. Industrial organizations have a lot of operational data — but they often don’t know how to take advantage of it at the enterprise level to improve their operational resiliency, sustainability and supply chain agility. And although many digital transformation initiatives are on the rise in manufacturing, the fact that many companies still struggle to make OT and IT play nicely with each other prevents them from tapping into the hidden insights in all their industrial data sources.
A key reason for these roadblocks is the lack of proper correlating context, such as the data source, type or timestamp, while capturing OT data at the network edge or device level. Without this critical OT context, the captured data has low data integrity, driving up the time and effort it takes to prepare the data to build analytical models. In order to extract any actionable insights from this OT data, it needs to be packaged in an interchangeable and flexible format that can be easily shared between OT and IT applications.
This is the future of IT and OT integration — connecting data as it is being generated in real time to the analytics engines, quality systems, traceability records and optimization programs that drive industrial efficiency.
Already, new technology developments at the edge are helping to break down the barriers between the systems that create the data and the consumers of the data. Once the data can flow easily, data scientists can create actionable industrial performance insights. Software that collects, organizes and contextualizes OT data — and then makes it available to higher-level IT applications and databases — can unlock actionable plant- and enterprise-level insights to accelerate IIoT transformation.
So, what do these devices, designed to function at the intersection of OT and IT, look like? For one, the device should either be an IT device with OT features, or an OT device with IT features. It should also integrate the following capabilities:
- An ability to connect to built-in sensor networks connected to PLCs or controllers.
- An ability to connect directly to sensors, or to brownfield devices, modern PLCs, industrial switches and operator panels.
- Alarms that can be configured to alert users of out- of-bounds conditions.
- An ability to securely access data and assets over virtual private networks (VPN).
There are many reasons why manufacturers would want to have one device at the intersection of OT and IT. For one, the device serves as the critical bridge between the OT equipment that generates a company’s profits and the IT enterprise systems that inform the company’s decision-makers.
In addition, these edge devices deliver valuable, long- term insights into plant floor operations. With the data collected from OT, operations can transition from reactive and preventive maintenance strategies, to proactive, predictive and even prescriptive ones. For example, these devices can automatically alert operators to any changes or events that could lead to a machine shutdown, allowing them to stay ahead of — and avoid — costly production issues. And finally, thanks to over-the-air updates, users can easily add alarms or improve logic and data collection processes, or even monitor traffic on the OT network via simple network management protocols (SNMP) to note any changes.
The Importance of Standard Ethernet Solutions
The integration of IT and OT can be further enhanced by having a common set of diagnostic tools and management capabilities. In other words, different devices from different vendors can all be shared using IT tools to create greater IT and OT visibility. Ultimately, this feat requires a broad set of skills to optimize industrial operations and manage the effective transfer of valuable data from the plant to the manufacturing enterprise system (MES), enterprise resource planning (ESP) and cloud systems.
EtherNet/IP, which uses standard IEEE 802.3 Ethernet technology and Internet protocol suite standards, has played a critical role in the IT/OT convergence by providing operations with the information required by management to drive growth in an ever-changing business environment. Relying on standard Ethernet technology reduces the number of differences between the plant floor OT network and the broader enterprise IT network, making it easier to transport critical information wherever it needs to go. The object-oriented design of EtherNet/IP, via the underlying Common Industrial Protocol (CIP), enables the real-time control of services and device profiles in an interoperable environment. This design also makes it easier for those with an IT background to work with EtherNet/IP. Likewise, Profinet standards and Profinet-certified switches provide a common bridge between the OT and IT networks.
The differing priorities between IT and OT regarding data confidentiality versus network uptime have become a moot point, as converging networks have proven that data must remain confidential — and the production line must continue running. Both EtherNet/IP and Profinet are key to connecting lower-level and upper-level networks, enabling you to stay competitive and ensuring the preservation of workers and assets alike.
About the Author
In his role as the Technical Business Development Manager at Red Lion, Barry Turner brings together his 13 years of industrial experience and 15 years in the IT sector to aid customers in tackling their most complex industrial issues. His central goal is to empower customers to delve into, link, and fully understand the worth of their industrial data. Through Red Lion’s innovative products and solutions, he assists customers in accessing, connecting, and visually representing their application data, thereby revealing its intrinsic value.