Mike Manzi of Feyen Zylstra is breaking down some of the clear differences in It (Information Technology) and OT (Operational Technology)
IT vs. OT Culture Splits and Best Practices
Just a few years back, an Information Technology (IT) network and a plant floor Operational Technology (OT) network were wholly separate, with the personnel who ran each having very little to do with one another. With the advent of industrial Ethernet replacing fieldbus protocols on the plant floor, the two networks now share a common “language,” creating valuable opportunities to combine resources and collaborate on goals for overall organizational success. This newly termed “Network Convergence” also sets the stage for challenging interactions that can occur between IT and OT network personnel. Just because they share the word tech in their titles, does not mean OT and IT people share similar traits—or even come from the same planet! With different training, backgrounds, and cultures, merging the two groups can cause a rift that is detrimental to the network’s reliability and efficiency. Fortunately, the extent to which these collaborations become adversarial or collaborative is in large part up left up to the organization and people involved.
Many organizations find this to be a serious challenge and difficult to navigate. Due to their differences, there seems to be an inherent us vs. them mentality with the groups. It’s important to understand the differences between groups as it serves as a first step towards bridging the gap.
Differences between IT and OT
1. Time is a construct:
IT professionals operate in a 9-5 world, while OT is a 24/7 operation. IT functions with standard help desk tickets and network troubles that are addressed in a timely fashion in the order they’re received. Not so in OT’s world. Downtime means lost production and that translates into lost revenue by the minute. It’s all hands-on deck until the issue is resolved, or at least until a temporary fix is determined.
2. A matter of priority:
The priorities amongst IT and OT teams are relatively polar. While IT operations revolve around the AIC triad (availability, integrity, and confidentiality), OT professionals value uptime and safety as their top priorities. When machines are down, every minute counts to mitigate the loss on a plant floor. Availability of equipment is not an emergency to IT where alternate printers or devices are readily available. By the same token, safety measures in a low-voltage environment are not relevant to someone in IT, but confidentiality becomes a major pain point in the event of a security breach. Real threats and vulnerabilities exist in both worlds, they just have different consequences.
3. Early vs. late adopters:
To an OT professional, reliability is key which means new technology is adopted once it’s matured and debugged. While this practice drives stability it also means equipment is older. Skill sets also vary given system gaps and may be a generation apart. To further widen the gap, OT professionals generally have engineering backgrounds and similarities in how they problem solve. An IT professional’s education is not rooted in an engineering perspective.
4. Reference Points:
Another important difference between the groups is the difference in reference points. Although IT and OT people are both “T” people, their technology training and experience leads them in different directions. As suggested, IT people are cybersecurity savvy and know about the technology and products that keep networks protected. While OT people can code and deploy a PLC, a valuable skill that’s fairly foreign to IT people.
With their differing backgrounds, even the “same” language can have a completely different meaning. Once, I was talking with a mixed IT/OT group about “SIP.” It soon became apparent from the dialog that we weren’t all talking about the same thing. One group was referring to CIP as in “Common Industrial Protocol” and the other SIP as in “Session Initiation Protocol.” Miscommunications like this could lead to major problems—like if someone was told verbally to ensure that a new device is compatible with “SIP.”
5. Downtime and Risk:
This difference in priorities shows itself in many ways. For IT, the go-to fix is to reboot, resulting in a period of unavailability that is deadly for production. Performing software upgrades and patches are routine and pose a low risk. In OT, patches and upgrades mean taking something offline, and so are reserved to be completed during a scheduled downtime. IT also loves to scan the network, a proactive measure meant to ensure that there are no viruses or threats on the network. This scan does not affect PCs and printers, but delicate PLCs on the plant floor can crash from being pinged—another example of how availability must overshadow other concerns on the plant floor.
How to Bridge the Gap
Both IT and OT people are smart and knowledgeable, which sometimes means they carry an ego. They may talk to impress each other and if they don’t understand something, they may not feel comfortable asking for clarification. In a converged environment this is an issue. Create an environment where it’s clear that there are no dumb questions—only questions worthy of a sincere answer. Big egos, rattling off jargon, and using unexplained acronyms should be discouraged, and people should be encouraged to elaborate as if they are speaking to non-technical colleagues. Everyone should be prepared to generously teach their area and respectfully listen and learn about the other area, with each side explaining technologies, best practices, and describing the reasons behind their daily workflow needs as appropriate.
With a healthy dose of patience, understanding, and a desire to leave ego aside, an organization only stands to benefit from an OT/IT convergence. With support from the top down, a blend of the two teams sets an organization up for success with maximized connectivity and efficiency. The growing pains are inevitable, but the rewards are manifold. If you’re not sure where to start, Feyen Zylstra is here to help.
For more information, please check out the following resources:
- IT/OT Convergence: How to Achieve Success and Avoid Pitfalls
- Industrial Network and Cyber Security Information
- Industry 4.0 Workshop
- 8 Ways I4.0 is Helping Manufacturers Recover from C-19
- Free Industrial Networking Assessment