It’s Time to Demystify OT, What a CxO Needs to Know
In my first Analyst Syndicate post, I talked about the ongoing IT-OT civil war and why a CIO or other tech-related CxO needs to actively address the issue to get the most from Digital Transformation. The questions that blog raises has prompted this blog post about what the roots of the tribalism Prediction 2020 revealed as well as a follow-on blog I’ll be doing about steps to take to end partisanship.
The literal terminology of “IT vs. OT” was introduced by Gartner about a decade ago. Traditional CIO focused information systems technology, used in support of classic front office and accounting, evolved from the function of data processing. Plant engineering and control-based use of the same or near similar technology in actual operations started in the late 1970s and achieved rapid adoption in the mid-1990s with the advent of the PC on the shop floor. So, the reality is the IT-OT bifurcation has existed for more than thirty years, it just has a catchphrase now that helps fuel the hype around the topic.
One person’s IT is another’s OT
Part of the problem with trying to talk about the IT-OT divide is that there is no definition of what IT vs. what OT is. Generally, people will readily agree that a corporate email system or the financial accounting software is IT. Likewise, there is usually the agreement that a computer numeric control (CNC) machine tool is OT. There is sometimes the ability to agree that a process control system, such as a programmable logic controller (PLC) is probably OT. Less often will you find an agreement that the manufacturing execution system (MES) is OT, as it often depends on who implemented the software. If the IT department was the prime driver for the project, the technology probably is considered IT but if operations put the technology in and only relied on IT to install the networking and to operate the servers it runs on, people likely think of it as OT. The irony of some of this is that in some companies, what is considered IT or OT can vary by business unit or even from plant to plant. If you are a financial company, then accounting software, what a manufacturer considers IT is likely your OT.
In the very early days of computers on the shop floor, much of the technology was highly proprietary and often ran software that was unique to a vendor or even to a specific product. Since the advent of the PC and high-speed and wireless networking much of what is considered OT is technologically the same as what runs in the corporate IT data and telecom centers. The IT-OT divide is less about the underlying technology and mostly about who uses it with some influence on how the tech is used. If a PLC is used to control the machinery that palletizes products most would consider it OT. If a PLC is used strictly to count palletized packages to fill out an inventory report, that is part of an ERP system many would consider it to be IT. The challenge becomes when it is a single PLC that is doing both. The reality today is that there are very few real distinctions about what is IT and what is OT based on the technology itself.
Why the Myths About OT
Unfortunately, there is a considerable incentive in the market today to make OT seem highly differentiated from IT. This differentiation serves both the end-user and the supplier community. For the end-user engineers, it provides autonomy and the freedom to experiment and problem solve, a passion for most engineers. For OT suppliers, it creates additional buying centers that are easier to sell to, often based on features and function over adherence to standards or interoperability. Both hardware and pure software suppliers can benefit from a more closed but interface-driven world than an open and seamlessly integrated one.
Not to say IT vendors are not complicit as well. Either by ignoring the importance of OT, or by trivializing the real differences between IT and OT, they often try to keep the CIO focused on their value proposition and position themselves as more capable than they are vis-à-vis operational technology. By keeping the myths and half-myths of the IT-OT divide alive, technology deployment evolves in silos and the full value from investments becomes more difficult to achieve.
- Myth 1: The real-time demands of OT are so great that IT people just don’t know how to deal with them. While this may be true in a specific company, it doesn’t wash across industry in general. The complexities and speed demands of Cloud computing and global telecommunication networks can be just as demanding a process control system in a typical manufacturing plant. The technological challenges in today’s IT environment and the solutions IT infrastructure providers have are robust enough for the vast majority of operational challenges.
- Myth 2: OT cybersecurity is riskier than IT cybersecurity; hacking a credit card number is bad but blowing up a plant could be catastrophic. This is really a partial myth. The potential risks from an OT hack can be more serious, at least in the short term than a typical IT hack. However, it turns out that techniques, vulnerabilities and actual pathways hackers take are the same in OT and IT systems. Often the OT system vulnerabilities sometimes are exacerbated because the OT uses outdated and no longer supported underlying IT. A common pathway into OT systems is via infected USB drives or emails and basic IT security discipline could have stopped some of the more noted OT intrusions.
- Myth 3: IT isn’t responsive enough to deal with OT issues. An OT malfunction or outage can cripple a plant and business can’t wait for IT to put together a task force to evaluate the problem, design a solution and schedule a fix, months in the future. Again, another partial myth in that in many organizations the mechanisms that IT has in place to deal with a something like a desktop crash or a password loss are inadequate to deal with a PLC or other OT crash. But this is a management issue, not an inherent IT capabilities problem. Anyone running a global network that drives a Fortune 100 business has to have response mechanisms that are suitable for OT issue response.
- Myth 4: Engineers (OT) and programmers (IT) are like oil and water: they don’t mix. Yes, there are fundamental training and educational differences between many classic IT professionals and the engineers that typically operate OT. There is also the natural “tribal affinity” that I talked about in my Predicts 2020 post because of these different backgrounds. But the lack of collaboration between these two groups is an organizational and leadership issue, not an inherently unsolvable problem.
- Myth 5: OT suppliers are all specialists and are not really strategic to our overall digital transformation portfolio. This is the biggest myth of all. Many of the vendors traditionally thought of as strictly OT or plant level suppliers have expanded their portfolios to provide a significant part of the technology footprint needed for digital transformation. Ignore them and your competitors might just see their value and outmaneuver you leaving you so far behind the market you become a bit player. Likewise, engineering and operations managers need to understand that many of the traditional enterprise software suppliers traditionally associated with IT have expanded their portfolios and can become a valuable partner in building out the OT footprint.
So Now What?
The pace of technology change is not going to abate. Running manufacturing plants in the Cloud five years ago was considered risky and unwise, today Cloud is rising and soon to be the dominant model in some industries. Wireless sensors were thought of much the same way five years ago – good for data collection but not appropriate for control and that also is no longer the case. With AI and machine learning rapidly ascending and RPA, the hottest new technology trend, traditional OT applications like MOM and APM are going to have to be rethought. 5G also promises to radically alter how, when and where we get data about processes and consequentially how we control them.
A CxO in charge of digital transformation needs to get over the idea there is IT and there is OT. THERE IS ONLY “T”. Technology and its ability to reshape business are not limited by the labels we give but rather by how we organize to deploy and utilize it. Take these steps to dissolve the supposed barrier between IT and OT:
- Educate yourself about what technologies operations consider OT and are not within your purview
- Include all systems that connect to internal networks in your overall architecture
- Include operational technologists in any IT strategy and digital transformation plans
- Insist on at least a reviewer role for any significant OT purchases
In my next blog post, I’ll explore how to start breaking down the IT-OT divide and building a team that can more effectively effect transformation.