Operational Technology

Operational Technology (OT) – hardware, software, personnel and its activities, focused on detecting or causing changes in industrial processes through direct monitoring and/or control of physical devices such as valves, pumps etc. Simply: people and technology that supports industrial processes.

The term has been established to demonstrate technological and functional differences between traditional IT systems and Industrial Control Systems environment.

OT – Technology perspective

OT – technology perspective - usually environments containing Industrial Control Systems (ICS) including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), Remote Terminal Unit (RTU) and programmable logic controllers (PLC) as well as dedicated networks and organization units.

OT – Systems perspective

OT Systems - systems that process operational data (including electronic, telecommunications, computer systems and technical components).

OT systems are required to control valves, engines, conveyors and other machines to regulate various process values, such as temperature, pressure, flow, and to monitor them to prevent hazardous conditions. OT systems use various technologies for hardware design and communications protocols, that are unknown in IT. The most common problems are legacy system and devices and numerous vendor architectures and standards.

Since OT systems supervise industrial processes most of the time availability must be sustained 24/7 that means real time or near real time processing.

OT Protocols - OT networks consists of industrial proprietary protocols, standard automation protocols (DNP3, Modbus, Profibus etc. ) and nowadays standard network protocols (e.g. TCP/IP protocol)

OT – Security perspective

Approach to OT security – from the very beginning security of the OT environment was the most important issue. Due to different technology and use of actual machinery controlled 24/7 it was eminent that approach to OT security should be tailored to address OT requirements. Approach known from regular IT is usually replaced or redesign to align it with OT environment. OT has different priorities and a different infrastructure to protect.

In terms of Security attributes (confidentiality, availability and integrity) in traditional IT confidentiality is usually referred to be the most important while in OT it is availability or depending on the process type integrity

OT components (e.g. systems or controllers) are often built without basic security requirements aiming on achieving only functional goals. Those components may be insecure by design and vulnerable to cyberattacks.

Vendor dependency – Due to lack of wide knowledge related to industrial automation most companies are heavily dependent on their OT vendors. This results in a vast problem named “Vendor lock”.

Critical Assets – because of its role in monitoring and controlling the critical industrial process OT systems are very often part of National Critical Infrastructure.

OT – Critical Infrastructure perspective

Due to the fact that Operational Technology is used in refineries, power plants, nuclear plants etc. it is also commonly part of the critical infrastructure systems. Depending on the county there are more and more legal obligations for Critical Infrastructure operators.

OT – Governance perspective

OT – governance perspective – while ICS term is mostly focused on technology, system (e.g. SCADA or PLC) OT term is taking into consideration also personnel and its activities.

There is a strong focus put on subjects like IT / OT cooperation or IT/OT alignment nowadays. It is crucial for the companies to build close cooperation between IT and OT departments. IT/OT alignment results in increased effectiveness in many areas of OT, such as change management, incident management most important security standards.

Sectors

OT sectors – consist of environments used in numerous types of different industrial and technological processes in the industries such as:

Description

The Term OT is now widely used in the industry but also for instance by:

  1. Gartner e.g. http://www.gartner.com/it/page.jsp?id=1590814 http://www.gartner.com/technology/research/it-ot-alignment/
  2. NIST e.g. http://www.nist.gov/itl/upload/preliminary-cybersecurity-framework.pdf
  3. ISA (International Society of Automation) e.g. https://www.isa.org/belgium/standards-publications/ISA99/
  4. ENISA e.g. https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/scada-industrial-control-systems/maturity-levels or https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/scada-industrial-control-systems/maturity-levels/at_download/fullReport
This article is issued from Wikipedia - version of the Sunday, January 24, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.