What Is IT/OT Assessment

16th  July, 2024.

In this post, we will see the concept of IT/OT assessment. The post is divided in two parts and this is the first part.

In industrial automation, one thing that gets most confused is the difference between IT and OT. It sounds similar and many new engineers think that they are one and the same. And most importantly, once the difference between them is understood, it also becomes necessary to assess both these terms for safe operation of a plant. It also helps in preparing a standard RFQ for vendors. For this reason, we have divided this post in two parts - the first part covers the basic theory and the second part goes a little deeper.

What is OT?

OT stands for operation technology. First, let's understand why these terms are used in industrial applications. When you are using an automation plant on the shop floor, you will use things like PLC, SCADA, HMI, mechanical devices, electrical devices and a control panel. These things are responsible for the core production and focus on increasing business output. This technology is called OT.

OT can simply be understood as ground level automation. And in industrial automation terms, it comes in L1 and L2 levels. OT is the base of the system and the workers work at this level for producing the final product. A local network of sensors, field equipment, controllers and a central SCADA system with networking comprises OT. 

What is IT?

IT stands for information technology. It is a common term which is known to many of us, but a lot of people do not know that it plays a role in industrial automation too. The limitation with OT is that the data moves locally with the SCADA network and is not confined to any higher level automation. If a production or logistic level network like MES or ERP requires this data, then it needs to access OT systems installed in a plant. The software used in MES / ERP, servers used for data storage, large network connectivity and redundancy, data security, data management by accessing OT networks, databases, various applications running, telecommunication networks interconnecting systems, and internet comprises IT. 

IT can simply be understood as upper level automation. And in industrial automation terms, it comes in L3 and L4 levels, which is also known as IoT (internet of things). IT is the advanced layer of the system and the workers work at this level for accessing the data of various local products manufactured in OT systems and handling them for inter-departmental exchange and increasing business turnover with efficient management. 

What is IT/OT convergence?

Now that we have learnt what IT and OT are, we will see why merging them or converging them is important. Consider there are 5 OT systems in a plant. If data is confined to each OT system in an individual way, the other systems will not be able to know what is happening. This cannot support interconnectivity, which can lag the business behind, as data is not shared. Also, if at all data interconnects these 5 systems, then other departments like logistics, production, QA / QC or finance cannot know what is happening inside the plant. They will have to come manually and access all data which will be very time consuming. So, to automate the whole factory process, IT and OT needs to be merged. 

Nowadays, as most of the sensors and instruments have IoT features enabled in them, convergence becomes much easier. Data from them can be directly sent to the cloud network, where IT engineers will access them for further processing like reports and all. 

Why and how to conduct an OT assessment?

We know that where there is a network, there comes the threat of security and hacking of data. As OT has a large number of different software and products, operators often get confused sometimes as to what is happening inside the plant. Also, as this data is merged with IT, they sometimes do not understand which data needs to be given and which not. In this case, if the network is open, software or firmware is obsolete, or Windows is not updated, a threat comes to data being leaked, or robbed by some external networks. Also, if a security audit is not performed timely, then the plant is at a very high risk of data privacy being stolen.

So, to implement IT/OT convergence, the very step is the assessment of OT. Assessment means to verify how OT is performing in terms of security and data management. It also plays a role before implementation of OT and during pre-bidding stages where RFQ is prepared. How? If the engineer first assesses the whole system requirement by designing architecture, cable layout, software to be implemented, network connectivity requirement and hierarchy of IT network above, then he will be able to prepare a proper RFQ accordingly. This will lower his efforts afterwards to automate the whole plant. OT assessment will take some general factors into consideration like what will be the internet speed, what will be the password architecture in all the networks, which networks will be shared, how frequently the firmware and software will be updated, and which automation devices will have web browsing enabled in it for easy troubleshooting. Due to OT assessment, all the risk factors will be put forward to you, with quality ratings of the network, identifying potential threat areas and debugging network issues quickly. 

I have covered a general theory related to IT/OT assessment in industrial automation. I have also not attempted to cover all the topics, as it can vary from systems to systems. Once you are familiar with this engineering, you can easily tackle all types of problems in it. In the next post (part-2), we will deeply cover all the aspects of OT assessment.

Thank you for reading the post. I hope you liked it and will find a new way in this type of technology.