Stephen Mooney, Wireless Product Sales Manager, Advantech Europe, writes about strategies to bridging the OT/IT gap
The rise to prominence of AI and its hunger for data is driving a rapidly growing demand for effective ways to bridge the gap between the operational technology (OT) and information technology (IT) domains.
For system integrators and consultants, choosing the right technology partner with optimal solutions will ensure the successful delivery of end-user benefits that include faster decision-making via real-time data access, better security via a holistic end to end view, improved compliance, enterprise-wide visibility and reduced OPEX costs.
Among the first challenges of bringing the OT and IT worlds together is recognising that these two domains have their own user groups with a distinct set of protocols, network architectures, operational requirements and service levels.
The IT environment spans everything from small-scale office networks to campus networks to city-wide networks and global backbone networks primarily with voice and data services running on top. Characterised by hyperscale levels of connectivity and throughput, IT network architectures must often meet a different set of requirements to those prevalent in the OT world. These include high levels of availability, redundancy combined with a vast array of domain specific protocols.
The OT environment centres on a different user group, one that includes factories, warehouses, water utilities, energy generation and renewables. Characterised by local or stand-alone networks, the OT domain is traditionally separate from its IT counterpart. Often these local OT networks operated as isolated islands of network architectures for legacy reasons.
However, with growing demand for AI-driven analytics in the Cloud, an increasing need is developing with a push to move data all the way from its Field Area Network (FAN) through to any one of a number of Cloud-based servers. Building a bridge from the OT world to the IT world through thorough functional and operational understanding helps customers realise the benefits and scale for the future.
OT networks (FAN’s) feature many different elements (that require specific protocols), including SCADA, PLC, CNC, Ethernet/CAT and serial. While it is possible to find some overlap with the IT world, there is undeniable disparity in the OT and IT network domains. The defining difference is the nature of operation. The OT world is often mission-critical rather than just business-critical. It introduces safety systems, for example, where mission-critical latency and deterministic network behaviour become the overriding priorities. For the OT networks, its not often about best effort high download speeds, in fact it is often the opposite with low volume data, low latency in the uplink.
Go the distance
Further differentiators include lifecycle. The lifecycle for an IT domain is typically 2-5 years, after which most scale-up their systems as faster interfaces become available. OT domains often have a lifecycle of 10 years or more, usually until a significant event or driver prompts migration to a new type of technology.
While IT networks typically feature a diversified well-connected infrastructure, this is not always the case in the OT world, where limited physical path connectivity can prove problematic, particularly at a remote factory or water treatment plant. There might not be any cellular or fibre coverage, for example, with some having to rely on a relay of microwave links or soon to be discontinued xDSL copper lines.
Further challenges include the harsh physical environment of OT domains, which clearly influences hardware selection. The OT ecosystem of technology players is also much smaller than the vast diversity available in the IT world.
Roadmap to a smarter future
So, what could a combined OT/IT network look like? How is it possible to map the many services and SLA’s from the OT space into the IT space without compromising the necessary levels of service assurance? The first step is to understand the challenges: what am I trying to achieve and what assets do I have to manage?
The OT space has many different types of connectivity and protocols that all require management. Some might need external access, while others may require very defined network behaviours, such as protocol conversion on the edge or in-house (LAN) network control. For the IT space, there is a multitude of network connection options typically available, including fibre optic (dark fibre), cellular, microwave and others as well as connections with private and public Cloud services.
Managing all these elements forming an end-to-end architecture takes considerable effort, not simply because end-service infrastructure delivery is quite challenging (especially when using the connection of a public Internet service provider), but also because it can be difficult achieving the level of service assurance necessary to match OT network requirements.
There are many links in the chain of end-to-end service delivery but the increasingly ‘gateway’ becomes a key component. Representing the stepping stone between the two worlds, a gateway can take care of OT connectivity and its unique protocols, then marry it across into the IT space. The result? High levels of connectivity, protocol harmonisation and cloud service integration.
Fit for purpose hardware
The key elements of a highly functional gateway are hardware, firmware and software.
Hardware must be industrial by design. Standard commercial components will not survive when pushed to industrial limits of physical endurance over the very long lifecycles of OT networks. If the hardware fails, so will the services that sit behind it, not only breaking links to the IT world but often the local operation of the OT network itself.
Take, for example, a 5G cellular router/gateway. Only a high-performance industrial design package will support a successful bridge between the OT and IT environments. One such advice here is to look at the specified mean time between failures (MTBF). Some industrial cellular routers offer a MTBF of 40 years or more. Examples of industrial cellular routers running for 12 years or more without ever receiving even one power cycle. Compared to the commercial IT world, these numbers are astronomically higher than a commercial modem without industrial ratings.
Taking a robust approach
When scrutinising an operating system (OS) inside a cellular router or gateway, the main requirements are stability and reliability. It might not have bleeding-edge protocol implementations, but it should offer high levels of functionality. For this reason, detailed regression testing is vital to ensure that, as the solution evolves to adopt new firmware for enhanced functionality and security, it does not compromise what is already in place and seamlessly integrates in to the existing architecture.
Although the lifecycle of replacing firmware often exhibits a shallower curve in the OT domain compared with the IT world, the dependability, reliability and deterministic behaviour of the OS is absolutely crucial.
The advice is to seek an OS designed specifically for an industrial cellular router. While there will be some overlap with the IT world – it is after all a bridge between the two worlds – it should be OT application-specific and focused on the required service delivery.
Building bridges
Many find the thought of a bridging the OT/IT gap as daunting and intimidating and understandably so. Considerations to the dependencies of both OT and IT worlds can double and compound the complexity in solving the end-to-end solution. However, identifying a reputable technology partner will go a long way to ensuring project success.
Stephen Mooney is the Product Sales Manager for Industrial Wireless at Advantech Europe. With eight years at Advantech, he brings extensive experience in network architecture, IoT, and remote monitoring. Stephen has proven expertise in technologies such as LTE, LoRaWAN, and WiFi, as well as multi-vendor integration for defence, public safety and energy and utilities sectors.
Author: Stephen Mooney, Wireless Product Sales Manager, Advantech Europe
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.
