IT/OT convergence: Manufacturing Sector

Goals

To identify the following information related to IT/OT convergence within the manufacturing environment/ sector: 1. What challenges do IT professionals face now that they are increasingly being called on to support/integrate with OT systems, 2. Are there differences in cybersecurity concerns in manufacturing environments (where things like safety, downtime, etc. may be even more of a concern), 3. What is the rate of connectivity in industrial assets/factories increasing, 4. How has IoT impacted the job requirements or challenges for IT professionals, 5. What are some considerations IT professionals need to have now that they haven't thought about in the past.

Early Findings

Overall Challenges

  • According to Digitalist Magazine, one of the challenges within the manufacturing (and energy) sector IT professionals is the frequent lack of appreciation of the unique and specific requirements of industrial control systems.
  • Industrial systems also include those that "cannot be taken down, rebooted, or even subjected to simple tests like a port scan without sometimes disastrous consequences." IT professionals must recognize the gaps between their own approaches and the engineers who develop, maintain, and operate industrial control systems.
  • A post from Automated World states that there is a strong resistance to change at an organizational level. Both the IT and operations departments have different people, goals, policies, and projects, operate in different ways and sometimes have conflicting approaches. Also, IT typically has stronger models compared to operations and cannot be directly applied to OT.

Cybersecurity Concerns

  • A whitepaper by Cisco states that in the earlier days, manufacturers were comfortable with the level security of machines on the factory floor due to proprietary machines and lack of enterprise connectivity. However, the new change (OT/IT convergence), combined with the increased threat of cybersecurity required a new approach and "security by obscurity" was no longer valid.
  • The report further states that operations must play a critical role in making cybersecurity work in the manufacturing sector. For instance, conducting regular system updates without consulting operations is a "potential downtime disaster waiting to happen." Operations should be involved in determining when the updates should happen, in line with planned maintenance schedules, and in evaluating any impact on the production system.

Proposed next steps:

You need to be the project owner to select a next step.