Featured Image

Challenges in Protecting an OT vs IT Network: Equipment Differences

One of the main differences between an OT (operational technology) network, such as one found on the manufacturing floor, and an IT (information technology) network , such as one found in an office environment, is the equipment ...
Oct 14, 2021

One of the main differences between an OT (operational technology) network, such as one found on the manufacturing floor, and an IT (information technology) network , such as one found in an office environment, is the equipment that is connected to the network. This difference is the primary factor that drives the need for different strategies when implementing each of these types of networks. These differences also impact the strategies for deploying security solutions to protect the connected equipment in each of these environments.

Most of the equipment connected to an IT network is based on some form of standard computer technology – PCs, servers, printers, etc. All connected devices natively connect using some form of Ethernet communication, either direct connect or wireless. Also, most of this equipment is fairly new, typically less than 3-5 years old, and older equipment can be replaced or upgraded at a reasonable cost – typically several hundred dollars to thousands. Commercially available network security tools used to protect these networks and the connected equipment are specially designed for this environment.

This is not the case for OT networks on the manufacturing shop floor. While the percentage of equipment on the shop floor that can be directly connected to an Ethernet network is increasing, this still only represents a minority of the equipment found in manufacturing operations. Of this equipment, a still smaller percentage incorporates PC-like capabilities where traditional security tools can be deployed. For the balance of the equipment, extra steps are necessary to connect the equipment to the network and then provide the security tools needed to protect that equipment.

For the portion of the equipment that does connect to an Ethernet network, a majority utilizes any one of a variety of proprietary communications protocols and data formats that are not supported by most commercially available network security tools. For this equipment, an edge computing device will typically need to be added to the architecture to isolate individual pieces of equipment or groups of equipment. These edge computing devices can host the required security tools to protect the equipment from the balance of the network and protect the network from the equipment.

For the equipment that does not natively connect to an Ethernet-based network, an edge computing device can also be added to the architecture to provide both a translation/data collection function and to host the required security tools.

Deploying and then managing these edge computing devices are necessary, and they represent both an initial cost and ongoing maintenance/support costs. While these edge computing devices are an incremental cost to the business, losing significant production time due to a security attack can be much more costly.

Another factor that differentiates the equipment on an OT versus an IT network is the cost and impact on production for replacing older equipment. Manufacturing equipment tends to be used a lot longer than equipment found in the general business environment. It is not uncommon to find 20- and 30-year-old equipment in most facilities, whereas the typical office equipment is 3-5 years old or newer. In the office environment, the solution to addressing older equipment that cannot support current networking and security standards is to replace the equipment. In manufacturing, the costs associated with upgrading and/or replacing such equipment can be significant – often measured in tens or hundreds of thousands of dollars per device. Additionally, the disruption to production is another significant cost. Upgrading the electronics on a piece of equipment can easily be measured in days or weeks of lost production. Likewise, commissioning a new piece of equipment can also have a significant impact on production schedules. Deploying edge computing devices becomes the default standard method for connecting older pieces of equipment to the OT network environment with no, or minimal, impact on production.

The OT network is the backbone of all digital manufacturing implementations – delivering increased productivity and cost benefits. However, as described in this article, there are significant differences in the approach and technologies needed to deploy a secure OT network – it isn’t just a matter of running Ethernet cabling to each machine. As companies move forward with their digital manufacturing strategies, it is important to recognize that most pieces of equipment can provide valuable information to the decision-making process. However, it is equally important to recognize that the OT network requires special consideration for connecting equipment to create an effective and secure environment. 

John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
Sustaining a massive shift in U.S. Manufacturing. Guys, I can predict the future. Material flex. Yup, managing data is a thing now. Let’s have an honest conversation on cybersecurity.
How do you make sense of data that you’ve never seen? This article provides a first-line approach on garnering data insights after the data has been initially retrieved.
Today, a business’s shop floor network, its operational technology (OT) network, faces essentially the same security threats as their general business network, or information technology (IT) network. Fortunately, the same technologies are available to ...
In the age of digital manufacturing, data systems have become more critical. The migration to these services from physical or existing digital systems requires thorough planning and a solid connection to business processes.
As part of a new cybersecurity project, AMT hosted a webinar with a panel of experts focused on finding common ground between IT and OT.
Similar News
By John Turner | May 02, 2022

Cybersecurity protects your – and your clients' – assets. This series dives into how you can integrate a successful cybersecurity plan. From company culture to training and maintaining your personnel, creating a safe business environment starts here.

5 min
By John Turner | May 06, 2022

To build or enhance your company's cybersecurity plan, one of the first steps to consider is mapping out all access points to your company’s systems and network, including the interaction points between various systems within and outside the network.

5 min
By John Turner | Jun 03, 2022

Access control in an advanced cybersecurity plan go well beyond usernames and passwords. It means defining, implementing, and monitoring rules to control which persons and systems may access resources within your company’s network and computer systems.

5 min