Featured Image

Challenges in Protecting an OT vs IT Network: Equipment Differences

One of the main differences between an OT (operational technology) network, such as one found on the manufacturing floor, and an IT (information technology) network , such as one found in an office environment, is the equipment ...
Oct 14, 2021

One of the main differences between an OT (operational technology) network, such as one found on the manufacturing floor, and an IT (information technology) network , such as one found in an office environment, is the equipment that is connected to the network. This difference is the primary factor that drives the need for different strategies when implementing each of these types of networks. These differences also impact the strategies for deploying security solutions to protect the connected equipment in each of these environments.

Most of the equipment connected to an IT network is based on some form of standard computer technology – PCs, servers, printers, etc. All connected devices natively connect using some form of Ethernet communication, either direct connect or wireless. Also, most of this equipment is fairly new, typically less than 3-5 years old, and older equipment can be replaced or upgraded at a reasonable cost – typically several hundred dollars to thousands. Commercially available network security tools used to protect these networks and the connected equipment are specially designed for this environment.

This is not the case for OT networks on the manufacturing shop floor. While the percentage of equipment on the shop floor that can be directly connected to an Ethernet network is increasing, this still only represents a minority of the equipment found in manufacturing operations. Of this equipment, a still smaller percentage incorporates PC-like capabilities where traditional security tools can be deployed. For the balance of the equipment, extra steps are necessary to connect the equipment to the network and then provide the security tools needed to protect that equipment.

For the portion of the equipment that does connect to an Ethernet network, a majority utilizes any one of a variety of proprietary communications protocols and data formats that are not supported by most commercially available network security tools. For this equipment, an edge computing device will typically need to be added to the architecture to isolate individual pieces of equipment or groups of equipment. These edge computing devices can host the required security tools to protect the equipment from the balance of the network and protect the network from the equipment.

For the equipment that does not natively connect to an Ethernet-based network, an edge computing device can also be added to the architecture to provide both a translation/data collection function and to host the required security tools.

Deploying and then managing these edge computing devices are necessary, and they represent both an initial cost and ongoing maintenance/support costs. While these edge computing devices are an incremental cost to the business, losing significant production time due to a security attack can be much more costly.

Another factor that differentiates the equipment on an OT versus an IT network is the cost and impact on production for replacing older equipment. Manufacturing equipment tends to be used a lot longer than equipment found in the general business environment. It is not uncommon to find 20- and 30-year-old equipment in most facilities, whereas the typical office equipment is 3-5 years old or newer. In the office environment, the solution to addressing older equipment that cannot support current networking and security standards is to replace the equipment. In manufacturing, the costs associated with upgrading and/or replacing such equipment can be significant – often measured in tens or hundreds of thousands of dollars per device. Additionally, the disruption to production is another significant cost. Upgrading the electronics on a piece of equipment can easily be measured in days or weeks of lost production. Likewise, commissioning a new piece of equipment can also have a significant impact on production schedules. Deploying edge computing devices becomes the default standard method for connecting older pieces of equipment to the OT network environment with no, or minimal, impact on production.

The OT network is the backbone of all digital manufacturing implementations – delivering increased productivity and cost benefits. However, as described in this article, there are significant differences in the approach and technologies needed to deploy a secure OT network – it isn’t just a matter of running Ethernet cabling to each machine. As companies move forward with their digital manufacturing strategies, it is important to recognize that most pieces of equipment can provide valuable information to the decision-making process. However, it is equally important to recognize that the OT network requires special consideration for connecting equipment to create an effective and secure environment. 

John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
Check in for the highlights, headlines, and hijinks that matter to manufacturing. These lean news items keep you updated on the latest developments.
Challenges faced by manufacturers. No more greasing ball bearings??? In-field inspection. Making additive more better. Automating customers.
Lean leadership. Manufacturing: there’s an app for that. Reshoring is real. Shrinkflation fit tooling. What do you call a hedgehog with ADHD.
Chinese hi-fi showed a strong performance-per-dollar-value prop in the sector of in-ear monitors (IEMs). IEMs are like fancy earbuds, but they work like sound-isolating earplugs with extreme definition sound reproduction.
Martian gears. Increase profits by sustainable manufacturing. Don’t forget your identity. Artificial intelligence and quality. Value of a production lab.
Similar News
By John Turner | Sep 01, 2022

Advanced cybersecurity plans should include functionality for logging every attempt to access the network or critical areas on the network to protect business assets or as required for legal or contractual requirements. Read on to learn what that involves.

5 min
By John Turner | Oct 03, 2022

Configuration management in cybersecurity provides a uniform environment to deploy security updates, and a standardized platform to monitor network activity to identify potential security breaches. Learn what it is, how to use it, and what to watch for.

4 min
By John Turner | Aug 08, 2022

The definition and management of the credentials used to access the resources within a company's network requires their own set of rules within an access control strategy. Here are some important security elements to consider with usernames and passwords.

5 min