Featured Image

Challenges in Protecting an OT vs IT Network: Equipment Differences

One of the main differences between an OT (operational technology) network, such as one found on the manufacturing floor, and an IT (information technology) network , such as one found in an office environment, is the equipment ...
Oct 14, 2021

One of the main differences between an OT (operational technology) network, such as one found on the manufacturing floor, and an IT (information technology) network , such as one found in an office environment, is the equipment that is connected to the network. This difference is the primary factor that drives the need for different strategies when implementing each of these types of networks. These differences also impact the strategies for deploying security solutions to protect the connected equipment in each of these environments.

Most of the equipment connected to an IT network is based on some form of standard computer technology – PCs, servers, printers, etc. All connected devices natively connect using some form of Ethernet communication, either direct connect or wireless. Also, most of this equipment is fairly new, typically less than 3-5 years old, and older equipment can be replaced or upgraded at a reasonable cost – typically several hundred dollars to thousands. Commercially available network security tools used to protect these networks and the connected equipment are specially designed for this environment.

This is not the case for OT networks on the manufacturing shop floor. While the percentage of equipment on the shop floor that can be directly connected to an Ethernet network is increasing, this still only represents a minority of the equipment found in manufacturing operations. Of this equipment, a still smaller percentage incorporates PC-like capabilities where traditional security tools can be deployed. For the balance of the equipment, extra steps are necessary to connect the equipment to the network and then provide the security tools needed to protect that equipment.

For the portion of the equipment that does connect to an Ethernet network, a majority utilizes any one of a variety of proprietary communications protocols and data formats that are not supported by most commercially available network security tools. For this equipment, an edge computing device will typically need to be added to the architecture to isolate individual pieces of equipment or groups of equipment. These edge computing devices can host the required security tools to protect the equipment from the balance of the network and protect the network from the equipment.

For the equipment that does not natively connect to an Ethernet-based network, an edge computing device can also be added to the architecture to provide both a translation/data collection function and to host the required security tools.

Deploying and then managing these edge computing devices are necessary, and they represent both an initial cost and ongoing maintenance/support costs. While these edge computing devices are an incremental cost to the business, losing significant production time due to a security attack can be much more costly.

Another factor that differentiates the equipment on an OT versus an IT network is the cost and impact on production for replacing older equipment. Manufacturing equipment tends to be used a lot longer than equipment found in the general business environment. It is not uncommon to find 20- and 30-year-old equipment in most facilities, whereas the typical office equipment is 3-5 years old or newer. In the office environment, the solution to addressing older equipment that cannot support current networking and security standards is to replace the equipment. In manufacturing, the costs associated with upgrading and/or replacing such equipment can be significant – often measured in tens or hundreds of thousands of dollars per device. Additionally, the disruption to production is another significant cost. Upgrading the electronics on a piece of equipment can easily be measured in days or weeks of lost production. Likewise, commissioning a new piece of equipment can also have a significant impact on production schedules. Deploying edge computing devices becomes the default standard method for connecting older pieces of equipment to the OT network environment with no, or minimal, impact on production.

The OT network is the backbone of all digital manufacturing implementations – delivering increased productivity and cost benefits. However, as described in this article, there are significant differences in the approach and technologies needed to deploy a secure OT network – it isn’t just a matter of running Ethernet cabling to each machine. As companies move forward with their digital manufacturing strategies, it is important to recognize that most pieces of equipment can provide valuable information to the decision-making process. However, it is equally important to recognize that the OT network requires special consideration for connecting equipment to create an effective and secure environment. 

John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
For once, history is useful. Hope we are not still paying for that. Is faster better? Printing the big stuff. Barriers to tech adoption.
Do you have a plan to prevent malware from infecting your computer system? Would you plug a random USB into a machine? Find out how to address these issues by watching Season 2 Episode 1 of “Smart(er) Shop,” an IMTS+ Original Series.
One of the biggest threats to a company’s cybersecurity is its employees. Promoting cybersecurity means focusing on reducing human error and promoting cyber hygiene.
Collaboration = manufacturing. Check your chips. Who doesn’t like new materials? 5G in manufacturing. We are living in the future.
Meta manufacturing. Modest comeback in factory jobs. 5G-enabled students. Augmented reality isn’t dead yet. Bing is back.
Similar News
By John Turner | Feb 23, 2024

Edge computing in digital manufacturing involves placing devices between data sources and the network, and ranges from basic data collection to distributed systems. Learn more about its benefits like data processing, isolation, organization, and security.

5 min
By Bonnie Gurney | Feb 08, 2024

At IMTS 2024, discover unexpected solutions, including haptic feedback to improve remote robot operation and digital training, quality control software, additive manufacturing powders and gases, services to address labor issues via an app, and more.

5 min
By John Turner | Feb 05, 2024

What are the benefits of harvesting semantic data from equipment on the shop floor? For starters, it's easier to integrate machines into shop maintenance and monitoring systems. Learn how the industry has responded to semantic data – and where it's going.

5 min