By Barry Turner, technical business development manager, Red Lion

Exploring some of the challenges and opportunities for successful OT and IT integration in modern manufacturing environments.

The worlds of information technology (IT) and operational technology (OT) in manufacturing plants have traditionally functioned independently of each other. The goal of OT was to keep the plant running smoothly, while IT managed all the business applications within the enterprise. But with the explosion of the Industrial Internet of Things (IIoT), these two technology worlds are rapidly uniting.

Rethinking the IT and OT relationship, along with the technologies at play, can go a long way toward helping your business be more competitive, efficient, and secure. But integrating these two worlds — what’s known as the IT/OT convergence is no easy feat. Security concerns, as well as a need to contextualize OT data for higher-level IT use, are some common challenges.

Fortunately, new solutions — from Defense in Depth security plans to edge connection software — are beginning to bridge the gap between IT and OT, taking smart manufacturing to new heights. Here’s a rundown of some common IT/OT convergence challenges, as well as the technologies that are poised to solve them.

Implementing a Defense in Depth Security Plan
Traditionally, IT and the OT departments have different priorities when it comes to security, making education and communication between the two teams critical especially when it comes to building the future of industrial networking. For example, it’s important for the OT department to understand and implement key concepts that the IT department has already been using. Embracing a Defense in Depth (DiD) strategy, in which multiple layers of security controls are placed throughout an IT system, can increase the security of a network or application. DiD works by adding multiple layers of protection — which can come in the form of virtual local area networks (VLAN), firewalls, and strict user access control — from attacks.

Increasing network and application security by implementing a DiD strategy can help align the IT and OT teams and create a more robust application.

One way to get started is to build zones and conduits using VLANs, routers, and monitored access control. In terms of the hardware, you only need layer 2 Ethernet switches to create the VLANs. Then, using routers and firewalls, you can build a path in and out of these smaller zones.

It’s also important to implement access control, as well as some type of monitoring and alerting. Many times, you can use access control lists, which would allow access based on the IP or MAC address of a network device. The network should also log and alert
administrators if and when unusual activity is detected, ensuring control engineers have as much time as possible to take action and mitigate downtime.

One current technology many IT departments are already using is Syslog, a standard for message logging that separates the software that generates, stores, and reports the messages. Many industrial control products support this feature, including the FlexEdge™ Intelligent Edge Automation Platform (see sidebar on last page for more information) and NT24k Ethernet switch.

Breaking Down Barriers With Software at the Edge
Successful IT and OT integration will depend on enterprise connectivity solutions between the systems that create the data and the users that consume the data. Industrial organizations have a lot of operational data — but they often don’t know how to take advantage of it at the enterprise level to improve their operational resiliency, sustainability, and supply chain agility. Although many digital transformation initiatives are on the rise in manufacturing, the fact that many companies still struggle to make OT and IT play nicely with each other prevents them from tapping into the hidden insights in all their industrial data sources.

A key reason for these roadblocks is the lack of proper correlating context, such as the data source, type, or timestamp, while capturing OT data at the network edge or device level. Without this critical OT context, the captured data has low data integrity, driving up the time and effort it takes to prepare the data to build analytical models. In order to extract any actionable insights from this OT data, it needs to be packaged in an interchangeable and flexible format that can be easily shared between OT and IT applications.

This is the future of IT and OT integration — connecting data as it is being generated in real-time to the analytics engines, quality systems, traceability records, and optimization programs that drive industrial efficiency.

Already, new technology developments at the edge are helping to break down the barriers between the systems that create the data and the consumers of the data. Once the data can flow easily, data scientists can create actionable industrial performance insights. Software that collects, organizes, and contextualizes OT data — and then makes it available to higher-level IT applications and databases — can unlock actionable plant- and enterprise-level insights to accelerate IIoT transformation.

So what do these devices, designed to function at the intersection of OT and IT, look like? For one, the device should either be an IT device with OT features, or an OT device with IT features. It should also integrate the following capabilities:

• An ability to connect to built-in sensor networks connected to PLCs or controllers.
• An ability to connect directly to sensors, or to brownfield devices, modern PLCs, industrial switches, and operator panels.
• Alarms that can be configured to alert users of out-of-bounds conditions.
• An ability to securely access data and assets over virtual private networks (VPN).

One example of a technology that checks all these boxes is FlexEdge™ (see sidebar on last page for more information), an IIoT platform that combines secure networking features with powerful automation capabilities. You can take FlexEdge from a feature-packed networking gateway all the way up to a controller for managing applications that require advanced logic control. Its RADIUS feature enables you to securely connect to the network, while SQL can synchronize to IT data servers.

There are many reasons why manufacturers would want to have one device, like FlexEdge, at the intersection
of OT and IT. For one, the device serves as the critical bridge between the OT equipment that generates a company’s profits and the IT enterprise systems that inform the company’s decision-makers.

In addition, these edge devices deliver valuable, long-term insights into plant floor operations. With the data collected from OT, operations can transition from reactive and preventive maintenance strategies, to proactive, predictive, and even prescriptive ones. For example, these devices can automatically alert operators to any changes or events that could lead to a machine shutdown, allowing them to stay ahead of — and avoid — costly production issues. Finally, thanks to over-the-air updates, users can easily add alarms or improve logic and data collection processes, or even monitor traffic on the OT network via simple network management protocols (SNMP) to note any changes.

The Importance of Standard Ethernet Solutions
The integration of IT and OT can be further enhanced by having a common set of diagnostic tools and management capabilities. In other words, different devices from different vendors can all be shared using IT tools to create greater IT and OT visibility. Ultimately, this feat requires a broad set of skills to optimize industrial operations and manage the effective transfer of valuable data from the plant to the manufacturing enterprise system (MES), enterprise resource planning (ESP), and cloud systems.

EtherNet/IP, which uses standard IEEE 802.3 Ethernet technology and Internet protocol suite standards, has played a critical role in the IT/OT convergence by providing operations with the information required by management to drive growth in an ever-changing business environment. Relying on standard Ethernet technology reduces the number of differences between the plant floor OT network and the broader enterprise IT network, making it easier to transport critical information wherever it needs to go. The object-oriented design of EtherNet/IP, via the underlying Common Industrial Protocol (CIP), enables the real-time control of services and device profiles in an interoperable environment. This design also makes it easier for those with an IT background to work with EtherNet/IP. Likewise, Profinet standards and Profinet-certified switches provide a common bridge between the OT and IT networks.

FLEXEDGE SOFTWARE GROUPS
FlexEdge’s field-unlockable software provides the option to add powerful new capabilities via software alone — eliminating the need to purchase or add more equipment — saving money and reducing costly downtime as your application needs change.

It is important to note, CIP Security is another key component of successful IT-OT convergence. Methods like permit and deny listings via firewalls, along with detection tactics like deep packet inspection, are all vital components of network security that can be enlisted
in the switches that connect OT and IT networks. However, IT-centric approaches alone aren’t enough, as bad actors are constantly searching for OT network weaknesses, developing new malware, and finding success with ransomware attacks. For these reasons, a DiD approach that includes the EtherNet/IP device level must be a part of a comprehensive security plan.

The differing priorities between IT and OT regarding data confidentiality versus network uptime have become a moot point, as converging networks have proven that data must remain confidential — and the production line must continue running. Both EtherNet/IP and Profinet are key to connecting lower-level and upper-level networks, enabling you to stay competitive and ensuring the preservation of workers and assets alike.

Red Lion
www.redlion.net

---

Filed Under: DIGITAL TRANSFORMATION (DX), Trends
Tagged With: Red Lion
 

---