What Is Operational Technology, and Why Is It Important In Today’s Computing Environments

What is operational technology, and why is it important?

In today’s dynamic IT environments, operational technology plays a central role in monitoring, securing, and controlling business-critical processes.

In today’s hyperconnected world, it has become impossible for information technology to exist in a bubble. Defined perimeters and connections between systems are protected and monitored to uphold the highest possible integrity, security, and availability standards.

Until recently, operational technology was primarily considered a separate business domain from IT. OT concerns the computing and communications systems used to manage, monitor, and control physical operations. While the term itself is relatively new, the concept has existed for much longer than IT. By contrast, IT refers to the creation and flow of data in a digital environment rather than controlling and monitoring physical processes.

Today, operational technology systems play a central role in asset-intensive industries, such as manufacturing, agriculture, defense, healthcare, and critical infrastructure. From industrial control systems on the factory floor to connected healthcare environments, OT is now at the very heart of many business-critical operations.

Here are some examples of operational technology in connected high-asset environments:

• SCADA: Supervisory control and data acquisition systems often use web technologies to allow supervisors to exchange and access information and control critical processes from anywhere in the world. Other industrial control systems include programmable logic controllers (PLCs), remote terminal units (RTUs), and variable frequency drives (VFDs).

• IIoT: The Industrial Internet of Things is an umbrella term referring to the vast number of connected devices (or ‘things’) used in industrial environments. These include smart robotics, tracking and tracing systems, connected security systems, and data analytics platforms with sensors on shop floors.

• MES: Manufacturing execution systems are computerized platforms designed to track and document the transformation of raw materials and parts into finished products. A key component of lean manufacturing, these systems reduce waste and speed up cycle times by providing access to real-time data that drives more informed decision-making.

The convergence of operational and information technology

Historically, operational technology relied on mechanized processes. As early as the 1860s, factories were using punched cards to control textile looms. By the 50s, the first computer numerical control (CNC) systems entered widespread use to automate the control of machining tools. Now, in the era of cloud computing, edge computing, and IoT, machining tools and other systems are more likely to be controlled remotely via a wide-area network (WAN) or even over the public internet. In other words, modern OT systems are more like those used in IT, sharing many of the same operational processes and protocols.

Although many enterprises still use separate networks for IT and OT, the line between the two is starting to blur as we enter the fourth industrial revolution. After all, OT is often responsible for handling mission-critical information and access to high-value assets to the point they are becoming inextricably linked with IT. It places a burden on CIOs and anyone in the enterprise who uses OT systems.

The importance of operational technology security

Traditionally, OT systems were not connected to the internet, which meant they were less vulnerable to cyberthreats. Due to the rapid adoption of IoT products in many industry sectors is no longer the case. With so many things now connected to the internet, the attack surfaces have expanded exponentially, lending further opportunities to attackers seeking to compromise or control a more extensive range of systems.

Operational technology is an increasingly popular target for threat actors. For example, state-sponsored attackers often target connected industrial control systems in critical infrastructure. Cybercriminals may attempt to assume control over high-value assets in the hope of a ransom. Others may target data itself since OT systems often handle potentially sensitive data as well.

It might be an extreme scenario, but one can imagine the huge potential for catastrophe if, for example, an attacker were to assume control over the coolant pumps in a nuclear power plant and override safety controls. On the other hand, web-based OT offers the advantage of letting a legitimate party assume control without physically being there – which could be rather useful in the event of an imminent meltdown!

The problem with many existing OT systems is that they were not designed with cybersecurity in mind due to their air-gapped implementation. Instead, facility managers relied on physical security measures like emergency stop buttons and automatic fail safes. Modern OT platforms provide greater control and flexibility, but these come at an enormous price if OT security is not considered.

Perhaps the biggest challenge of all is the currently shocking state of IoT security. Even in the industrial sector, many connected devices lack adequate protections, and employees lack the knowledge to deploy and operate them safely. One of the most noted mistakes is failing to change default passwords on IoT devices, thus leaving them open to anyone.

Given that OT is responsible for processes that could result in loss of life if breached, effective security is not negotiable for these systems. After all, cybercriminals and state-sponsored threat actors are no longer only interested in stealing high-value data. They are also targeting infrastructure intending to cause widespread disruption and destruction. These facts alone are more than enough reason to incorporate continuous monitoring, visibility, and control into any OT environment.

Cybrary for Teams provides an easy and accessible way for organizations to keep employees up to speed with the latest standards in operational security. Create your account today to get started.