12 PERSPECTIVES AW SEPTEMBER 2021
Managing Operations Technology with IT By David Greenfield
Editor-In-Chief/Director of Content
I
t’s no secret that the worlds of OT (operations technology) and IT (information technology) are becoming ever closer. The growing connection of plant floor devices to enterprise networks for Industry 4.0 and Internet of Things initiatives is driving this convergence of OT and IT. That’s why these two technology groups cannot remain isolated from each other in a world that increasingly requires operations visibility across supply chains for manufacturers to stay competitive. To better understand how IT and OT are merging, and the kinds of technologies enabling this, we connected with James Destro of ServiceNow, a supplier of digital workflow software to connect people, functions and systems across organizations, and Carey Blunt of Fujitsu, one of the world’s largest IT services providers, for a recent episode of the “Automation World Gets Your Questions Answered” podcast series (awgo.to/1246). Beginning with an exploration of how OT devices can be discovered, secured, and managed with the same kinds of tools used by IT, we focused on the core plant floor issues of asset management and security to understand why it benefits a manufacturer or processing company to secure and manage operations technology in a similar fashion to IT. “Companies are starting to look at how they can have a proactive stance toward plant floor technologies that typically have been air gapped or disconnected from the enterprise network,” said Destro. To effectively manage this connection, companies are “looking for a better way to find and understand the current topology of OT systems on their network and be able to manage them proactively to respond to vulnerabilities and security incidents. IT tools have a long-standing framework of doing just that for cloud systems and servers in data centers, as well as laptops and distributed devices. This leveraging of IT best practices on the OT side promises a lot of strength and value for industry.” Explaining how this process of connecting IT and OT can best be started, Blunt said, “When you're trying to get standardization between your IT and your OT teams, you’re
2109_Perspectives.indd 12
Getty Images
really focusing on getting your processes, your people, and your technology working in the same way. Most of our customers approach this by focusing on the technology and process parts first—integrating a little bit at the network level to find out what assets exist on the OT network, linking those assets in the same place, and keeping them there.” As you discover assets on the network, store them in a database, and map their relationships, you need a tool that can help with your security responses and with predictive and proactive maintenance for those assets. “When you’re pulling these data points into your IT structure, that's where workflow technologies like those offered by ServiceNow are important,” said Blunt, “because they've got the CMDB (configuration management database) and the capability to exercise the workflow for both the IT and OT worlds.”
Relationship mapping
In both IT and OT, relationship mapping is considered one of the fundamental pillars to understanding how IT and OT systems can be impacted by network changes, incidents, or a vulnerability in any of these systems. “Relationship mapping happens across two different vectors,” explained Destro. “The first vector involves understanding the data and communication relationships of the actual OT system. This could mean an HMI (human machine interface) managing a SCADA (supervisory control and data ac-
quisition) system or a SCADA system controlling a PLC (programmable logic controller) or exchanging data with a historian. The second type of relationship mapping is understanding the context of the operational technology as it's used for manufacturing. This means that we not only need to understand if we’re dealing with a SCADA system, a PLC, an HMI, or historian, but also automating the process of how we interact with these technologies in the manufacturing facility. This provides an overarching context—what we call a manufacturing system dependency—so that whenever we're changing configurations, doing configuration compliance, change management, or incident management, we can understand the potential impacts of these actions on other operational technologies, as well as what the potential impacts could be to the actual production process.” Beyond asset management, Destro noted that relationship mapping is also an important aspect of cybersecurity. “Relationship mapping is critical to cybersecurity, especially around vulnerability response, incident response, and understanding how things are connected to the network, what relationships they should have by default, and what relationships might be established if an incident occurs,” he said. “This knowledge helps identify what systems may need to be taken offline when applying a patch, for example.”
8/27/21 9:39 AM
