Manufacturing has come a long way since the industrial age — and in today’s market, digital transformation is accelerating as a way for manufacturers to reduce risk, optimize spend and control costs at production facilities. As a result, operational technology (OT) and the IT assets that comprise it are proliferating at an unprecedented rate and the role of ITAM & IT Governance needs to expand into OT.
Not long ago, OT was treated as separate from IT within the corporate four walls, and as a result, IT Governance best practices were not typically applied. That didn’t matter so much in the past, because the systems were separate from corporate IT networks. Today, however, they’re connected to corporate networks and systems, and organizations who neglect to extend ITAM to include OT will soon find themselves vulnerable to risk and increased costs.
In the first two posts in this series, we explored the importance of ITAM as a crucial first step for IT Governance and examined how ITAM 2.0 can address the new security challenges of remote working in the Covid-19 era. Now, let’s take a look at why organizations must extend IT governance to encompass OT and the myriad IoT devices connected to it, to ensure security and control operational costs as Industry 4.0 takes hold.
IT and OT Converge on the Network
OT consists of hardware and software used to monitor and control physical equipment, machinery, and processes in manufacturing environments. OT is found in industries that manage critical infrastructure — water, energy, oil and gas — as well as manufacturing facilities for automobiles, defense equipment, construction, pharmaceutical goods and so on. Through automation and integration with other business-critical systems, OT provides tremendous efficiencies.
Historically, OT was isolated from corporate IT networks. For example, in a printing facility, specialized software would instruct machinery when to dispense ink, and when and how to cut paper or other materials, but the PC running the software would interact only with the machinery it controlled. This was the typical OT scenario, and as such, securing the OT environment revolved primarily around physical security concerns. Since the devices were operated manually or with proprietary electronic controls, they didn’t pose the same security risks as devices connected to the corporate IT network.
But that’s changing, noted Bert De Mol, VP Research & Innovation at Lansweeper. “The desire to cut costs and make operations more efficient led to the convergence of IT and OT. OT suppliers are now converging their systems onto connected IT platforms, to enable remote monitoring and management, reduce costs, improve vendor support, and streamline operations and management.”
The Challenges of IT/OT Convergence
Converging OT with IT introduces new challenges — specifically, the potential to create vulnerabilities that expose the enterprise to security threats. One common trend we see is outdated software that is used to control industrial systems. “A significant number of dedicated PCs in OT environments are running outdated Windows operating software, such as Windows XP,” said De Mol. “The OS is no longer supported by Microsoft and does not benefit from software patches and updates that could protect the network from new and emerging security threats. That is why it’s so important to have software like Lansweeper. You want to be able to properly identify and track these vulnerable devices so that potential risks can be identified and mitigated before they become a serious threat/problem.”