Advances in innovation have pushed operational technology (OT) to relinquish its dominance of system control and monitoring to strike a partnership with information technology (IT). This convergence has the capacity to raise the bar in maintaining the integrity and performance of utilities’ mission-critical infrastructures.
Historically, due to diverse technologies, platforms and communication standards, different OT systems could not interface, and standalone systems prevailed. However, owing to advancements in technology and an increasing adoption of similar hardware and software platforms and common communication standards, opportunities have been created for increased interfacing and data exchange between different OT systems, as well as between OT and IT systems.
IT and OT are converging to improve utility operations, so as to offer benefits such as improved productivity and security. OT refers to all the systems that control the infrastructure that is directly responsible for production (e.g. telemetry, telecontrol, teleprotection and telemetering); and IT refers to business support systems that provide intelligence and human productivity tools (e.g. enterprise management systems, e-mail, networked printing, and customer relationship management systems).
OT may be the backbone of utility companies, but IT is essential for all smart utility strategies – the systems and processes that drive increased intelligence and resilience are the realm of IT. The importance of OT is augmented as more OT machines and their components get connected as a result of the Internet of Things (IoT), thus blurring the gap between the management floor and factory floor by providing deep visibility of the factory floor to senior management in an instant.
However, before utility companies can fully capitalise on the opportunities brought on by IT/OT convergence, there are several OT challenges that could present a threat to operations, and would therefore need to be addressed. These include:
- In most utility companies, the accountability for OT has never been explicitly defined and one finds that there has not been a singular authority responsible for determining the strategic direction and architecture of OT systems. This has resulted in fragmented and discrete OT systems that cannot necessarily align to provide the data and information required by the business. Some companies have contracted services directly from third parties to augment their OT systems and to address operational challenges; and this happened because there was no OT governance framework to guide them.
- Business drivers, such as the need to optimise IT infrastructure and spending, together with a poor business understanding of the role and requirements of OT, may result in corporate strategies that force the convergence of IT and OT systems and platforms. Without clear guidelines governing OT and IT convergence, this convergence could compromise the integrity and reliability of OT systems.
- Some utilities have a challenge in that there has been no clear data management strategy that defines the master data systems. This raises concerns around who (i.e. IT or OT) owns the data and who is responsible for the data in terms of creating, reading, using and deleting data. And in some instances, one finds that there have also not been clear guidelines in terms of how, when and where operational information should be made available. This has resulted in operational data being managed in an ad hoc fashion, or in isolation from the rest of the business. Moreover, one finds that some of the critical operational data is hosted on third-party infrastructures outside the confines of the utility company’s environment.
- Traditional engineering has always focused on supervisory control and data acquisition (SCADA) over circuitswitched networking technologies. The global replacement of circuit-switched technology, in favour of packet-switched networking, has meant that the OT world now needs to concern itself with a new challenge called cybersecurity. Up until very recently, there was no explicit security policy specifically for OT, resulting in inadequate cyber security practices prevailing. This includes inherently insecure system architectures and designs, multiple access points, poor security and access administration on systems, etc.
- Responsibility for the specification of OT standards, the management of OT assets, and support for site operations and maintenance of OT systems resides with the company’s OT engineers. However, site implementations of OT systems have been fragmented across the different sites. This has led to different platforms and standards which hamper interoperability, as well as a duplication of processes (e.g. configuration management and software lifecycle management). The challenge is thus to create awareness by site personnel of the importance of OT governance.
- A converged IT/OT wide area network (WAN) demands access to fibre and radio spectrum to meet the stringent performance requirements of the OT network, in competition with IT bandwidth-hungry applications. IP network design architecture is therefore not solely the responsibility of the IT infrastructure teams, and should actually be governed by OT imperatives.
- Lastly, there is a need to both upskill and add sufficient resources for the standardised specification, design, implementation, operations and maintenance of OT systems. This means employing IT skilled resources in the OT environment, and vice versa. Alternatively, an IT and OT staff rotation strategy may be employed.
These challenges emphasise the need for an OT strategic framework that defines governing principles and accountabilities for OT, and provides a clear definition and management of OT/IT boundaries where common standards may exist to ensure the integrity of the utility’s operational systems.Framework for OT/IT convergence In order to leverage on the common elements in the OT and IT space, OT/ IT convergence is defined as:
- OT/IT cooperation to develop relevant common standards, such as IP address allocation,
- OT/IT cooperation to develop relevant common philosophies, such as information security and master data management,
- Clear definition of OT/IT interfaces, including the need (or rationale) for the interface and the documentation of the interface management requirements,
- Sharing of common infrastructure, such as fibre optic cables, microwave radio links, wireless access points (APs) and cellular Access Point Names (APNs), and
- Sharing of common tools, such as configuration management tools, while maintaining a suitable degree of separation of OT and IT systems, as required to meet their respective strategic objectives.
Governing principles for OT
OT systems are critical for running the plants. As such, in order to ensure adequate protection of the OT environment, the following governing principles may be prescribed:
- OT systems in general need to be fully functional 24 hours a day – 365 days a year to ensure the integrity and reliability of the utility’s plant, equipment and networks.
- OT equipment needs to be suitably designed for their typically harsh industrial operating environments, to ensure the required system performance, resilience and reliability.
- OT systems need to adhere to international and open communication standards to ensure interoperability between different OT systems.
- The interconnection and interfacing between the utility’s OT systems needs to adhere to an OT architecture that ensures reliable data exchange, security and extensibility to meet future analytics and business intelligence requirements.
- All OT data needs to be hosted inhouse within the utility environment.
- OT systems may share technology platforms with IT (e.g. Windows-based servers and bandwidth pipes), but should not share physical platforms such as computer hardware, routers and switches. This should be done to limit security and performance risks.
- A formalised asset management approach should be followed for OT systems to ensure lifecycle management of all hardware, software and firmware, as well as applicable licences. This includes record management of OT system configurations.
- Accountability for OT systems needs to be well defined in terms of design criteria, resource allocation, reliability, availability, environmental factors, openness, future design readiness, independence, management and ownership amongst others.
- A well-defined procurement strategy should be developed and adhered to for OT systems.
Interfaces of OT with IT
Growing business requirements for increased access to operational data drives the need to increase OT/IT interfaces and data exchange. These interfaces are facilitated by the increasing availability of international standards such as CIM, as well as communication standards and interfaces that are common. As such:
- OT systems should adhere to the IEC 61968 and IEC 61070 (CIM) set of standards to enable a common set of data models between OT and IT.
- OT systems should interface and exchange data with the corporate IT systems by means of an Enterprise Bus within a Demilitarised Security Zone (DMZ) or as dictated by the utility company’s OT Security standard. Direct connections between OT and IT systems should not be allowed. Refer to Figure 1. An “OT LAN” and “IT LAN” should demarcate the boundary between OT and IT. Refer to Figure 1.
- OT systems should be suitably firewalled from Corporate IT systems to prevent unauthorised access that could jeopardise operations. Refer to Figure 1.
- OT systems should utilise dedicated communication channels, switches and routers that are separate from IT systems, to ensure required levels of service quality and security.
- The systems to manage and ensure the on-going integrity of records for operational systems (documents, drawings, firmware or software settings, etc.) may be deemed IT. However, SCADA and PLC software version control and backup systems should continue to be the ambit of OT.
IT/OT convergence is a by-product of the drive towards becoming a smart utility of the future, and should be embraced. The utility company should develop and enforce a stringent IT/OT governance strategy.
Utility companies must ensure adequate cyber protection of the OT environment through stringent policies and strategies as prescribed herein as a minimum. There is a need for utilities to develop a mechanism to get OT data into the IT environment, and that does not allow bi-directional data transfers. Additionally, utilities should endeavour to host all critical data in-house. Utilities need to enforce standardisation of data content, so as to ensure interoperability and data integration between IT and OT. In terms of IT and OT personnel they should work more closely, either through staff rotation or employment of IT staff in OT and vice versa. Training programmes should be developed for both IT and OT staff, and this should include awareness training of senior management on IT/OT issues. Lastly, the migration to new technologies must be a slowly phased approach, so as to ensure that it does not negatively impact the core purpose of OT. ESI
- IEC 61070, “Common Information Model (CIM) set of standards to enable a common set of data models between OT and IT”. IEEE Power & Energy Society, accessed on: 01 October 2018 • IEC 61968, “Set of standards defining the Common Information Model (CIM) for Enterprise Integration”. Science Direct, accessed on 01 October
- National Institute of Standards and Technology (NIST): NERC CIP-002-3 to NERC CIP-009-3, “NERC CIP002-3 to NERC CIP-009-3”. North American Electric Reliability Association, accessed on 1 October 2018
About the author
Sarah Buthelezi holds BEng, MEng and MBA degrees. She is a registered Professional Engineer, and has over 10 years of experience shared within the power and water utility environments. She is currently a Member of Council for the South African Institute of Electrical Engineers (SAIEE) and the Engineering Council of South Africa (ECSA).