Linking OT and IT
As we look to the next decade of evolution, more changes will be led by technology-driven innovation beyond the traditional corporate network and into operational technology environments.
More connected devices will need to communicate with each other, more data will need to be managed, but severe limitations exist to both business innovation and security. Technical debt and legacy structures are the cause, and underinvestment and internal misalignment will impact business innovation and security.
Until recently, the vast majority of technology systems that we interact with in the physical world, known as operational technology (OT), are system-engineered. This means that hardware and software have been brought together to deliver some sort of function. These systems can be found in our cars, offices, homes, streets, cities and even the skies, and tend to revolve around making our lives more convenient, comfortable, enjoyable and safe – they have tended to be hermetic. The explosion of smart technology has transformed standalone systems with closely coupled hardware and software, to nodes connected to global data networks in real time. The world is becoming more connected, with more devices in the physical world becoming ‘smart’ and ever more value to be had from integrating them to our lives and information systems.
There is real benefit, but with it comes risk from adversaries. It’s becoming ever more apparent that security and supportability of these devices in the physical world has become crucially important.
This is an issue which the information technology (IT) world has grappled with for much longer than any other engineering-enabled business process. Experts in this space understand that software moves much faster than hardware, both to increase features and resolve latent defects. This is especially the case when it comes to new technology in the security domain, where previously unidentified vulnerabilities haven’t been found until the system is in the field and connected to networks that enable worldwide targeting.
While systems are made smarter and connected to deliver benefits, without the ability to maintain, upgrade, support and secure on an enduring basis, they risk becoming a liability rather than as asset. It’s all too easy for organisations to find themselves with OT systems converged into their estate, with neither the IT organisation having the ability to support and manage, nor the OT providers fully appreciating the new risks.
One example of this was the WannaCry outbreak in 2017 which cost the NHS up to £100 million and led to the cancellation of 19,000 appointments. The vast array of often old and unpatched, yet network-connected and integrated, OT systems magnified the impact that the cyber attack had on sectors such as healthcare. This highly connected but unsecured legacy technology is a glimpse of both the risks and the benefits of smart tech.
This collision of the OT and IT worlds was inevitable, given our insatiable demand for live data, making quicker and better decisions through richer information and intelligence, improving the technology around us, and ultimately the enjoyment and safety of our world.
From experience, the answer to delivering this without the associated risk lies in exploiting the best of the IT and OT worlds, and in turn the systems engineering, IT processes, skills, tools and capabilities that support them.
Neither the IT or engineering organisations within a business has all of the answers, but carefully bringing the two traditionally siloed groups, organisations and teams together, breaking down the barriers and navigating a converged path that exploits the best of both approaches enables organisations to innovate faster, more reliably, in safer fashion and with effective security.
As we have seen from disrupters in many industries, new organisations do this from the outset, but this is not something that cannot be delivered in big, heritage organisations overnight – though it must be a goal. Organisations must break free from technical debt and organisational constraints that limit business innovation and do not provide sophisticated protection from adversaries. Firms must modernise their foundational technology – by eliminating the legacy systems, moving to the cloud, or enabling micro-services — but also address operational and cultural heritage driven by customisation. We need the focus, leadership and partnerships that recognise this convergence and can navigate the path that takes the best of both worlds.
Simon Daykin, Chief Technology Officer, Leidos UK