TechnologySeptember 20, 2024
IT-OT convergence leverages advanced technology solutions
Advanced technology is driving the latest solutions for IT-OT convergence. In this special report, industry leaders speak out about the impact of artificial intelligence, the move to software-based solutions, virtual controllers and the ongoing push for more efficient, interconnected and agile operations.
To tackle IT/OT convergence challenges, smart manufacturing companies are leveraging new technologies including use of Artificial Intelligence, software-based solutions and virtual controllers to achieve a blending of IT and OT systems that deliver more efficient, interconnected and agile operations.
In this special report, the Industrial Ethernet Book reached out to industry experts to gain their perspectives on how IT-OT convergence efforts are continuing to focus on enabling seamless data connectivity, interoperability and scalability.
Here is what they had to say about bridging the gap between IT and OT, and driving greater operational efficiency and security in today’s complex industrial environments.
Impact of Artificial Intelligence
Accelerating the cycles of innovation.
“Driven by faster innovation cycles, higher cost and quality pressures and facing a lack of talent combined with the sustainability challenge, companies need to be able to adapt their product development and manufacturing in a speed that only software is capable today. AI is shaping up to be a strong driver to bring this needed change also to the shopfloor,” Ronny Hendrych, Program Manager, Industrial Operations X at Siemens told IEB recently.
Hendrych said that, for that, the key technology trends in the IT-OT Convergence discussion include the increasing integration of cloud computing, simulation, Industrial Internet of Things (IIoT), and edge computing into industrial environments. These technologies enable real-time data collection, processing, and analysis directly at the production level (shopfloor), which significantly enhances decision-making and operational efficiency.
Another trend is the evolution of advanced Manufacturing Execution Systems (MES) and Manufacturing Operations Management (MOM) systems that bridge the gap between operational technology (OT) on the shopfloor and information technology (IT) systems, such as Enterprise Resource Planning (ERP). These trends are driving the need for seamless data connectivity, interoperability, and scalability across diverse industrial setups.
Technology solutions
Potential solutions to IT-OT Convergence include Industrial Edge computing, advanced SCADA (Supervisory Control and Data Acquisition) systems, and IIoT platforms. Especially Industrial Edge computing, for example, enables data to be processed and analyzed closer to the source (on the shopfloor), reducing latency and bandwidth issues, which are crucial for real-time applications. Advanced SCADA systems act as a data integration layer, harmonizing and contextualizing data from various OT sources before transmitting it to higher-level IT systems. IIoT platforms facilitate connectivity and data exchange across different systems and locations, enabling centralized monitoring, predictive maintenance, and optimization of production processes.
The importance of these technologies lies in their ability to break down data silos, improve real-time decision-making, and enhance overall operational efficiency. By implementing these technologies, industries can achieve higher levels of automation, reduce downtime, and meet regulatory requirements more effectively, ultimately leading to increased competitiveness and sustainability. To succeed, this has to become a culture of data-driven decision-making based on IT/OT integration. However, many IT/OT projects fail due to various inefficient IT/OT collaboration solutions. For this, these technologies have to be embedded in a systematic approach going from small use cases enrolling it to the whole organization at the speed of relevancy for those companies.
Technology benefits
“The specific technical benefits of these solutions include enhanced data transparency, improved scalability, and increased flexibility in industrial operations,” Hendrych said. “For example, Industrial Edge computing allows for localized data processing, which minimizes latency and ensures that critical operations can continue even if there is a disruption in cloud connectivity. This is particularly important for applications requiring real-time control and monitoring.”
SCADA systems with integrated Industrial Edge solutions provide seamless Southbound-Northbound communication, enabling a smooth flow of data between OT and IT systems. This ensures that data from sensors and controllers on the shopfloor is accurately captured, processed, and transmitted to enterprise-level systems for further analysis and decision-making. These technical benefits translate into tangible improvements in enterprise/automation integration, such as more efficient resource utilization, faster response times to production issues, and the ability to implement predictive maintenance strategies. This level of integration also supports the adoption of AI-driven applications, which can further optimize processes and reduce costs.
“To address the challenges of IT-OT integration, it’s essential to understand how these technologies work together,” Hendrych added. “For instance, an Industrial Edge solution typically involves the deployment of edge devices, such as industrial PCs or dedicated edge gateways, on the shopfloor. These devices collect data from sensors, PLCs (Programmable Logic Controllers), and other OT components. The data is then processed locally on the edge device, where it can be aggregated, filtered, and analyzed before being sent to IT systems or cloud platforms.”
A SCADA system or an HMI (Human-Machine Interface) system often acts as the intermediary, managing the flow of data between OT and IT systems. It provides a unified interface for operators to monitor and control industrial processes while ensuring that the data is formatted correctly and securely transmitted to higher-level systems. Data integration layers like the Siemens Industrial Edge Information Hub (IIH) further enhance this process by providing additional tools for data processing, visualization, and integration with cloud or IT systems. These technologies open new possibilities for addressing IT-OT integration challenges, such as ensuring data consistency, managing the increasing volume of data generated by modern industrial systems, and providing secure and scalable solutions that can grow with the needs of the business.
Looking ahead
Given the challenges of IT-OT Convergence from a technology perspective, Hendrych gave his opinion on the continuing importance and progress made on this issue.
“From a technology perspective, IT-OT Convergence remains critically important as industries increasingly seek to harness the full potential of digital transformation,” Hendrych said. “The progress made in this area is significant, with advancements in edge computing, cloud platforms, and advanced analytics paving the way for more integrated and intelligent manufacturing environments.”
He added, however, that the challenges are still substantial, particularly in terms of ensuring seamless interoperability between legacy OT systems and modern IT infrastructures, maintaining data security, and managing the complexity of these integrations. Despite these challenges, the ongoing development of flexible, scalable, and secure solutions demonstrates that the industry is moving in the right direction. The continuous innovation in this space is helping companies to not only meet current operational needs but also to position themselves for future growth and technological evolution. The importance of IT-OT Convergence will only increase as industries strive for greater efficiency, sustainability, and competitiveness. The progress made so far is encouraging, but ongoing efforts and collaborations between technology providers and industrial companies will be essential to fully realize the potential of this convergence.
“One aspect we need more focus on is the change on how collaboration between IT and OT personal can be improved and how IT working modes (e.g. DevOps and stronger use of simulation & test technologies) can be applied to fully benefit from those data driven paradigms in production,” Hendrych concluded.
Focus on scalability and flexibility
IT and OT stakeholders share data and insights more effectively.
According to Jessica Forguites, Technical Platform Lead at Rockwell Automation: “In the age of AI there are many technology trends shaping collaboration or convergence of IT and OT groups and the technologies they use. Common discussions with our customers include investment in software targeted toward specific outcomes, investment in infrastructure and networks to account for new requirements, and data streams associated with their company’s goals.”
Forguites said that potential solutions to IT/OT convergence include integrated network infrastructure, edge computing solutions, and software and services that support a unified framework in critical areas like security and data management. These solutions enhance scalability and flexibility, help ensure consistent regulatory compliance, improve collaboration among stakeholders, and accelerate data-driven decision-making.
“The technical benefits include enhanced reliability and uptime, improved data integrity and consistency, and optimized asset utilization, such as network resources, servers, and storage capacity,” Forguites said.
The technology operates by offering flexible segmentation options to manage data flows during system integration, ensuring scalable and manageable asset and data identification over time. It also enables IT and OT stakeholders to share data and insights effectively, avoiding multiple sources of truth, and supports operational continuity throughout ongoing system integrations.
“Businesses are increasingly reliant on data driven insight to achieve the outcomes they are looking for. This makes IT and OT convergence a necessity for organizations to remain competitive and secure, while managing long term total cost of ownership of their assets. The rapid progress of IT/OT convergence has laid a foundation for more efficient operations, improved resiliency, in addition to other digital transformation goals,” Forguites said.
Blending of IT and OT systems
More efficient, interconnected and agile operations.
According to Krishna Diwakar, Technical Marketing Engineer at Cisco, “Traditionally, IT and OT teams have operated in silos, but recognition of integrating these two domains are bringing them to work closer together and help the organization succeed. IT-OT convergence involves blending of IT systems which handle data management and business analytics with OT systems which manage and control physical processes and machineries in verticals such as manufacturing, utilities, transportation, etc.”
Diwakar stated that IT-OT convergence fosters more efficient, interconnected and agile operations driven by a series of technology trends:
- Industrial IoT developments: vast availability of smart sensors and connected industrial assets to collect real-time data for better monitoring and controlling the physical processes
- The need for large scale industrial networking: higher speed connectivity with low latency to support ever more advanced process automation powered by seamless and secure communication between the IT and OT systems to unlock the promises of industry 4.0
- The rise of AI & ML enabled software applications that need operational data to predict anomalies, optimize operations, and enhance decision making.
Unified cybersecurity across IT and OT to protect both operations and enterprise networks and ensure that any security breaches remain contained and not spread from one domain to the other - Increasing use for hosted applications in datacenters, private, and public clouds for scaling resources for data storage, analysis, as well facilitating automation across IT and OT systems.
Solutions to IT-OT convergence
“In the coming years manufacturers will continue to invest in smart network initiatives that provide higher performance, edge compute, easy installation, security, and troubleshooting capabilities,” Diwakar said. “The expectation from their networks will be such that it contributes to more cohesive, responsive and secure operational environment alongside increase productivity and helping them stay competitive in the marketplace.”
Therefore, the technologies that can help in IT-OT convergence are: (1) Standardized networking hardware and software across IT and OT, (2) A common network management platform, (3) Embedded security in network equipment, and (4) unified IT/OT security platform to detect faster and better orchestrate response.
Standard networking equipment across IT and OT can eliminate patchwork of networks that offer different capabilities and require multiple tools to manage and secure. A single management system for the standardized environment can automate networking tasks across the entire network increasing consistency and reducing OpEx. Embedded security in network equipment rather than point products, and common security operations streamline architectures and provide a more holistic view of threats across the organization for better correlation, detection, and response.
Diwakar said that solutions like the above help organizations bridge the gap between IT and OT, driving greater operational efficiency, security, and adaptability in today’s complex industrial environments.
Enterprise/automation integration
“When IT/OT collaborate, each team focus on their unique skill sets to define together the right strategies and the technologies supporting them. OT knows industrial automation. IT knows networking and security. This collaboration reduces the need for separate support teams and tools and in most cases prevents re-inventing the wheel,” Diwakar said. “OT teams can leverage the automation expertise from IT and avoid manual repetition of tasks with a huge reduction in errors enabling quicker time to market and adopt technological advancements with ease.”
For example, Cisco networking products for enterprise and operations, while purpose-built for their respective environments and use cases, share components from the same ASIC family and run the same operating system (IOS XE). Cisco industrial switches, routers, and wireless equipment are all managed by the same Catalyst Center that uses machine learning for predictive insights and automated troubleshooting, minimizing downtime not just for the enterprise but also for the OT networks in single management pane.
Diwakar said that a recent survey conducted by Cisco and detailed in 2024 State of Industrial Networking Report, shows the benefits that respondents recognize that closer alignment of IT and OT would yield as shown in the chart below.
He added that Cisco industrial switches and routers are the only industrial networking equipment on the market to offer OT visibility capabilities. The embedded Cyber Vision sensor inventories and profiles industrial assets and enables real-time monitoring of application flows, without the need for dedicated security appliances or SPAN networks. This comprehensive visibility into industrial networks provides the basis of automated network segmentation in OT as required by ISA/IEC 62443 standards and enables adopting a common zero-trust framework across IT and OT networks to control which device can access what.
Reporting events to a single SOC platform, such as Splunk, provides a comprehensive view of potential threats across IT and OT environments which allows detecting advanced threats faster and better coordinated response and mitigation efforts.
Addressing challenges
Diwakar said that commonality between the network devices used in both IT and OT, for instance the Cisco Industrial Ethernet switches, offer the ruggedization and compliance standards for industrial use, but run the same IOS XE software as Cisco Catalyst enterprise switches making it easier to use the common set of protocols like NETCONF, RESTCONF and programmable APIs to automate and gain insights into the OT network. This common functionality makes it easier for the organization since they could leverage the skills IT already possesses, and no time is needed for learning new skills or ramping-up.
Moving from unmanaged to managed switches in the OT deployments helps focus on features like VLANs to segment the network and QOS ensuring the traffic flow gets the best treatment they would require and conserving bandwidth. Effective bandwidth utilization facilitates the efficient network resource usage, reduce latency and achieve operational efficiency in Industrial settings.
Informed by the visibility that Cyber Vision provides Identity Services Engine (ISE), a network access control and policy enforcement engine, predominantly used in IT can now be used to automate and push security policies to the devices in the OT network in a consistent manner. It also simplifies the tools needed to secure and optimize OT operations.
Continuing importance and progress
“The convergence of IT and OT offers a powerful combination of benefits, including improved operations, better data analytics, and enhanced security. Cisco as the networking and security market leader is building OT products that are both enterprise-grade and industrial-strength. Using Cisco networking products, OT and IT teams can forge a better partnership as Cisco meets the needs of both,” Diwakar said.
He added that a unified view of both IT and OT cybersecurity threats is undoubtedly a huge win from a technology perspective. It offers unified threat management that allows for coordinated response and mitigation efforts, a shared perspective that allows building of consistent security policies, and reduced risk of blind spots by monitoring of both IT and OT environments.
“Looking beyond technology, a single vendor solution for IT and OT may also reduce overall licensing and support costs resulting in lower OpEx, provide a more predictable and manageable environment compared to multiple vendors, and help organizations create a networking and security blueprint that they can replicate across their operations,” Diwakar said.
“The convergence of IT and OT offers numerous benefits, including increased efficiency, improved security, enhanced reliability, and the ability to leverage digital technologies for innovation. As industries continue to evolve and become more technologically advanced, the trend towards IT and OT convergence is likely to accelerate.”
Moving to software solutions
OT becoming more closely connected to enterprise systems.
Dr. Lutz Jänicke, Corporate Product & Solution Security Officer, Phoenix Contact said that “generally driven by the ever-increasing performance of computing hardware, IT and OT are moving from specialized hardware to software implemented products. This is true, for example, in IT with virtualization and containerization or software defined networks. In OT, products like PLCs are moving from specialized runtimes to support standard programming languages. This also includes the usage of (IT) standard communication protocols instead of or in addition to specific OT protocols.
Jänicke said that OT devices and services are more closely connected to enterprise systems to support the management and monitoring of the systems and of course the production.
“An obvious technology trend is the implementation of artificial intelligence (machine learning). Impressing results can be seen in drafting and translating texts or in videos. As there is a strong dependency on material to learn from, application in the OT area might be challenging. Still, the processing of such data would be an IT-topic,” he added.
IT-OT convergence
Jänicke said that both IT and OT are moving towards IT technologies. Communication is based on IP and web services, for example, using REST interfaces. This allows for a seamless integration. Standardization is most important and is underlined by the role of OPC UA. Additional synergies might be found in the use of digital twin technologies improving the exchange of data.
Processing of data using cloud services and/or container technologies makes deployments more effective. Of course, this integration comes with additional security challenges due to increased connectivity.
“IT environments are becoming more and more service oriented,” Jänicke said. “By packaging operations into microservices functions become very modular and can be developed, deployed, and updated in small increments. Concepts like DevOps would not be thinkable without these environments. In addition, by using standard libraries and offerings available in many languages like Java, C#, … a new function can be built without digging into lower-level details.”
Jänicke said that the same is not fully applicable to lower-level automation systems. They still need to be developed to support real-time operations and the deployment needs to be stable. Using above mentioned technologies however allows to implement “glue logic” that is easier to interface to the enterprise systems. Virtual PLCs that will be a very visible move in the convergence have been discussed for quite some time and seem to become available now.
“The convergence is ongoing and will not stop,” Jänicke concluded. “It offers advantages in effectiveness and efficiency of OT operations.”
Impact of virtual controllers
Automation and control software that is fully independent of the hardware.
According to Steven Fales, Director of Marketing at ODVA, “virtual controllers are an emerging technology in Industrial Automation that are set to enable greater IT-OT convergence going forward.”
Fales said that what differentiates a virtual controller from a traditional controller is that the automation and control software is fully independent of the hardware. This is made possible by using standalone, executable packages of software that include the code, runtime, system tools, system libraries, and settings to run the desired applications.
This is like the way that cloud servers run software independently so that different servers can be used to scale up the possible number of connections or to switch over to a different server in case there is trouble with the existing hardware. Industrial personal computers (IPC) were the initial basis for decoupling the software from the hardware in industrial controllers since standard personal computers were used to run industrial software for control applications. This led to the development of soft controllers that were originally based on IPC hardware and are capable of both traditional control as well as gateway, human-machine interface (HMI), web server connectivity, and more.
Soft controllers then evolved into Programmable Automation Controllers (PACs) that combine the advantages of controllers and PCs. Virtual controllers are essentially PACs that run within a virtual machine managed by a real-time hypervisor or virtual machine monitor on a commercial-off-the-shelf (COTS) server. Virtual controllers, PACs, soft controllers, IPCs, and traditional PLCs can all run industrial Ethernet communication networks including EtherNet/IP.
Advantages of virtual controllers
The advantages of virtual controllers stem from the fact that they are not tied to the underlying hardware that the control software runs on and that they rely on internet connectivity. This enables virtual machines to keep operating in the case of a hardware failure by switching over to a different server. Additionally, applying software patches for security or stability upgrades has traditionally been very difficult to accomplish with traditional controllers that are spread throughout plants and not typically connected directly to the internet.
In contrast, virtual controllers can be updated much faster in comparison when a security vulnerability or operational improvement is identified. Further, the updates can be verified in a test environment before pushing the patch to production in the same way that traditional IT software updates are made. Another significant benefit of virtual controllers is that remote management will allow for a larger amount of data to be available for operations analysis and improvement as well as maintenance management.
Specific technical benefits
“Virtual controllers will allow for a much greater level of IT-OT convergence than previously possible by bringing the full advantages of containerized software to industrial control. The ability to manage thousands of virtual controllers in the same way that traditional PCs are by IT will provide much faster software bug fixes and a more complete picture of an organization’s operations,” Fales said. “Traditional PLCs are limited to running embedded firmware on specialized hardware that can make changes or data gathering more challenging. The use of virtual controllers could also open the development and maintenance of the programming language code to a much wider group of professionals from the IT world using more commonly used coding languages. While the development of specific control loop algorithms would be best left with experienced OT engineers there are other less critical tasks that can be done by software developers with a smaller amount of domain expertise. Additionally, the implementation of artificial intelligence would also be easier with virtual controllers given the ability to more easily update the software as changes are made.”
He added that the downside of virtual controllers is that there are serious concerns regarding security, safety, and real time capability. While the historical security by obscurity of traditional controllers has long since been rejected, there are definite reliability advantages to having a physically onsite controller that adheres to IEC/ISA 62433 security standards and has limited connectivity to the internet.
Additionally, the reliance on internet connections could lead to challenges keeping an operation running properly either because the machine would be constantly returning to a safe state or would simply shut down in the middle of a process in the case of an intermittent internet connection. Traditional PLCs that leverage embedded firmware and are located on machine offer a level of reliability that is critical to operations uptime.
Automation applications that can tolerate periods of unavailability are the initial target for virtual controllers. It remains to be seen whether traditional controllers will stay in their current form or if the advantages of virtual PLCs will start a shift toward decoupling hardware from software and adding more reliance on internet connectivity to all controllers.
Progress being made
Fales said that automation has made significant strides moving from pneumatic controls in the 1950s to PLCs in the 1970s and then from fieldbus to Industrial Ethernet and PLCs to PACs in the 2000s. Industrial Ethernet communication networks such as EtherNet/IP will remain relevant going forward due to their adherence to IEEE specifications, usage of TCP/IP, real time capabilities, media independence, and safety and security services.
“However, they will likely be running in new virtual controller and cloud environments in the future to take advantage of the lessons learned in IT of virtual patching and remote management,” Fales said. “IT and OT technologies have and will continue to converge toward each other slowly but surely enabling industry to smoothly transition to the full advantages of cloud computing, artificial intelligence, and the new technologies of tomorrow. As has been constant in industrial automation for decades though, the new will need to coexist with the old to keep the industries humming along that provide for our basic needs including water, food, and transportation.”