Why, finally, all eyes are on OT [Q&A]

Operational technology and IT have historically tended to follow separate paths. But in recent times the spread of Internet of Things devices has seen the two moving closer together.

We spoke to David Montoya, Paessler global business development manager OT/IoT, to discuss how the OT landscape has evolved and why businesses need to be on top of the change.

BN: What has fundamentally changed in the OT landscape that’s forcing executives to finally pay attention to operational technology?

DM: There are a few things happening at the same time in this space, and executives don’t really have much of a choice but to take notice. To name a few:

• Industry 4.0: An increasing number of companies are implementing Industry 4.0 and therefore adopting robotization, automation, big data, industrial IoT, machine learning (ML), and more. This is leading to more convergence, more often across more sectors.
• Big data: As companies embrace data-driven decision-making, increased volumes of information flow through OT to repositories, databases, data lakes, data warehouses, and ML and AI engines. This provides additional visibility for possible efficiencies, predictive maintenance, cost reduction, and capacity planning. As a result, OT isn’t only sharing field device communications but bigger data streams, warranting careful assessments to ensure the reliability of networks for these new purposes.
• ML and AI: Data now flows from the factory floor all the way up to the cloud to feed an AI or ML algorithm. The connection and intersection of these two worlds necessitate a thorough review of cybersecurity processes, vulnerability detection, OT network documentation, and ongoing monitoring to ensure all systems function seamlessly and prevent backdoors.
• Modernization: Most industrial devices were never intended for constant connection and cloud communication. Controllers and other field devices therefore require added resources and computing power, which can involve replacing them with next-generation equipment. This represents a paradigm shift for industrial communication as previous protocols were developed to be deterministic, fast and flexible -- traffic security, conversely, wasn’t much of a priority since OT networks were historically airgapped. Newer protocols, such as OPC UA, MQTT with TLS, DDS, and revamped versions like Secure Modbus, include encryption, authentication, and other security features that increasingly rely on IT security mechanisms. My colleague Daniel Sukowski accurately states that security begins with transparency, which starts with monitoring and understanding our current position. This equipment and protocol evolution again crosses traditional boundaries between IT and OT, and demands attention because the financial stakes of this convergence -- from cyber threats to operational downtime -- are simply too high to ignore.

BN: What about the convergence of IT and OT -- why is this happening and why is it essential to get right?

DM: As mentioned, IT and OT are closer than ever before and the ‘why’ is multifaceted -- it largely comes down to Industry 4.0 implementations, increased data flows for AI and ML, and the need to modernize legacy equipment that was never designed for connectivity.

Industry 4.0 projects that don’t involve IT and OT from the outset often result in flawed deployments that jeopardize the initiative’s success or make it far more expensive than planned.

Flawed deployment can impact multiple areas. From a cybersecurity perspective, failing to consider OT means security policies can delay or disrupt real-time industrial processes. On the other end of the spectrum, if IT perspectives aren’t considered and OT networks are suddenly exposed to the IT world, security breaches can cause attacks costing millions of dollars – we’re seeing ransomware attacks up 50 percent in industrial sectors precisely because of these gaps.

Then there’s integration complexity. Without proper mapping of communication protocols, data won’t flow smoothly across OT and IT networks, resulting in hours of post-mortem reengineering to fix issues -- again making projects more expensive. Other problems include data governance challenges, compliance issues, and cultural resistance across departments.

We also know that IT and OT have fundamentally different performance expectations. While latencies of a couple of seconds on the IT side are still acceptable to users, latencies of more than 50 milliseconds on the OT side can trigger safety locks to protect people from injuries or machines from damage. Clearly, there needs to be alignment on expectations and how to deliver them from day one.

BN: You mention that OT’s ‘set and forget’ era is over. What’s driving this shift from legacy operational approaches to active monitoring?

DM: Yes, OT devices are now always on and always connected, a big shift from years gone by. Admins can no longer be complacent and need to update their monitoring and management style with this reality.

Edge computing is a major driver here given the need to support much larger data flows in OT networks. Edge computing processes data closer to where it’s generated, meaning that a PLC, industrial gateway, or IoT appliance might now be expected to process data on-site -- either partially or fully -- before sending summaries to the cloud.

This fundamentally changes what we’re asking these devices to do. Suddenly, you need to track available CPU, memory, and network resources on devices that were previously just controllers. Moving from only supervising operational metrics to constantly overseeing performance and status represents an IT-oriented approach that requires active monitoring to ensure continuity.

BN: What does unplanned downtime actually cost organizations today, and how has this financial reality elevated OT monitoring from afterthought to boardroom priority?

DM: It’s an incredibly expensive and widespread problem. Fortune Global 500 companies lose approximately €1.5 trillion ($1.72 trillion) each year, or 11 percent of their annual revenue, to unplanned production pauses. Additionally, because uptime is vital to the bottom line, hackers are more active in trying to hold production for ransom. Backdoors and blind spots between IT and OT are among the most common methods bad actors use to infect networks.

It’s this combination of massive downtime costs and surging cyber threats that’s finally forcing executives to act. As you recently reported, we’re witnessing (at long last) OT security become a boardroom priority. More than half of organizations now report that the CISO/CSO is responsible for OT, up from just 16 percent in 2022. This evolution is long overdue and reflects how critical it is to get security and production monitoring right.

BN: How are you seeing organizations mature their OT oversight -- what does the evolution from basic protection to sophisticated monitoring look like in practice?

DM: Our experience is that teams, top to bottom, are moving toward more comprehensive OT management. In July, we surveyed our customers and found that two-thirds have alarm/notification-based monitoring of their ecosystems. This is a good start on the path toward integrated, intelligent, and predictive monitoring, and many of these customers are still striving to improve their oversight.

I’m heartened to see IT professionals collaborating more often with production and controls engineers to understand OT network designs and connected equipment. Basic documentation is typically their biggest challenge since many OT networks have evolved organically over decades with minimal formal records, so creating that foundation becomes a joint effort.

Then, teams usually recognize that cybersecurity needs to oversee both worlds to secure them effectively. The main hurdle is bridging the gap between different needs and communication protocols, which makes it tough to achieve a single pane of glass, though unifying platforms like PRTG help to translate between the two.

The highest level of maturity is when companies establish dedicated OT networking engineering teams. These professionals not only operate and monitor but also strategize industrial operations from a networking perspective. They bring IT backgrounds but understand the deterministic network requirements of industrial automation while keeping cybersecurity top of mind. They become catalysts for successful implementation of Industry 4.0, bridging IT/OT gaps once and for all.

Image credit: Gorodenkoff/depositphotos.com