The Importance of an IT/OT Assessment

Dec. 18, 2023
An IT/OT assessment is an inventory of all operations technology assets that are necessary for production. This assessment provides the foundation for ensuring your equipment is connected, secured, monitored, working efficiently and is running up-to-date firmware.

Because so much equipment on a production floor runs different types and versions of  software and firmware, it is common for engineering managers to lack a full understanding  of the state of the equipment currently in operation. They may have limited knowledge of  all devices' ages and stages in their lifecycle, the version of firmware being run and how to  connect the device to their larger network. 

Sometimes even the physical whereabouts of certain operations technology (OT) assets is  unclear. With this uncertainty, it is difficult to measure and suggest meaningful  improvements for overall production line efficiency. It is also challenging to determine  areas of high cybersecurity exposure and risk. As a result, capital planning becomes a  murky task, lacking the required data to make fully informed decisions on best areas of  investment.

To get a handle on this kind of disjointed environment, the first step to take is to complete a  full accounting of all equipment in operation using automated and onsite data collection  methods. This is referred to as an IT/OT assessment.  

Documenting assets In an IT/OT assessment, each piece of equipment is evaluated to obtain information such  as:

  • Firmware revision currently in operation. 
  • IP address. 
  • Network location. 
  • Communication across the network. 
  • Frequency of packet errors. 
  • General performance compared to expected performance. 

Once collected, this data can be used to make fully informed, rather than speculative  planning decisions. Recommendations can then be given for how best to move forward  with problem area remediation and, possibly, the need for new design work. 

Connected OT—rewards with risk

As obsolete equipment is replaced, OT network infrastructure and security becomes an  increasingly important design consideration. In the past, most plant equipment operated in  isolation to some degree. Modern equipment, however, comes with network connectivity,  allowing for remote communication and updates, as well as for real time data to be shared  elsewhere for analysis. These connected devices offer enormous potential benefits. They  gather operational data, giving insight into efficiency, which ultimately helps drive  decisions to improve profitability.  This default remote connectivity, though, also poses risk if not properly understood,  configured and managed.

As the demand for full connectivity increases, so does the need for a properly implemented  OT network to operate reliably and protect the equipment connected to it from  cybersecurity threats.  

As updates and upgrades to OT are considered and implemented, common questions and  concerns for the OT network that connects them are:

  • Should OT networks have internet access? 
  • Should maintenance technicians have access to email and web browsing while  connected to the OT network and able to access PLCs?
  • Should there be a shared password on an HMI for use by all technicians?
  • Should we have key batch systems in place?
  • How urgent is it that older devices be replaced? 
  • Should the IT network and OT network be physically separated, or just logically  separated via control access rules?
  • Should active directory domains be segmented, or can they be shared across IT and  OT networks?

Connectivity with security

When using connected OT equipment, it is important to have network visibility to all  devices in a properly secured manner. Visibility without securities can expand, rather than  reduce, problems due to increasing exposure and vulnerability to attacks.  An OT network should operate with a zero-trust approach, i.e., only allowing required  communication and blocking the rest. By segmenting traffic as much as possible, the risk of  a security breach propagating to multiple machines is reduced, if not eliminated entirely. 

However, to effectively design a zero-trust environment for OT, without risking disruption  to production processes, requires a full understanding of the equipment that must be  protected and how OT assets must communicate with one another. An IT/OT assessment  helps with this by telling you:

  • How each piece of equipment interacts on the network. 
  • Type of data (traffic) each one is sending and receiving. 
  • The firmware or software revision currently in use on each device. 

New cyber threats come out daily. As more OT equipment is connected, the requirement  for OT network monitoring software, that is alert to new threats and continually  monitoring network traffic, becomes more urgent and less optional. Furthermore, to  remain protected, connected equipment should be updated with new firmware revisions as  those updates become available. A robust OT network with monitoring capabilities can  handle security risks, all the while allowing vital data to be collected and stored for further  analysis and decision making. 

Benefits of a third-party assessment The task of implementing an OT network is frequently first given to the IT department.  However, IT and OT networks operate in different physical environments and carry their  own vulnerabilities and risks. Internal IT departments often quickly realize that they don’t  have the expertise needed for proper design and implementation of an OT network.

A third party with IT/OT expertise can be a key resource. They provide information about  how to best connect devices to an OT network, as well as areas of largest security exposure  and risk. A third party will provide unbiased information based on years of experience in  the field and up-to-date subject knowledge.

Overall equipment effectiveness (OEE), plant efficiency, data logging capabilities, predictive  maintenance and cybersecurity are the common goals of many production decision makers.  The first step to obtaining these goals is the OT assessment. Once complete, the assessment  serves as a guide towards the future. You don’t have to have all the answers before  obtaining an IT/OT assessment. It will serve as a guide to choosing the next steps forward.

Matt Smith works in information technologies at E Tech Group.  E Tech Group is a certified  member of the Control System Integrators Association (CSIA). For more information about E  Tech Group, visit its profile on the Industrial Automation Exchange.