Until relatively recently, corporate information technology (IT) and operations technology (OT) departments operated independently of one another, typically with little to no contact. But now, as more businesses converge these two domains onto one shared Ethernet network, a determination must be made: Who is responsible for managing and maintaining the network?
Discussions around this determination are ongoing, but one thing both sides are beginning to agree on is that keeping IT and OT network ownership separate is inefficient at best—and a real problem as the industry increasingly becomes digitized and all data is aggregated for analysis and optimization. Both sides also tend to agree that simply turning OT networks over to IT, or IT networks over to OT would likely lead to less-than-optimum performance for one side or the other.
As a supplier of industrial signal transmission and data communication network products, Belden finds itself in the middle of this IT/OT minefield quite often. Based on their experience with both IT and OT networks, the company is suggesting a way for industry to move forward.
Their suggestion is the appointment of an Automation & Data Exchange (ADX) Engineer supported by an IT/OT Joint Task Force or Steering Committee.
“The key point is that there needs to be an individual capable of communicating with and relating to both departments and ensuring that they work synergistically rather than adversarially,” said Jeremy Friedmar, business and channel development manager at Belden. “This individual must also have an organization around him or her to ensure that the proper backing and resources are provided.”
Friedmar explained that the ADX engineer is a professional who understands the functions and priorities of both the IT and the OT worlds, with responsibilities including:
- Ensuring seamless communication among all network parts
- Implementing and maintaining appropriate controls to ensure data security
- Compiling the massive amounts of data generated from connected devices and making it usable for bottom-line decisions
- Maintaining maximum uptime on production lines, and
- Reducing required resources by centralizing functions through one control center
“It matters little what discipline the ADX Engineer comes from originally,” explained Friedmar, “But they need to be cross-trained in both OT and IT practices. This person could be a networking engineer who has spent time working or training on the plant floor learning about automation operations, needs, and challenges. Or they may be an automation engineer who has completed IT networking classes and earned certifications from educational organizations or vendors.”
He added that Belden has established a training program around this idea to help fill in the gaps for individuals of all backgrounds.
Appointing or hiring an ADX Engineer is not necessarily the first step to take, however. Friedmar noted that the ADX Engineer will need a full support team visibly behind them. A strong foundational step might see the C-Level head of IT (usually the chief information officer), as well as the C-Level head of OT (usually the Chief Operating Officer) join together and express their support for the addition of an ADX Engineer.
These leaders from IT and OT should drive the formation of a joint task force that meets regularly and includes key members from OT, IT and related disciplines, said Friedmar. He added that the National Institute of Standards and Technology (NIST) has even gone so far as to outline recommendations for the types of people who should be included in this group. The list includes:
- A member of the IT staff
- A control engineer
- A control system operator
- A network and system security expert
- A member of the management staff, or
- A member of the physical security department
The CIO, COO and steering committee members could be the ones to jointly interview candidates and select and hire the ADX Engineer, said Freidmar, to ensure optimum buy-in of key stakeholders right at the start.
Once the ADX Engineer and support team are in place, Friedmar said it would be best to start off slow, perhaps with a pilot program—such as updating the network or upgrading the cybersecurity framework at a smaller manufacturing facility—so that the impact of a change is minimal. "This way the team can learn to work together, improve their joint processes, and increase their odds of success at the next location,” said Friedmar.