After digitization initially affected business operations and processes (including sales and marketing activities, higher-level planning processes and information systems for corporate management) in many companies and, as of today, is in use across all industries, the comprehensive digitization of production processes often lags behind.
The concepts of Industry 4.0, which have been propagated for more than ten years, and the improvements expected from them by making production processes more flexible and identifying optimization potential are not disputed. However, even today, the necessary prerequisites are often only partially implemented or limited to certain process stages.
The reasons for this are manifold:
Production processes and the associated machinery and equipment usually have very long useful lives – especially compared to IT hardware. As a result, manufacturing companies generally have plant technology and machines of very different ages and, as far as the possibilities for digitization are concerned, very heterogeneous technical framework conditions. In such a production environment, often referred to as a “brownfield,” it is quite common for process steps to be carried out in part on equipment that was already purchased when even PLC controls were not very widespread, while the next process step, on the other hand, runs on equipment that is fully digitized, at least from the perspective of the equipment supplier.
As a result, the operator thus has, in the best case, a production landscape consisting of “digital islands”. The flow of information then already takes place at a higher level in production data acquisition systems (PDA), manufacturing execution systems (MES), and ultimately in the ERP (enterprise resource planning) located in IT. As a consequence, however, the digital information situation is then often limited to the lowest common denominator, in the case of an individual machine, for example, limited to the general status information (“in operation”, “in malfunction”, “in conversion” or “maintenance”).
There are also several reasons for this, such as the advantage still favored by many machine suppliers of a de facto “vendor lock-in” by supplying their “own” digitization platform, which is intended to strengthen customer loyalty, but which finds its limits in inter-process communication at the latest at the next process step from another supplier.
Another cause is the number of physical interfaces and communication protocols in use in production environments, which has grown over the years and is now very extensive. Oliver Schoneck, for example, described the complexity and differences from classic IT in great detail in the article “Why OT security is different” (white paper “Security in IT and OT”).
The attempt to create a standardized data situation on the OT side from this alone presents many companies with considerable challenges, where a comprehensive solution fails either because of the technological skills and knowledge or simply because of the investments required for this.
Thus, in a large number of companies, one finds the aforementioned information islands, which offer a digital copy of the respective machine or, at best, of the process section, but miss the idea of a holistic digital twin of production (and thus ultimately of the product) because the holistic data situation necessary for this is not available.
Regardless of the scope of the data, the data must be passed on to the corporate management system in order to be used, since only then can the potential benefits be exploited, e.g., through integration into higher-level planning.
This connection should be as close-meshed as possible, on the one hand, to deliver requirements from the company’s point of view to production and, in the return channel, to report back corresponding status information. It is only through the resulting closed information flow that active control and optimization of processes becomes possible. This close meshing is also referred to as the “convergence of OT and IT”.
Convergence vs. security
In the context of increasingly aggressive cyberattacks, the IT departments of companies in particular and, on a higher level, the management as well, have a duty to continuously strengthen the security of internal information systems and thus avert the company both financial damage (e.g., in the form of ransomware attacks), loss of reputation and, of course, personal injury and property damage due to the destruction or manipulation of system technology. However, the defense measures of classic IT are not congruent with the digitization solutions used in production (“Operations Technology”, OT).
There are already differences in the time horizons: while in IT, software and hardware components (e.g., for operating systems, ERP, and computer architecture) are replaced in periods of <= 5 years, production equipment is acquired to be used productively for periods of more than 10 years or even 30 years.
The digital technology used in production equipment becomes obsolete correspondingly faster than the actual process: the person responsible for implementation is faced with the dilemma that, for example, operating systems of the respective machine controls or other components become outdated and thus a permanent connection to the IT infrastructure offers increasing risks.
A good example of this are machines that were purchased more than 10 years ago and whose control systems are therefore still based on Windows XP, Windows 95 or similarly old Linux operating systems that, due to security vulnerabilities that have since been discovered (e.g. the SMBv1 protocol used on old Windows systems), would create significant security gaps if integrated into the company IT.
The reflexive countermeasure of those responsible for IT in terms of the best possible protection is therefore the consistent isolation of OT from IT, i.e. diametrically opposed to the idea of convergence.
Segregation Promotes the Emergence of “shadow It
The decision to decouple IT and OT, made with the best of intentions, and the simultaneous pressure of expectations to create a higher degree of digitization in the company, in turn leads to stylistic blossoms that manifest themselves in the creation of a “shadow IT”, in which, initially often thought of as a “work around”, “digital bypasses” are laid to the actually separated area of the production systems. There are often hardly any limits to the creativity of those involved, and measures range from USB sticks and mobile hard drives carried by the company, on which machine data is transported manually between production and the IT systems in the offices, to separate infrastructures such as the creation of radio links between OT and IT, with which the previously existing “digital moat”, which was actually created for good reason, is bridged.
Just as often, maintenance access points, which can now be found on almost all newer machines in the form of VPN gateways for direct access to machines or production sections that are actually intended for maintenance purposes, are used for permanent data connections. It should be noted here that many machine manufacturers themselves also offer this supposedly secure connection as their digitization solution.
It is often overlooked that a supposedly securely encrypted VPN tunnel can of course also be hijacked for unauthorized access to the opposite terminal in the event of access to one terminal, which then makes the machine behind it completely vulnerable.
Many measures that represent tried-and-tested procedures in IT are not suitable, or only suitable to a limited extent, for danger prevention when transferred to the production area. The often practiced segmentation of networks can easily be circumvented by hijacking an intelligent router, firewalls, which are supposed to prevent classic IT attacks, offer only limited advantages in OT or even make connectivity between production sections difficult or impossible. In addition, communication paths in production (interfaces as well as protocols) differ significantly from the technologies commonly used in IT (usually TCP/IP connections) and are characterized by specific properties that are critical for smooth operation, such as real-time capabilities, which are generally not a priority in IT (e.g. Profinet with almost the same physical properties as the Ethernet connections used in IT, but quite different protocols and characteristics).
With the increasing use of decentralized sensors and actuators due to the growing use of IoT (often referred to as “IIoT – industrial Internet of things” in the production environment), this complexity increases further.
It/ot Convergence Is Necessary
Despite all the challenges, the advantages of increasing convergence speak for themselves. Marc Wennmann, Partner Technology Consulting at EY, for example, sees this as a necessary prerequisite for achieving the “Data Driven Enterprise” and the “Data Driven Business Models” (cf. Wennmann, Marc et al; May 2021; “Why IT and OT should merge in companies”). At the same time, he also confirms the challenges that this increasing convergence poses to an organization: By eliminating the often historically grown boundaries between information technology and operational technology, affected companies are forced to strengthen the collaboration between these formerly separate areas. In addition to the associated technological challenges, this particularly affects the organization with all organizational units as well as the necessary change in corporate culture. If the necessary cultural change is not implemented or not fully implemented, the “shadow IT” structures already described as examples will arise.
To avoid these inefficient and potentially insecure structures, an open exchange between all areas affected by the implementation is necessary. At the same time, technological solutions and concepts are required that reduce the complexity caused by the connection between IT and OT as far as possible, e.g., by creating data lakes that are as holistic as possible at the point of origin in OT and making them available to IT. The pre-processing capability required for this is achieved, for example, through the use of edge computing capabilities. In turn, this requires that complexity is not increased further, but rather reduced.
Complexity Reduction Through Data-Centric Convergence
Since the convergence of OT and IT focuses in particular on the convergence of information flows, consideration should be given to the extent to which protocol-based connections can be dispensed with by merely exchanging data layers between OT and IT. If this idea is taken further, return channels from IT to OT can also be reduced to data points, e.g., for concrete process control.
By dispensing with direct connections, cyberattacks are made more difficult on the one hand, and on the other hand the OT behind the IT (i.e., the details of a production, which often reflect specific know-how of the individual companies) is additionally obscured by this measure.
This idea of data-level connectivity is increasingly gaining acceptance in the industry. For example, Namur’s NOA concept assumes data-centric connectivity models via so-called “data diodes” (cf. Waldeck, Boris; Glas, Thilo; “Implementation of the NOA concept”). In this context, the company Arendar IT-Security GmbH speaks of the concept of “data projection” (cf. Figs. 1 and 2), in which data points are extracted from a wide variety of data streams at the boundary between OT and IT and are combined and forwarded again at will by “projection” onto another, physically separate data stream. At the implementation boundary in the form of an edge device, the aforementioned holistic “data lake” is already created, in which data from a wide variety of sources is combined in a temporal context.
While increasing convergence of OT and IT enables holistic data layers and delivers on the original promise of Industrie 4.0, new technologies can further strengthen the usability of this data. For example, securing data through Industrial Blockchain processes already allows for further possibilities such as the overarching exchange of data between economic partners during collection or on the “data lakes”. Partial sections of a holistic data situation could then be shared without having to fully disclose internal information layers on the one hand, and on the other hand with the certainty for the recipient that this partial view has not been compromised or intentionally changed.