A Hardware Fix for the OT/IT Conflict

This solution to the OT/IT conflict involves a hardware translator rather than network connectivity.

The clash between the Operations Technology (OT) team and the IT team at industrial facilities is not trivial. The conflict is an issue of two legitimate missions. OT is tasked with keeping the operation running at all costs, while IT is tasked with keeping the network secure no matter what. That’s all fine until the two networks are connected.

Ellitek, OT, IT, industrial networks, hardware devices
Ellitek's Data Commander is a hadware device that connects OT to IT. Image courtesy of Ellitek.

The IT and OT folks are both hyper-diligent about the data integrity of their networks. Yet both disciplines manage security, change management, and their data types differently. Then, the expertise of one is in direct conflict with the expertise of the other. Both OT and IT share the same overall goals: to exchange data between PLCs on the OT side with the database servers on the IT side.

When IT wants to reboot all networked computers to update patches – a critical security function – OT cries foul. OT computers can’t be shut down for updates without shutting down the process. Thus the networking clash rages as both sides struggle for a software solution.

A Hardware Solution for a Hard Problem

Yet what if the solution isn’t in the software? What if the plant computers aren’t connected to the network? What if the necessary data exchange from the plant to the IT databases jumps through a hardware device in the MES?

The hardware company, ElliTek proposes a hardware fix for the OT/IT dilemma. “ElliTek is a machine builder. We discovered the most significant part of exchanging data between the plant and the business side was not the technical aspect of the communication, it was the OT/IT conflict. It is an organization issue, not a technical issue,” Keary Donovan, market development manager at ElliTek, told Design News. “Everybody thinks they already have the solution to the OT/IT issue. There are all kinds of middleware and OPC [open platform communications] solutions that say then can solve the conflict, but it doesn’t solve the issue.”

An Appliance Designed to Solve a Software Issue

Creating a network connection between the plant and business networks doesn’t solve the underlying conflict. “Vendors think they have this solved. If you go up to the IT guy, he knows how to connect,” said Donovan, who will present a session on the subject – Solving the OT-IT Conflict – on Tuesday, Feb. 6, 2018, at the Pacific Design and Manufacturing Show in Anaheim, Calif. “They say they can connect to anything. Except they can’t. Think of the process manager who is not a C-Sharp programmer. Or think of the PLC programmer who asks how to get data so he can read the KPIs. They can’t get it.”

Donovan suggests that the issue can be solved by not merging the plant and business networks. “We created an appliance that can solve these two missions without interfering with the other. We isolate those two rather than combining them,” said Donovan. “We’re a translator. We talk natively to the PLC and talk natively to the database. We’re not putting a PC on the plant network and having it talk to the business databases. That would require shutting down the process for a update. You don’t have any Windows updates affecting the machines if you’ve separated them.”

Hackers Can’t Break Through the Non-Connected Data Exchange

Donovan suggests that firmware can share data without connecting to a non-plant PC. “You have to design a firmware that can speak those languages. Let’s take Rockwell. You don’t need Rockwell control PLC logic on your computer to read the Rockwell PLC,” he said. “We read the PLC and map it to wherever you want to map it to. But we’re not running the Rockwell PLC on the PC. We’re using a telecommunications point-to-point. It’s simple, but not easy. We made a hardware device for the software solution everyone is looking for.”

 

 

One of the features of the translation solution is that intruders can’t make the jump. “Hacking in general is looking for a vulnerability. Say you find a vulnerability in IT, the hacker heads toward the data commander,” said Donovan. “They’re not looking for something that is in PLC language. We’re using two different ethernet cards. We’re not translating data like a router. We’re translating code, so the intruder dies in our box.”

 

Rob Spiegel has covered automation and control for 17 years, 15 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years, he was owner and publisher of the food magazine Chile Pepper.

 

Pacific Design and ManufacturingPacific Design & Manufacturing , North America’s premier conference that connects you with thousands of professionals across the advanced design & manufacturing spectrum, is back at the Anaheim Convention Center February 6-8, 2018! Over three days, uncover software innovation, hardware breakthroughs, fresh IoT trends, product demos and more that will change how you spend time and money on your next project.  CLICK HERE TO REGISTER TODAY!

 

Comments (0)

Please log in or to post comments.
  • Oldest First
  • Newest First
Loading Comments...