Information Technology (IT) generally refers to all things computing. Less familiar is Operational Technology (OT), the software and hardware used to monitor and control physical devices.
OT is typically found in industry and critical infrastructure, where electron systems operate equipment (such as sensors, valves or controls) in pipelines, refineries and nuclear power plants.
These Industrial Control Systems have been used for decades (and can trace their origins to the beginnings of computing and automation in the 1950s) in a wide range of sectors, such as energy, utilities, manufacturing, chemicals, transport and scientific research. They can collect data, control processes and machinery, as well as measure and manage environmental factors, like temperature, pressure etc.
OT is becoming more and more important with the march of Industry 4.0 and increased levels of automation in industry. Smart systems are being developed for power and utilities, transport and manufacturing that will see more and more industrial control systems and equipment connected to networks, including the cloud.
And with the Internet of Things (IoT), OT will increasingly move beyond the industrial environment, as more and more technology is used to monitor and control devices in other sectors, such as logistics, medicine, building management, telecommunications and entertainment.
However, OT and IT are quite different beasts, and are usually treated separately within organisations. But, according to Gartner, developments in IoT, smart systems, machine learning and automation will see IT and OT systems become more integrated.
But OT and IT systems currently have conflicting priorities. While IT services are primarily concerned with data protection and security, OT has so far prioritised accessibility over security. Many industrial control systems were not designed with security front of mind, but awareness of their vulnerabilities and the potential consequences of cyber attacks have been increasing.</p.>
One of the most high profile attacks using OT involved a steel mill in Germany, where hackers accessed the plants control systems, taking control of the blast furnace. Iranian hackers were also said to have taken control of flood gates at a US damn in 2013.
OT systems are also harder to protect than IT. Many are known to run on unsupported or unpatched operating systems. Such systems are also vulnerable to human error – hackers used targeted emails and social engineering to infiltrate the German steel mill systems.
As cyber criminals and other protagonists increasingly look to target industrial systems, the security of OT is set to become as important as it is in IT.