Differences of trust and security in IT and OT systems – and their interplay in IIoT
Hats off to the Industrial Internet Consortium (IIC), which continues to publish comprehensive and constructive guides on how to design, deploy, and manage digital change systems in highly individualistic ‘vertical’ sectors, as part of this broader Industrie 4.0 concept.
Its recent publication, Managing and Assessing Trustworthiness for IIoT in Practice, describes the intricate technical balance enterprises must strike between their information technology (IT) and operational technology (OT) systems to have ‘confidence’ in conjoined industrial IoT (IIoT) setups. The ‘office floor’ and ‘shop floor’ have to be reconciled, it says.
The white paper – by a network of IIC members, comprising at least Jim Morrish from Machina Research, Marcellus Buchheit from Wibu Systems, and Frederick Hirsch and Jacques Durand from Fujitsu – argues ‘confidence’ in IIoT hinges on the ‘trustworthiness’ of core IT and OT arrangements, and the “interactions and tradeoffs” between them.
This ‘trustworthiness’, it says, comes from assurance that five key aspects of these systems, translated and weighted differently for each, are under control. These aspects are: security of data and equipment, safety of people and assets, reliability of systems and operations, resilience of systems and operations, and the privacy of data.
These characteristics, as they apply variedly to underlying IT and OT systems, combine to determine the trustworthiness of overlying IIoT systems, which bring together computer equipment, industrial equipment, and people. In the end, their interplay will govern an enterprise’s resistence to cyber-attacks, environmental disturbances, human errors, and system faults.
Trustworthiness characteristics need to be tailored for the specific systems, technologies, hazards, threats, and consequences. Terms have different meanings, notes the IIC: security, reliability, and resilience are linked with services and systems in IT and equipment and operations in OT.
The interplay between these must also be understood, it says – suggesting, to illustrate, the impact of a fleet routing (IT) application on driver (OT) safety. The challenge comes, in part, because IT and OT systems are designed differently: IT is dynamic, where OT is deterministic; data rules in IT, where process rules in OT; confidentiality is the priority in IT, where control is the priority in OT.
These drivers spin these twin systems different ways, and the task to reconcile them requires real care, and special regard for their industrial context. There is no cookie-cutter approach. We should look, finally, at how these five crucial aspects are differently considered in IT and OT systems, and give final say to the IIC, which puts it best, and set it down in writing first. Here is its explanation:
“In most industrial sites, the first priority is safety: do not kill anyone, do not put public safety at risk, and do not cause environmental harm. The second priority is usually reliability of the physical process, rather than the control system: keep clean water running in the distributed system, keep gasoline coming out of the refinery and keep the lights on by providing power. A reliable and available control system is a means to a reliable physical process.
“Security in information technology is not the same as security in operational technology. Operators of control systems traditionally care about who has physical access to controls – who is turning the dials and throwing the switches – so physical equipment is operated safely and reliably. In this context, security, especially security that impacts safety and reliability, is more to do with controlling access to human-machine interfaces than data security.
“Several characteristics of trustworthiness, in particular reliability, safety and resilience will be driven primarily by OT concerns. Other trustworthiness characteristics such as security and reliability, apply to both OT and IT but with different emphasis. Privacy is an IT concern only about the information that is collected, stored and managed, but addressing privacy often causes changes that can affect the other characteristics.
“IT protection profiles and maturity models focus on security, privacy and reliability, while shop floor profiles depend on the vertical in question, but start with safety and extend to resilience, for example preventing damage of the system itself. Reliability is a concern reflected in both IT and OT affecting trustworthiness of the system and business value.”
Follow the link to read the IIC white paper, Managing and Assessing Trustworthiness for IIoT in Practice.