This is Operational Technology (OT)

January 12, 2022
Hanna Pikkusaari

OT or operational technology is often mentioned in contexts that refer to industrial environments, factories, and power plants. But what about the shells of the factories, the hospitals, or the server rooms of the most critical IT solutions? Their operations are all for sure secured by physical structures but the proper indoor air conditions, access control, and fire safety are ensured with operational technology. 


So, OT is everywhere - from Earth to Mars and beyond. OT is big and powerful - maybe bigger than IT itself. And as in factories, production lines, and power plants, “OT of the built environment equals systems and solutions, equipment, processes, and services used to run the built environment to function in accordance with the intended use. OT systems often use the same technological platforms, equipment, IoT, and network solutions as IT systems” even though they might physically look a bit different than laptops and servers. (Hanna Pikkusaari & Juha Viinikka)


Figure 1. In the image you can find a list of OT solutions of a building and some key background processes affecting on them. “OT of the built environment equals systems and solutions, equipment, processes, and services used to run the built environment to function in accordance with the intended use. OT systems often use the same technological platforms, equipment, IoT, and network solutions as IT systems.” (Pikkusaari & Viinikka) In OT environment there may be even critical and continuous technical and process dependencies between e.g. OT solutions and other solutions running and supporting services the building has to offer. In a smart building the solutions and systems may be split into two categories as follows: Smart building solutions are those who are running the invisible processes enabling good and safe indoor air, living and working conditions. Smart office solutions are those we face in our everyday life when spending time in a building and using the solutions to reach our own daily goals.

And how does OT differ from IT? Not much. But one particular feature is prioritization. In an IT environment it’s quite easy to prioritize the solutions by business requirements; by business criticality, customer satisfaction, reputation damage, maximum estimated loss etc. But in an OT environment (e.g. in buildings and in production lines) there is always life to be considered. One day the “life” is the CEO of the company with influential guests approaching the door that has to open at 9 PM sharp but the remote connection is down because of a network disconnection. IT’s major incident management (MIM) team does not consider this as a major incident worth escalating because the solution functions as it should during a network outage. At the same time the OT team knows that the door has to be opened unobtrusively and just in time. But just like a miracle, the network connections are restored and the remote control activated. Nobody notices the outage. Nobody knows the reason. (Btw, this is a true story.) 


But another day life is people running the wrong direction heading towards the fire or fish freezing to death in an aquarium when the heating is off and it’s minus degrees Celsius outside. One day the life is someone checking the server room when the carbon dioxide fire extinguisher is triggered by a reason or an accident. When the problem is minor, the priority is not high even though the process would not function at all at a certain time. But when the problem is major the priority exceeds all IT prioritization - it may be about life and death. This is why OT is very hard to prioritize and hard to understand for a straightforward MIM team. This is why OT needs its own trustworthy and strong leadership.

Figure 2. When designing an OT solution environment in accordance with the required guidelines, the end result can as described in the figure on the left hand side. Simple is beautiful and the solution may be as cybersafe as possible. But after the implementation phase, the end result may end up like in the figure on the right hand side because of the requirements coming from several depending processes and services and requirements of data sharing. This is a real example but a minor detail as a part of a whole OT environment of a smart building. (Pikkusaari & Viinikka)


Other differences are e.g. the way OT is organized. It actually may not have been organized at all. Why would someone use resources to build up an organization to be responsible for the technology that is just the minor (read: major), necessary, and annoying part of a construction project increasing complexity with the dependencies between IT, IoT, cloud solutions, outsourced teams, EU GDPR, non-European countries etc? Or why would someone be interested in that part of cybersecurity that is cut out (accidentally) from the IT cybersecurity team’s responsibilities but for that reason cause a threat to the entire business? 


So, there are some differences between IT and OT but the goals of OT should follow a company’s strategy towards a courageously set vision as IT does. The management and organization should follow the company values as IT does. And the success must be described and measurable as in any smartly set business case. 


This is OT. By popular demand.


Hanna Pikkusaari 

Smart Tech Advisor

Osaango

Read more about the topic

Discover our latest news & best practises.

Let's stay in touch!

We won't spam you - we'll send you relevant content maximum 1-2 times a month.