ID: I202602091705
Status: idea
Tags: Information Technology, Operational Technology
IT vs OT
IT vs OT is about understanding the difference between Information Technology and Operational Technology.
| Dimension | Information Technology (IT) | Operational Technology (OT) |
|---|---|---|
| Primary focus | Data processing, storage, exchange, business applications | Monitoring and controlling physical processes, machines, and environments |
| Typical environment | Offices, data centers, cloud, enterprise networks | Factories, plants, utilities, transportation, critical infrastructure |
| Key assets | Data, applications, endpoints, servers, networks | Physical equipment, production lines, sensors, PLCs, SCADA, ICS |
| Success metric | Confidentiality, integrity, availability (CIA), user productivity, cost efficiency | Safety, reliability, availability (SRA), uptime, quality, throughput |
| Downtime tolerance | Moderate; maintenance windows often acceptable | Very low; unplanned downtime is costly and can be hazardous |
| Change cadence | Faster: frequent patches, updates, agile releases | Slower: strict change control, long validation cycles, scheduled turnarounds |
| System lifespan | Short to medium (3–7 years typical) | Long (10–30+ years), legacy and vendor-locked systems common |
| Network design | IT protocols (TCP/IP, HTTP/S, DNS), routable, internet-facing | Industrial protocols (Modbus, Profinet, EtherNet/IP, DNP3), often segmented and deterministic |
| Security priority | Protect data (CIA triad) and user access | Protect people, equipment, environment; prioritize availability and safety |
| Patch management | Regular patching, centralized management | Patching constrained by uptime and certification; compensating controls common |
| Authentication & access | Directory services (AD/IdP), role-based access, MFA widely used | Often local accounts, role/least-privilege; MFA adoption growing but variable |
| Monitoring & logging | SIEM, EDR/XDR, NDR, compliance-driven logging | OT-aware monitoring, anomaly detection for process variables, historian data |
| Safety & compliance | Data privacy, SOX, ISO 27001, PCI DSS, HIPAA, etc. | Functional safety, IEC 62443, NERC CIP, ISA/IEC standards, industry regs |
| Vendors & tooling | Enterprise IT vendors, SaaS, cloud hyperscalers | Industrial automation vendors (Siemens, Rockwell, Schneider), SCADA/ICS |
| Typical threats | Phishing, ransomware, data exfiltration, insider threats | Process disruption, physical damage, safety incidents, ransomware pivot to ICS |
| Response approach | Contain, eradicate, recover; restore from backups | Maintain safe state first, fail-safe/ fail-operational, coordinated with engineering |
| Connectivity | Internet-first, remote work, SD-WAN/SASE | Historically air-gapped; now increasingly connected for analytics/maintenance |
| Governance & teams | CIO/CTO-led, ITIL/DevOps/SecOps | OT engineering, plant operations, safety officers; procedures tied to production |
| Testing & validation | Staging/UAT common; rollbacks feasible | Extensive validation, simulation, offline testing; rollback may require shutdown |
| Convergence trend | Using OT data for BI/AI, unified SOCs, zero trust | Remote monitoring, predictive maintenance, secure gateways, DMZs |
Recently the lines are starting to become blurry with IT - OT convergence, but there is currently still a difference between Information Technology and Operational Technology.