Although traditionally the OT domain was completely separated from the IT domain (we call this an ‘air gap’), this is becoming increasingly difficult to maintain today. Suppliers want remote access for maintenance (which can save costs), software updates need to be downloaded, staff want/need to work from home. But above all: The business needs the data that is produced in the operational process. Because with this data costs can be saved, the process can be optimized, ‘waste’ can be reduced and a better quality of products can be achieved. And these are just a few examples of what can be achieved if factory data can be turned into information.
However, there is a downside. Namely, the OT domain must be connected to the IT domain. And that entails (major) cybersecurity risks. After all, equipment in the OT domain can be 10, 20, or even 30 years old and is not designed with cybersecurity in mind. Attention should therefore be paid to connecting OT and IT, specifically and especially in the field of cybersecurity.
While this may seem tricky at first, it isn’t. Nowadays there are several ways to enable a secure (from a cybersecurity perspective) connection. For example by using a ‘Datadiode’, or a ‘Unidirectional Gateway’. Such a solution ensures that traffic can go out from the OT domain, but nothing can go back.
In addition, through proper segmentation, using a ‘De-Militarized Zone’ (DMZ), such a connection can be established cyber-securely.