Technological and Functional Difference between IT and OT
Today, anybody of us can no longer imagine a life without technological achievements such as personal computers, mobile phones, the Internet and other devices using modern IT technologies. In relation to these devices, cybersecurity can be perceived as their integral part. Functions such as firewall, antivirus, encryption or login via “username-password” are very common today.
Main functions of IT systems include information processing, transmission and presentation. Cybersecurity refers to so called end devices such as servers, personal computers, notebooks, mobile phones, etc. Cyberattacks on IT systems endanger particularly data and information.
Unlike IT systems, OT systems (also referred to as ICS – Industrial Control System or IACS – Industrial Automation and Control Systems) are used for:
- signalling / monitoring,
- measurement and regulation,
- control / handling,
- protection
of industrial technological devices from various areas and sectors such as:
- manufacturing industry,
- chemical, gas, metallurgical industry,
- power industry,
- transport,
- water management and others.
End devices of OT systems represent different devices with specific functions such as:
- PLC (Programmable Logic Computer)
- RTU (Remote Terminal Unit)
- IED (Intelligent Electronic Device), energy
- DCS (Distributed Control Systems)
- SCADA (Supervisory Control And Data Acquisition)
- EMS (Energy Monitoring (Management) Systems), measuring devices and electrometers
- CNC (Computer Numerical Control)
- BMS/BAS (Building Management Systems / Building Automation Systems)
A cyberattack on OT systems does not pose only a threat of damage to an end device, but above all, it poses a threat of significantly greater damage to a technological device itself, with a potential impact on people’s lives, health and property as well as possible environmental risks.
Cybersecurity of IT and OT systems is very similar in basic features. Nevertheless, OT systems have their own particularities.
The following table shows a comparison of characteristic features of both systems:
|
Office IT Systems: |
OT Systems (ICS/IACS): |
Main processes: |
Information processing |
Management of technological processes |
Characteristics: |
Dynamic systems |
Deterministic systems |
Life cycle: |
4-6 years |
15-20 years |
Patch management: |
2 or 3 times per year |
once a year (once every 2 years) |
Availability: |
outages accepted |
24/7 |
Current security: |
good |
low/no |
Communication protocols: |
TCP/IP |
IEC80750, IEC61850 |
End devices: |
server, PC/NTB, LAN |
RTU, SCADA, PLC, DCS, EMS, … |