In industrial applications process control discipline involves monitoring and controlling of machinery, systems and physical processes to make sure that production processes are carried out efficiently, consistently and little variation. Monitoring is an integral part of plant operations and no OT environment is imaginable without local or control room HMIs and human operators. Increasingly, process industries take additional advantage of various optimization application for detection of abnormalities and early indicators of deterioration. In contrast, when it comes to supporting communication infrastructure (networks and end-points), they are frequently expected to be implement and configured in 110% reliable and secure way that no monitoring for deviations or breaches would be necessary. Ugh.
However, the purpose of this talk is not to discuss the terrible and unfair negligence of OT communication infrastructure when it comes to monitoring. Instead, we will use the case of “monitoring” function to help professionals from two distinct worlds, IT and OT, to realize their similarities beyond sharing hate for filling in timesheets. On the example of two distant jobs such as SOC analyst and Control Room operator, we will show how their jobs are fundamentally the same. Throughout the talk we will cover similarities and differences in key areas such as:
- SIEM vs. HMI applications,
- Alarm configuration and response; alarm management,
- Logging and log correlation; historian functions,
- Types of anomalies/events/threats,
- Event/incident root-cause analysis,
- Incident response,
- SOPs, etc.
It is hopeful that by the end of the presentation, IT and OT professionals will develop a solid respect for each other the job functions and feel encouraged to discuss common matters. It is also hoped, that OT experts become conscious about value of log collection and network monitoring in their environments and will be more collaborative when asked to configure a mirror port on an industrial switch.
IT and OT professionals who would like to know more about each other worlds
- Monitoring is the process of providing a feedback loop into the state of object under observation. The process of monitoring physical processes and communication infrastructure are fundamentally similar.
- OT domain has more mature body of knowledge and better-established processes when it comes to alarm management, work place and GUI ergonomics and cognitive performance. Experience exchange could be beneficial for a “younger” SOC function.
- Short-term job rotations could help IT and OT professionals to better understand and appreciate specifics of each other jobs, enable cross-learning and for-real effective IT-OT conversion.