Featured Image

Protecting an OT vs. IT Network: Performance Differences

A topic that is often not considered is the differences in the performance requirements between the IT and OT network environments.
Dec 08, 2021

There are significant differences in the equipment connected to an OT (shop floor) network than to an IT (office) network. There are also significant differences in the processes and procedures required to manage and support these networks. A topic that is often not considered is the differences in the performance requirements between the two network environments.

Generally, the near real-time performance of an IT network isn’t as significant of a concern as it can be on an OT network. In the IT environment, it would be considered normal and acceptable if there is a half-second delay in updating information on your screen or if there is a five-second delay when transferring a document to a printer. Depending on how an OT network is being used, similar performance may be totally acceptable or disastrous.

When security measures are applied to a network, every message that is transferred on that network passes through one or more security checkpoints. Passing through each checkpoint adds a small delay in the message. This delay may be a few milliseconds or can be more significant, depending on the type of security assessment implemented at each checkpoint. 

Also, on an OT network, edge computing devices are commonly used to connect some of the equipment on the shop floor to the network. Depending on how an edge computing device is implemented, different delays can be experienced as messages are passed to/from these devices.

  • If the edge computing device is merely passing messages between the network and the piece of equipment (acting as a translator), then the delays may be minor. 

  • If the edge computing device is also analyzing the messages for security threats, then some additional delays will be experienced.

  • In other implementations, the edge computing device is constantly gathering data from the equipment to create a local copy of the real-time data. Exchanges of information across the network are made directly to/from the edge computing device. When the edge computing device responds with data, the data most commonly comes from this local copy. There will be a latency (a delay) represented by the time difference between when the data was collected from the equipment and when it was used to respond to a message on the network. The amount of this delay is implementation specific.

The cumulative effect of these various delays will impact different OT networks in different ways. If the network is being used for basic data collection and monitoring of activity on the shop floor, these delays likely have no real impact on the quality or validity of the information being collected. However, if the network is being used for more real-time functions, like coordinating operations between pieces of equipment, then these delays can be very detrimental – to the point that they could represent safety issues in certain circumstances.

It is essential that IT professionals working in the OT environment fully evaluate the performance requirements of the shop floor network and factor the sources of delays in the flow of information across the network into their network design plans. Some of the technology choices that may make it easier to connect equipment (especially older equipment) to the network may lead to unintended consequences when it comes to the performance of the network. 

When planning the implementation of an OT network, all aspects of the network must be fully understood and incorporated into a security strategy – the uniqueness of shop floor equipment, the types and sources of potential security threats, and the performance required to support the data management functions needed for a specific implementation. 

PicturePicture
Author
John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
The definition and management of the credentials used to access the resources within a company's network requires their own set of rules within an access control strategy. Here are some important security elements to consider with usernames and passwords.
Any advanced cybersecurity plan should address electronic media in both the IT and the OT networks. Devices like CDs, flash drives, and more are problematic since each is an interface to your company’s network, introducing possible security threats.
The MTConnect Institute announces the release of MTConnect Version 2.0. The 2.0 version of the free, open, model-based standard that supports semantics for discrete manufacturing is a significant advancement from previous versions.
Access control in an advanced cybersecurity plan go well beyond usernames and passwords. It means defining, implementing, and monitoring rules to control which persons and systems may access resources within your company’s network and computer systems.
A look at what some of the job shops in the United States are doing.
Similar News
undefined
Advocacy
By Harry Moser | Aug 10, 2022

In part two, I discuss the reshoring decision shift based on “doing the math” with TCO (total cost of ownership). I also look at workforce development and future projections.

4 min
undefined
Technology
By John Turner | Jun 17, 2022

Any advanced cybersecurity plan should address electronic media in both the IT and the OT networks. Devices like CDs, flash drives, and more are problematic since each is an interface to your company’s network, introducing possible security threats.

7 min
undefined
Technology
By John Turner | Jun 03, 2022

Access control in an advanced cybersecurity plan go well beyond usernames and passwords. It means defining, implementing, and monitoring rules to control which persons and systems may access resources within your company’s network and computer systems.

5 min