How Should IoT Be Architected for OT Environments?
Where are We Today?
There is a certain amount of legacy when dealing with IoT or IIoT (Industrial Internet of Things) in operational technology environments. IoT may be a new technology but much like the term "AI" today, IoT came onto the scene fairly quickly, pushed by vendors with new products to sell, improvements to communication, and understandably asset owners took the chance to see what benefits IoT could bring to their operations. It feels like most asset-owners immediate thought was to bring all this new IoT data directly into their existing SCADA systems, but this came with some problems:
- The data classification of IoT data is often very different to traditional SCADA data, and the risk associated with that data is either unknown or different to the risks and controls for SCADA
- IoT is still a changing environment as new technologies and products come along, and there is a benefit to asset owners to have the flexibility to try these new things without being limited by SCADA and relevant policy
- IoT will scale significantly and quickly due to the nature of the technology, unlike PLCs and RTUs which often deal with large scopes of work that are planned over many years
- Most of the information collected by IoT typically isn't directly relevant to traditional SCADA operators and controllers and the jobs they try to perform
- Providing access to SCADA for the users that are interested in IoT data increases the interface from corporate IT networks into OT networks, and require additional training
- SCADA systems need to focus on their primary objective, which is to collect, display and manage SCADA data. The existing hardware capabilities often do not consider the extra load needed for IoT, which may compromise the overall availability of the SCADA system or reduce performance causing issues with operations
- Best practise suggests that SCADA systems should not directly connect to the Internet, however most IoT solutions are through Internet channels
- As the rush to bring out IoT products, key features can be missed by vendors such as the features to comply with basic cybersecurity requirements, and the supply chain of IoT can often be hard to identify with rebadged products and business start-ups
I'm not saying bringing IoT data into SCADA is a truely bad thing, it is just far from ideal and limits the futures of both your SCADA and IoT.
Key Concepts for an IoT Future in OT
The introduction of IoT to OT also brings in some advantages, for example as a new technology with new solutions then cybersecurity can be thought about from the start rather than crow-barred in later. In my opinion the following needs to be considered:
- IoT environments should be hosted separately to SCADA environments, with only the relevant subset of data from IoT transferred to SCADA as necessary for the operators and controllers
- Users need to be appropriately classified for the data they require access to, and where possible this should align with the systems available
- IoT should be risk-assessed separately to SCADA to reduce legacy
- Appropriate thought should be given to how testing of new technologies and products can be achieved
Concept Architecture
The following diagram shows a general concept of how existing SCADA and new IoT can co-exist within an OT environment
Return to Homepage