The document discusses a 2015 survey that found collaboration between IT and OT teams is lacking in many manufacturers. Less than half of respondents said the teams collaborated on upgrading systems, and only 37% reported collaborating on technical issues. Nearly 10% reported no collaboration. The document also discusses challenges with integrating IT and OT, including different approaches, skill sets, and priorities around availability, security, and real-time response. It presents a framework for levels of IT-OT integration, from research to transformation, and questions for discussion around challenges, skills gaps, security approaches, and stakeholder buy-in.

1. Vishnu Murali
Director IT
NRG Energy
05.26.2015

2. According to the results of a 2015 MPI/Rockwell survey
Less than half (45%) of manufacturers surveyed said that their OT
and IT teams collaborated on issues such as upgrading legacy
operations or enterprise systems
A scant 37% reported a collaborative approach to solving technical
enterprise issues
Nearly 10% reported no collaboration between the two
departments.
- Industry Week

4.  Dumpers, loaders and
heavy mining equipment
 Sensors to monitor asset
performance
 Onboard event logging and
prognosis
 Transmission of events
from assets
 Intelligent asset response
 Resource deployment
 Remote
troubleshooting……
 Enterprise backbone
integration
 Communication networks
and database
 Hardware / Software
updates
 Integrating Enterprise ERP
with OT applications
 Integration between
Equipment data logger and
big data back-end / cloud
 Field service management
 Supply chain
management…..

5. Tesla’s
Response
Tesla communicated the recall to its
customer but told them “not to worry”.
Next day morning 29, 222 cars were
updated with the fix while the customers
were sleeping overnight.
Previously Tesla had also performed a silent
/ non-recall fix where in it had to tweak the
settings of the electronic shock absorbers
to make it more resilient at high speed.
GM’s
Response
GM asked its customers to take its cars
to the dealers for update and fix.

7. NIST ICS (Special Publication 800-82, Revision 2, Guide to Industrial Control Systems (ICS) Security (Pages 2-16 to 2-17)(4)
Category IT Systems OT Systems
Primary Players • CIO
• Computer Science Grads
• “Wintel geeks” / Younger generation
• COO, Engineers, Technicians, Production
Managers and Staff
• Older staff who moved up through then ranks
from line operators to technicians
Primary Focus • Data confidentiality and integrity is paramount
• Automation of business processes
• Information management and manipulation
• Safety and protection of the process and
equipment
• Response to human and other emergency
interaction is critical
• Controlling physical process
Component Lifetime • Lifetime in order of 3-5 years • Lifetime in order of 15-20 years
Security Approach • Confidentiality, Integrity and Availability • Availability, Integrity, Confidentiality
Performance
Requirement
• Non-real time
• High throughputs demanded
• Downtimes acceptable
• Real-time
• Reponses is time-critical
• Downtime or delays unacceptable
Data • Complex data type
• Multilayered analytics
• Low data rate (10k records/second)
• Simple data type
• Just-in-time analytics
• High data rate (1M messages/sec)
Interfaces and
Networks
• Web browser
• Keyboard
• TCP/IP based
• Typical IT networking practices
• HIM
• Sensors with embedded OS and Programs
• Codded displays and touch screens
• Serial based communication (Moving to TCP/IT)

9. Culture

10. CIO
CTO
CMO
CDO
CISOCOO
CDA
CEA

12. Awareness of
Enterprise OT
Systems Landscape
and Degree of
Convergence
Consensus That
Convergence Means
a Change in
Managing OT
Rationalization and
Alignment of OT
Management and
Methods With IT
Tools
Integration of IT and
OT Systems and
Infrastructure
Optimize and
Standardize
Processes
LEVEL 1
LEVEL 2
LEVEL 3
LEVEL 4
LEVEL 5
Research
Foundation
Alignment
Integration
Transformation
1. As-is IT & OT
Architecture
2. As-is OT mtn. process
mapping
3. IT-OT Technical
integration
Architecture (Data,
Security)
1. IT-OT Competency
Center model
2. Vision, Goals, Charter,
R&R and Governance
3. CC Operating Norms
4. Cross departmental
training through job
rotation
1. To-be integration
architecture
2.OT Risk and Roadmap
profiling – Heat Map
3. Vendor Collaboration
4. Process alignment
1. Pilot Integration
Projects
2. Vendor Collaboration
3. Monitoring
4. Cyber Security Testing
1. Launch targeted
transformation
initiatives
2. Measure benefits
3. Repeat

13. Source: © 2011 Gartner
 Where do we begin?
1. Start with NIST framework and evolve it to suite the needs
2. Perform Risk Assessment – Technology, Market Forces, Vendor strategy, Business Strategy, IT Strategy
3. Establish Vision and “to-be” state
4. Market and Sell business case to the business stakeholders
5. Establish a focused team that will work on execution of process, frameworks and data analysis
6. Create a center of excellence along with vendors participation

15.  What are some of the challenges that you are
facing in your organization with IT/OT
integration?

16.  What is your IT / Cyber Security department
doing to bridge the IT and OT skills gap?

17.  What approach are you taking to address
security concerns as part of your IT /OT
initiatives?
 How are you getting the stakeholder buy-ins
on related investments?

18. Vishnu Murali
Vish.murali@nrg.com
askvishnu@gmail.com
Cell: 513 478 7004