Electricity and Control February 2024

INDUSTRY 4.0 + IIOT

Managing cybersecurity in OT and IT convergence Neels van der Walt, Senior Business Development Manager, Iritron (Pty) Ltd

S mart Mining and Smart Manufacturing and the drive towards the digitisation of the mining and manufacturing value chains, coupled with advances in technology, are driving an ever-increasing demand for operational information. This includes the need for information on what is happen ing in the plant environment in real time as well as visibility into plant operations. Information is needed to make informed decisions, and to support compliance with environmental, so cial and governance (ESG) directives or regulations. The triple bottom line of People, Planet and Profit is now more prevalent in business and to achieve cleaner, safer and smarter operations, while at the same time increasing throughput, requires timely information on which manage ment can base decisions and actions. Additional insight not previously available can be generated today by using technologies such as industrial artificial intelligence (AI) and machine learning (ML), but this requires historical plant data to train the models, and real-time plant data against which the live models can be run. The question that arises is how can we make real-time plant data and information available, securely, at scale and cost effectively to a wider range of users. Operational technology (OT) The physical plant environment and the operational tech nology from which the plant data originates is traditionally managed by engineers and operational specialists. The en vironment includes operational data interfaces that form an

sonnel. In the past, the plant environment was mostly isolat ed from the connected outside world and the possibility of cybersecurity threats was minimal. Of primary importance is the availability and reliability of systems to ensure minimum plant downtime and the safety of equipment and personnel. Information technology (IT) On the other side of the business is the IT environment. This is where the business systems and applications such as enterprise resources planning (ERP) systems operate, and where the business users are connected by means of the in-house Local Area Network (LAN), or in some cases, the company’s Wide Area Network (WAN). The IT environment is traditionally serviced by an IT Department and some times outsourced. The business environment is connected to the Internet, and a large number of business applications typically reside in the cloud, a trend that seems set to con tinue. In this environment, security is of primary importance due to cyber-intrusion threats from the outside world. ISA/IEC 62443 cybersecurity standards with MQTT The decision-making information requirements noted above are driving the convergence of the OT and IT environments. Companies are increasingly starting to integrate these technologies to enable the sharing of information between the plant and the business environments and to make plant information available to a wider spectrum of users. This raises the concern of exposing the previously iso lated OT environments to potential threats from the external world. The ISA/IEC 62443 cybersecurity standard defines best practices to ensure a secure protected OT environ ment. Some of the security measures in the ISA/IEC 62443

integral part of the operations and are critical for the safe operation of equipment and safety of per

The diagram illustrates OT and IT environments separated into different zones, all connected via MQTT.

4 Electricity + Control FEBRUARY 2024