Let’s start with the very basics. After reading this, I am sure you will have a very clear understanding of the below-mentioned topics.
- What is an OT NETWORK?
- What is an Operations Technology?
- What is an ICS?
- What is an OT network?
OT stands for operational technology. First, let me explain this in layman’s language. Imagine you are an IT professional, and you got a job at Mercedes as a programmer. You will be going to a Mercedes office in an IT park or some corporate office. You will connect your office laptop, and you will start working. The office network where you connect your work laptop is called the enterprise network or corporate network.
At the same time, Mercedes is primarily a car manufacturer. Their business, or revenue, is car manufacturing. They will be manufacturing automobiles at hundreds of factories located all over the globe. These are factories where people focus on building cars. The IT system networks in manufacturing plants or factories are called OT networks.
In more technical term, Operational technology (OT) refers to computing systems that are used to manage industrial operations. This includes monitoring of Oil & Gas, the Electric Utility Grid, manufacturing operations, and more.
ICS stands for Industrial control systems. ICS is a subset within the OT sector. Industrial control systems are defined as hardware and software components of an Industrial Automation and Control Systems. An ICS network can monitor many infrastructure and raw material systems. For instance, Conveyor belts in a mining operation, Power consumption in the electric grid, Valve pressures in a natural gas facility etc.
ICS is a subset of OT
High level IT-OT Architecture
I’ll use a high-level network architecture diagram to further clarify this. An overview of the connections between the OT and IT networks is provided by this diagram. Assume that data is coming into the network from the internet.
Organizations will deploy firewalls or other similar devices on their perimeter to filter external traffic (incoming and outgoing). The first firewall that faces internet or external traffic is normally called an Edge/Internet firewall.
Once traffic passes through edge firewalls, there will be a corporate DMZ. DMZ stands for demilitarized zone. A DMZ, or demilitarized zone, is a perimeter network that protects and adds an extra layer of security to an organization’s internal local-area network from untrusted traffic. This is where the publicly accessible servers are kept. Like web servers, FTP servers, proxy servers, etc.
Once the traffic crosses the DMZ, it will hit the policy firewall. This is the firewall where you will find the most number of rules. This firewall will have strict rules set for incoming and outgoing traffic on the enterprise network.
Once the crossed policy firewall, traffic reaches enterprise network. This is the office network.
Once data traffic crosses the enterprise network, it can go to different manufacturing plants. Here I have put a VPN concentrator. A VPN concentrator is a dedicated network device that provides secure connections between remote users and a company network. Through the VPN concentrator, traffic will be going to different manufacturing plants. But it can be any device based on the organization’s requirements.
Each manufacturing plant will have a local firewall or local DMZ for filtering traffic. For example, if you have a manufacturing plant in some remote location in Bangalore, these firewalls will be kept in that plant. This local firewall will be segmenting the traffic IT network and OT network.
Bare minimum traffic, which is very much required for business operations, is allowed through local firewalls. The network behind this local/plant firewall is the OT network
Based on the diagram, the network on the left side of the VPN concentrator is called the enterprise network, and the network on the right side of the VPN concentrator is called the OT network.
I hope now it’s clear what an OT network is and what an IT network is.
