Has your utility completed a successful collaboration between IT and OT, or do you know of any publicly available examples of such collaborations?
- May 18, 2020 11:13 am GMT
- 568 views
I’m actively involved with the IEEE Power and Energy Society’s Technical Committee on Power System Communications and Cybersecurity (PSCCC), and right now I’m chairing a task force on Utility IT-OT Cybersecurity Challenges in Roles and Terminology. As we gather information for this task force, I’m actively seeking out input from practitioners in the utility space, both in IT and OT, on what sort of collaborations they’ve undergone, what challenges arose from these arrangements, and more. So if you have completed such a collaboration, I’d also specifically ask:
- Was the collaboration cyber security related?
- What made the collaboration successful?
- How did you resolve the differences in cybersecurity philosophy that exist between IT and OT?
Senior Consultant and Lead Software Engineer
Reliable Energy Analytics LLC
Member since 2018
Senior Consultant and Lead Software Engineer, Reliable Energy Analytics LLC
Theo, NERC CIP-010-3 R1, Part 1.6, Software Verification requirements does indeed cross cut IT/OT on cybersecurity. The focus being on software objects, without distinction of where that software will be deployed, i.e. an HMI Windows desktop or an RTU or any other device within a BES control infrastructure, is a great use case showing an IT/OT intersection. The CIP-010-3 SAG-PM™ cybersecurity risk assessment software that analyzes software objects before deployment can be used by IT and/or OT personnel to detect harmful software objects and report a trust score to help decision makers decide to install a software object, or not.
I don’t have any recent experience to provide. At a major utility at which I previously worked, though, we addressed the IT/OT divide quite a few years ago. One of the first steps was to bring the OT group that supported their applications (e.g EMS), kicking and screaming, into the IT organization. That resulted in them following project management processes and also a broadening of their enterprise architecture perspective. I had previously worked with the OT group on a few minor projects that involved getting data out of their systems. That resulted in some clunky but useable interfaces that got around the security challenges.
From a security standpoint the utility's IT Security group addresses both IT and OT security. Aside from the challenge of securing the grid in general the issue of data flowing between the two networks was a big one. Firewalls were the basic solution. So from the collaboration standpoint that was mostly addressed through the organizational alignment. Obviously there were some collaboration challenges at the lower levels more from an “it’s mine and you can’t touch it” standpoint as well as some technical issues.
One of the issues comes with applications that span the divide. The primary one being OMS since it uses data from both the Customer application and potentially from EMS/SCADA or other OT applications. At this particular utility, OMS runs on the IT side. I have talked with other utilities where it runs on the OT side especially if it runs under the wing of ADMS. At my utility, the OT connection for OMS did not come until a few years after its initial implementation so not really a concern at that time.
Enterprise Architecture Strategy and Standards
Xcel Energy and The Full Circle Group
Member since 2016
Enterprise Architecture Strategy and Standards, Xcel Energy and The Full Circle Group
Below is some work we did around how data should be viewed from a convergence viewpoint. We have done work around security as well.
Below is a refreshed OT/IT Digital Orchestration (we have stopped using convergence as it implies interoperability which has been problematic for solution providers to agree upon). However what is essential is the orchestration of data, the security context and critical information streams.
Tap Into The Experience of the Network
One of the great things about our industry is our willingness to share knowledge and experience.
The Energy Central Q&A platform allows you to easily tap into the experience of thousands of your colleagues in utilities.
When you need advice, have a tough problem or just need other viewpoints, post a question. Your question will go out to our network of industry professionals and experts. If it is sensitive, you can post anonymously.
Ask a question now »