Updated: Apr 9
Operational Technology is a relatively new term but not a new concept. The use of the word Operational Technology OT for short is used to distinguish between Information Technology (IT) and has been more relevant since the advent of IoT.
With IT vs OT we can define operational technology cyber security needs among other things.
Let me provide you with a couple definitions from other sources and then I'll give you a different way to look at it more simply.
Definition 1 - Wikipedia
"Operational Technology (OT) – the hardware and software dedicated to detecting or causing changes in physical processes through direct monitoring and/or control of physical devices such as valves, pumps, etc.
Simply put, OT is the use of computers to monitor or alter the physical state of a system, such as the control system for a power station or the control network for a rail system"
Definition 2 - Whatis
"Operational technology (OT) is a category of hardware and software that monitors and controls how physical devices perform."
Definition 3 - Gartner Glossary
"Operational technology (OT) is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events."
In Other Words
Operational Technology OT is the "IT stuff" for industrial computer systems.
So now the question is, why do we need this distinction at all then?
Traditionally within the industrial world they would still refer to the computer and networking equipment as "I.T." and is typically run, maintained and operated by systems/maintenance engineers or technicians.
But this type of IT is different to what most people mean by IT, particularly in the Business world. Now this common term becomes a problem because when you apply IT solutions to Industrial IT systems - you break the systems!
Okay, so now we know there is a difference between Industrial IT systems and IT systems, and we have a name for it "Operational Technology", how do we know they are different?
When and where do we draw the line?
Well here's some key differences that I've found to be the easiest to explain it.
IT and OT have common technology, but different goals.
For example here's my IT/OT Car Analogy.
There's a racing car and city car. Both have common technology - wheels, seats, windshield, engine, etc but both have different goals, one for racing and one for city driving.
Because the goals have changed therefore the problems you solve are different and so the design changes.
The definition of what is considered good or bad completely changes.
A racing car doesn't care for creature comforts, cup holders. They sacrifice luxuries for the reduction in weight. Whilst a city car doesn't need something that can drink fuel quickly and get them to max speed since likely they will stop more often, be in the car longer and probably want a music player.
Now back to IT vs OT.
IT cares most about Information (lo and behold, it's in the name) whilst OT cares about the process and the operation of that process (wow, also in the name). What does this mean?
An IT system will prioritize protecting data over most things. If a system needs to be restarted so it gets its updates and has less risk of losing data, then so be it.
An OT system will prioritize running the process over most things. If data is lost or not saved or not logged or backed up, sure, as long as the system does not stop running.