Historically, people involved in the IT world and the OT world have taken different approaches to the concept of security. For OT, security includes the fundamental requirement of safety: making sure no one gets hurt. IT security, on the other hand, tended to focus on protecting information.
As more data is processed at the edge of the network, the IT and OT worlds will converge more than ever. Managing the different priorities of IT security and OT safety will be a major focus for companies that run workloads at the edge.
Explosive choices at the Edge
Cybersecurity at the edge is more than implementing known and accepted security measures in a new location. To begin with, many IT security approaches assume that a user is present in front of the screen. With edge deployments, the computer could be 3,000 miles away from the nearest person. Teams need to remotely recognize the difference between the power going out and a potential intrusion, then decide the appropriate response—two very different operational approaches.
The operational choices multiply when you consider OT safety concerns. It’s one thing to lose information, but another when something blows up. Consider a situation where part of the operation involves handling explosives. One basic safety rule could be that anytime a team is handling explosive material, all radios are shut off to avoid any accidental triggers. Today, that means having separate radio boxes with lights on the front. When the green light is off, that means the radio is off. It’s easy to see and confirm.
How can that type of physical confirmation be replicated in an edge installation where no IT staff is present and the connections are via a Wi-Fi radio and cellular modem inside the server? Someone must be able to turn off the radios inside the server and see that it’s turned off, even if the LTE connection and satellite link are down. Technology, in this case, is the easy part. The more difficult consideration is understanding where safety and security meet and how to actually build something that fits the bill.
Becoming comfortable with the new requirements inherent in edge deployments will be important for tomorrow’s IT and OT teams. People from an IT background thrive on keeping applications and the network up and running. In a distributed environment, the normal state might be the other way around: the only time the network needs to be up and reliable is when someone stops by the physical location. The critical applications keep the oil well site or wind farm operational but only transmit data when called upon.
Meeting both IT and OT needs in an edge computing environment is more about balancing priorities as opposed to resolving conflicting viewpoints. Companies need to understand the views of IT and OT to best implement edge computing. IT security concerns about software and network go hand-in-hand with operational safety consulting.
Whether handling explosives or scanning groceries, there are numerous use cases that bring IT and OT together at the edge. The good news is that the building blocks are there. What’s needed now is a common framework for both sides to work together.