IT / OT convergence is here to stay whether we like it or not. There have been lots of articles about how to deal with convergence and lots of stories about how one side did this or that to the other side’s network, breaking this or that in the process. But how did we get here? And will we ever be able to have harmony between the two camps?
It all started back in the day when the first fieldbus arrived. There are lots of great stories on the history of that. Then, as everyone saw the benefits of fieldbuses, new fieldbus variants popped up like mushrooms. Naturally, we began to bicker about whose fieldbus was better than whose and this evolved into all-out fieldbus wars. But let’s stop right there. Let’s ask ourselves, what was on the wire? Despite how any one fieldbus defined its protocol or data semantics, it was really just one thing – fieldbus messages. That’s it. Period. End of story, just like we are showing in the figure below.
Fast forward to the early 2000’s, and most fieldbuses jumped on the Ethernet bandwagon. And we all jumped on this bandwagon thinking we owned the wire just like we did back when we used standard serial busses for the physical layer. I mean, why not? Ethernet is just another serial bus; it just runs faster. But the IT world was out there using Ethernet in a very different way. Instead of one protocol like we have with, say, PROFIBUS, there are a myriad of protocols for not just passing data, but for doing other things like managing the network.
Now, of course, other than speed, this is why the original serial fieldbuses moved to Ethernet – to take advantage of some of these protocols that can be used on Ethernet. OK, there was also the idea that we could all share the same physical layer and the dream that maybe one day all protocols could share the same wire. While the idea to share the same physical layer came to fruition, history was doomed to repeat itself with a second fieldbus war. But back to the move to Ethernet. We only wanted to use certain protocols for things like device configuration or diagnostics. Once things were configured and we were ready to go into run mode, that’s it. Hands off. The factory network has a job to do like produce ball bearings, or cookies, or beer – pick your favorite example. So, we called this brand of Ethernet: Industrial Ethernet –to distinguish it from the crowded world of Ethernet that IT uses. The figure below depicts this concept of sharing the wire.
The history of Industrial Ethernet goes on from here and there are lots of great articles and anecdotes on how safety, security, and sharing data have evolved. But this is exactly the point in the story where the IT / OT divide began. The minute we started using Ethernet with all of its benefits and started sharing select protocols with the IT folks, this is where the clash originated. It is the root cause of our current endless debate because, when it comes to security, IT’s priorities are Confidentiality, Integrity, and Availability. OT’s priorities are flipped – Availability is number one followed by Integrity and then Confidentiality.
It is a fundamental disagreement, but one that can be solved with technology that has been on the horizon for the past several years: Time Sensitive Networking. Yes, TSN. But we need to look at TSN differently. While the founding fathers of TSN were looking for ways to make Ethernet more deterministic and more reliable, they gave us a very important tool in helping solve the IT / OT divide. The ability to separate traffic into different classes. This simple concept often gets overlooked in the plethora of tools in the TSN toolbox. But if you think about it, we can use TSN to guarantee data delivery just like OT wants and allow lower priority traffic to share the wire just like IT wants. Perhaps this is what we will see when IEEE 60802 has completed its momentous task of achieving harmony in industrial networks. Or perhaps it will be up to the remaining fieldbus organizations. But whatever TSN mechanisms one chooses, we can prioritize traffic so availability is the priority for protocols like PROFINET, and ensure other traffic has priority needed for integrity and confidentiality to secure the network, like we are showing conceptually in the figure below.
Recently, TSN has taken a back seat to efforts to secure industrial networks –and with good reason. This has given TSN time to mature and allow the IEEE 60802 folks to finish their work. Then, we will begin to see the transformation of industrial networks into TSN-based networks which will give us the technology to put the IT / OT debate to rest.