Why IT-OT Convergence Is Critical for CPG Transformation
There’s no question that IT and OT have different roles to play—and different problems to manage—in consumer packaged goods (CPG) environments. While OT makes production possible, IT makes data more secure. This difference in priorities can create natural tension.
Over the years, OT and IT have remained mostly disconnected, running as separate entities with their own networks, policies and operations.
Today, however, to support seamless CPG workflows and operational efficiency, the two must be able to come together. This idea of convergence applies not only to IT and OT teams, but also to IT and OT networks and infrastructure.
It’s Time for OT to Become IT’s Partner
To facilitate Industry 4.0, smart data and digital transformation, the back office needs to know how things are going on the plant floor—and vice versa. Just like IT needs to know how production is going, OT needs to know about orders coming in from sales.
Between the administrative hall’s offices and the plant floor’s machines, production lines, and warehouse areas lies a distribution layer that manages routing, filtering, communication and data exchange between the two domains.
In many plants, IT manages this layer—but both teams and networks need access. Here are two examples of why this is important in CPG plants.
1. Machines Now Need to Connect in Many Ways
Plant personnel regularly work with equipment from different manufacturers. Historically, these machines have existed in islands of automation. Because of how they were built and addressed, they were never connected.
Today, however, data from those CPG machines needs to be:
- Shared and available to operators and engineers on the plant floor so they can make adjustments in real-time
- Transmitted between machines to free up resources and reduce costs
- Sent northbound through IT infrastructure to administrative offices and the manufacturing execution system (MES) so leaders can track productivity and quality KPIs
The only way for these connections to happen reliably and securely is when IT and OT work together.
2. New Machines Need to Be Reconfigured to Connect to the Network
When a batch of new but similar machines arrive on the plant floor, they typically come with a private address scheme (a set of closely related IP addresses) assigned by the machine builder.
To enable information flow, this new equipment must be connected to the machine-level network and the distribution network—regardless of vendor or communications technology.
When these pieces of equipment share the same IP address, however, they can’t connect to each other. Each of the machine lines requires address translation before machines can be connected to the distribution network.
To connect this new equipment, OT also needs access to specific VLANs and the public addresses available within the plant.
Guess who must grant OT the access required to specific VLANs and public addresses? You guessed it: IT.
Prioritize Access and Cybersecurity Efforts
It’s important to note that IT-OT convergence doesn’t have to be a free-for-all. Parameters can be implemented to manage OT’s access and connectivity to IT, and vice versa.
This is critical for cybersecurity efforts, too, as the CPG plant floor (which was never connected to the outside world before) now becomes connected through IT.
In addition to protecting IT and OT from the outside world, the networks also need to be protected from one another. While a firewall protects against unsolicited incoming network traffic, it doesn’t protect OT from IT—or IT from OT.
For example, if an accountant in the front office (IT) unknowingly clicks on an email containing malware that infiltrates the network, then OT will be exposed to that risk unless OT and IT remain separate—but together.
Overcome Your IT-OT Infrastructure Challenges
There’s no way around it: OT and IT must be able to collaborate and have conversations about connecting systems and networks. OT needs IT to help manage the intricacies of connected architecture, and IT needs OT to help navigate equipment and control systems and their impact.
Belden offers multiple solutions to help you overcome whatever IT-OT infrastructure challenges your plant faces.
If your plant lacks virtual IT infrastructure for data processing, then we can help you use edge connectivity to connect equipment to plant infrastructure and still allow northbound data flow. By collecting and processing the data locally—at the machine level—and then transmitting it northbound, the IT infrastructure doesn’t have to handle processing.
If you have virtual infrastructure in place to complete data processing, then we can help you network your machines and complete network address translation so they can connect to the distribution network.
If you’re just beginning on your data journey, then we can help you take the first steps without spending lots of capital.
To see some of these examples up close, our Chicago Customer Innovation Center (CIC) is showcasing these technologies in action in its the CPG Validation Lab.
Example of a Network Architecture for Discrete Automation
Click image to view larger version