IT vs OT Systems: What’s the Difference?

IT vs OT Systems: What’s the Difference?

Information Technology (IT) and Operations Technology (OT) are two distinct yet interconnected fields that play critical roles in modern organizations. IT deals with the use of technology to support business processes, while OT focuses on the use of technology to control and monitor industrial and commercial processes in facilities. By looking at IT vs OT systems, it’s easy to identify their major differences.

What are IT Systems?

IT systems are primarily used to support business processes, such as data storage, processing, and communication. These systems include things like enterprise resource planning (ERP) systems, customer relationship management (CRM) systems, and enterprise-wide networks. They are responsible for maintaining the flow of data within an organization, and provide important services such as email, file storage, and data analysis. IT systems are also responsible for maintaining the security of an organization’s data, including firewalls, intrusion detection systems, and encryption.

What are OT Systems?

OT systems, on the other hand, are used to control and monitor industrial processes. These systems include things like programmable logic controllers (PLCs), distributed control systems (DCSs), and supervisory control and data acquisition (SCADA) systems. They are responsible for controlling and monitoring the physical processes within an organization, such as manufacturing processes, power generation, and water treatment. OT systems are designed to operate in real-time and are often required to operate 24/7.

When we look at IT vs OT systems, trends show they are increasingly being integrated to improve the overall efficiency of companies and facilities. For example, a building owner might use data from an OT system to optimize their HVAC systems, or an energy company might use data from an IT system to identify and respond to potential power outages.

diagram showing and IT system components vs  OT system components
The difference between IT and OT system components. Note that IT and OT must interface with one another.

Network Security

One of the major differences between IT and OT is in the level of security required. IT systems are typically more connected to the internet; hence they are more exposed to cyber threats. These systems need to comply with industry-specific standards like the Payment Card Industry Data Security Standard (PCI-DSS), HIPAA and SOC2. Organizations need to maintain regular backups, have intrusion detection and prevention systems, as well as have strong and regularly updated access controls in place.

OT systems on the other hand, are typically more isolated from the internet and have fewer connections to external networks. These systems need to comply with standards like IEC 62443 which are specific to industrial environments. Because of the real-time nature of their operations, organizations need to have redundancy in place and maintain backups that can be restored within minutes, have detailed incident response plans, as well as maintain physical security of the systems.

Conclusion

IT and OT systems play critical roles in modern organizations, with IT systems primarily focused on supporting business processes and OT systems focused on controlling and monitoring industrial processes. The two fields are becoming increasingly integrated, with organizations leveraging data from both types of systems to improve overall efficiency. However, they are also vastly different in terms of the level of security required, with IT systems being more exposed to cyber threats, and OT systems being more isolated and needing to comply with industrial specific standards.

Effective Cybersecurity Habits for Your BAS 

Effective Cybersecurity Habits for Your BAS 

Properties need effective cybersecurity measures. Cybercriminals don’t just attack high profile companies and governments; they target small to medium businesses too. Computer viruses range from annoying adware infiltrating your browser to costly ransomware attacks. In 2021 the world saw a 105% jump in ransomware attacks. Healthcare alone saw a 755% increase! Businesses are paying out billions each year to save their proprietary and/or customer data—and paying only makes things worse. 

The sharp rise in ransomware has forced building owners to take a serious look at their IT infrastructure. This is alongside adapting to the challenges of the pandemic and managing a remote workforce. Interestingly, some security experts point to remote work as one cause for the increase in ransomware. Since employees are no longer behind corporate firewalls, their home-based laptops and mobile devices become “attack vectors” for gaining entry to company networks.  

Remote entry points are also an issue for building control systems. As buildings become more connected and “smart”, the threat of data breaches increases. That’s because system integration, IoT devices, and building automation systems (BAS) increase connectivity and wireless operation. It’s a problem the U.S. government has known about since 2015 after the GAO warned of a 74% jump in cyber incidents involving government-owned industrial control systems.  

Building control systems like BAS/BMS connect hundreds of devices and sensors that make up systems like fire, access, HVAC, electrical, and lift. Connectivity makes it easier for cybercriminals to make their way to more sensitive data because there are more paths to follow. Wireless and IoT devices make networks vulnerable to remote Wi-Fi exploits and password hacks. These potential data breaches and financial losses from malware are why property teams need to practice effective cybersecurity habits.   

hands grabbing different pieces of a pie

Setup Multiple User Accounts 

One good security habit to adopt is proper account creation and assignment to your team. To save time and hassle, some building managers create and share one master admin account amount their team members.  It’s tempting when someone needs to make a few quick changes to simply email your login and password. However, this puts your BAS at risk of cyberattack if those credentials are misplaced or abused. To be cyber safe, create both admin and user level accounts and assign them to each employee. 

Almost all BAS software lets you create multiple accounts and at various levels of access. Individual account creation does three key things:  

  1. It ensures inexperienced members aren’t given access to critical controls.
  2. It makes sure user actions are recorded by the system.
  3. It helps users work more effectively.

Modern BAS systems track what users do, which is helpful when things in the system are improperly changed. If everyone signs into the system with the same account, then you can’t tell who did what and when. This can slow down repairs and troubleshooting because you must rely on faulty human memory instead of an accurate digital record. Also, when inexperienced or new users sign into an admin account, they may spend an inordinate about of time searching for the tool or feature they need. User-level account interfaces are simplified for this reason. Too many options can tank productivity by forcing workers to waste time navigating a complex interface looking for a single item.  

hand pressing username and password fields

Password Creation 

Creating strong passwords is one of the most impactful cybersecurity habits you can adopt. Too often folks continue to use highly predictable pass codes (e.g., “123455” or “Qwerty”) to secure their most sensitive data. What’s worse, most of us also use these same flimsy passwords for all our accounts. It’s behavior that’s too predictable, and predictability is the Achille’s Hill of security.  

Make sure your team knows password best practices. When it comes to password creation, length and complexity matter. Passwords should be at least 8 characters long, include special characters (e.g., @!&), and numbers. The longer the password the better; however, there’s a limit to how many characters a person can hold in long term memory. To combat the memorization problem, use passcodes instead.  

Passcodes are acronyms made from random words or long sentences. To create a passcode, use the first letter of each word to form your password. For example: “My cat whiskers is 3 years old and likes to have her belly rubbed.” This sentence (which is personal and easy to remember) becomes the password: “mcwi3yoalthhbr”. Then, swap out a few special characters, and you’re good to go.  

If passcodes seem too complex, make your life 100% easier by simply using a password manager. These cloud-based apps create and store complex passwords in the cloud for you. They will even fill in the form fields for you, saving you valuable time. Most apps have free or inexpensive annual plans, so investment is minimized, while time savings and security are maximized.  

cyberthief using a phishing email attack

Suspicious Link Detection 

A building’s devices aren’t its only weak spots. In fact, occupants are often the major sources of malware. Cybercriminals can use social engineering to trick employees into opening phishing emails and navigating to fake websites. The tactic is called a “pharming attack” and is a common way for hackers to steal an employee’s username and password. The fake website looks and feels like the authentic one, but it’s a duplicate. Employees unwittingly enter their username and password, which is recorded and used to gain entry to the account.  

Hackers design phishing emails and fake websites to look like official corporate digital assets, often using the same branding, logos, language, etc. Most are convincing enough to fool an employee who’s under a bit of stress and/or not paying attention. However, there are a few tell-tale signs to look for:   

  • Salesy Language. Cybercriminals often employ high-pressure sales language or scare tactics. Phishing emails may claim “suspicious activity” or fake “charges” to user accounts to entice holders to hastily move to fix “issues” without first confirming the source of the emails.   
  • Grammar mistakes. Often cybercriminals don’t speak your native language, so look for any grammar mistakes or misspellings. These are extremely rare in authentic corporate emails and are a sure sign of a fake.  
  • Pixelated logos. Hackers use official logos to trick email recipients, but often these logos are hastily copied and pasted from websites and may be incorrectly sized resulting in pixelated or strange looking images. 
  • Strange URLs. URLs have two parts: the hypertext (e.g., “Contact Us”) and the address (e.g., https://7nox.com/). Never trust the hypertext to tell you where the link goes. Always check the URL address. To do this, hover your cursor over the text without clicking and read the URL displayed in the bottom left corner of your browser. The URL should contain the company’s address. If it’s simply a long string or strange characters, it may be a pharming attack.    

BAS Backups 

Make sure your BMS provider backs up your BAS/BMS system on a regular basis. Backups keep your system secure against ransomware attacks, which rely on businesses not having copies of their data. Plus, system backups ensure redundancies when your system goes down or when you shut your building down for changes. If controller settings aren’t “persistent” they may not be saved during a reboot of your BMS. It’s critical that you have backups to ensure these changes are saved.     

Conclusion 

While building automation and connectivity brings many wonderful things to the built environment, they do require owners and managers to make their IT and OT more resilient. However, without proper training of staff, these technical efforts may prove fruitless. In cybersecurity, humans are often the weakest link. That’s why cybersecurity shouldn’t be simply a training box to tick at the end of the year. It should be an ongoing attitude and effort by all employees. Focus your training on seasoned staff, who may be laxer in their habits, and on newcomers who may have few habits at all. 

What is the Niagara Framework?

What is the Niagara Framework?

The Niagara Framework (NF) is developed by Tridium, and if you visit the company’s website, you will learn Niagara is a “comprehensive software platform for the development and deployment of connected products and device-to-enterprise applications.” If you’re like most FMs and property owners, that description sounds pretty technical and dense, as if it were written in a different language. Ironically, the notion of miscommunication within different languages illustrates perfectly what the Niagara Framework is and, more accurately, what it attempts to solve.  

Let’s try to clarify Tridium’s definition by breaking it down into parts, so that by the end of this article you should have a better idea of what Niagara does. We’ll start with a simple thought experiment, then take a deeper dive into how Niagara helps buildings and devices communicate.   

Niagara: The Ultimate Travel Adapter 

Imagine you’re going on an overseas vacation and need a travel adapter. While at the airport waiting to take off, you spot an adapter in a retail store window. However, it’s not just any old travel adapter, it’s the Ultimate Travel Adapter, equipped with hundreds of outlets for every country, region and plug type imaginable. What’s more, the adapter has older plugs styles, so now you can charge that ancient iPod you brought along. Imagine you bought such a product. What could it do for you?  

For one, it would give you the flexibility to buy and use any device you wanted. It would free you from having to use one brand. It would eliminate compatibility issues. Plus, it would let you plug all your devices into one place, simplifying the management of all your electronics.  

multi-plug adapter
The Niagara Framework functions like the Ultimate Travel Adapter, connect all of your devices and platforms together into one architecture. You can find a Tridium explainer video here.

Next, imagine your adapter has controls for managing each device. It also comes equipped with a dashboard that shows power consumption, current status, and security alarms. Even better, you’re able to access all of this valuable information online. With such a digital tool, you could save energy by unplugging unneeded components, quickly identify failed devices and better predict outages. In short, you could save time and money by increasing your efficiency.  

Finally, image your travel adapter itself adapts to the changing technological landscape. After all, plug styles come and go, and so your adapter must also adapt or risk becoming antiquated. Such an adaptation feature could help extend the life of your equipment, letting you bring your favorite devices into the future. It would give you considerable freedom and centralised control over your travel itinerary.  

This, in a nutshell, is what the Niagara Framework platform does: it works as a “architecture” for connecting systems and devices for building operation and automation. Now let’s take a deeper dive into how devices and systems communicate to better understand Niagara’s role.

Protocols: The “Language” of Machines 

Dozens of systems and hundreds of pieces of hardware make up modern buildings, and each of these components must communicate with one another. To accomplish this, building devices must share a common “language” or what engineers call a protocol. The result is “interoperability” of devices, which is the main goal of platforms like Niagara. This is what Tridium means by “development and deployment of connected products” within their description.   

The two dominant standard protocols for building devices are BACnet and LonWorks. These protocols are why your smart meter can transmit energy data to your BMS, even though two different companies made them. The two companies have agreed to design their products using these standard protocols so that you could integrate them easily. Another benefit of standard protocols is that you get to pick and choose which devices you want to use, as opposed to being locked into using propriety hardware from a single vendor (think Apple products). 

two robots talking

Standard vs Open Protocols 

There are two basic approaches to achieving interoperability of devices: standard and open protocols. Open protocols are when hardware designers use a propriety language for their devices, but “open” their protocol for public use. Access to the protocol gives other developers the “dictionary” for building gateways and interfaces, which “interpret” from one machine language to another. Essentially, the company is saying: Take our protocol and design something that will let other devices work with it. Developers use these open protocols to ensure interoperability between their products and others.         

Standard protocols work by building consensus among many different developers to adhere to a standard machine language. So, a standard protocol isn’t proprietary but shared among the members. The upside to a standard protocol is that it requires no interpreter or gateway. Devices speak directly to one another right out of the box. 

The Niagara Framework adopts a standard protocol stance towards development of building automation devices. That is, it attempts to wrangle the long list of standard device protocols under one umbrella platform—a type of protocol for protocols. But more than devices make up buildings. What’s this “device-to-enterprise application” all about? 

Buildings: A Polyglot of Digital Voices 

In addition to device languages, there are also standards and protocols for almost everything that helps your building and business function. For example, there are computing standard languages for the internet (IP or internet protocols). Then there’s programming languages for software, operating systems (Windows vs Mac) and computer networks. When you add it all up, buildings are a cacophony of digital voices singing ones and zeros to each other (#ITjokes).  

To ensure these voices sing in unison, enterprise standards like CORBA, XML and DCOM were created. These standards attempt to translate between different operating systems, programming languages and computing hardware. They ensure interoperability of platforms. Without them, companies would be inundated with service calls and services would grind to a halt.  

The Niagara Framework, again, connects devices to any enterprise applications within your buildings. Say you wanted to pass energy usage data through to your accounting software. Because it’s a flexible platform that facilitates interoperability, you can use Niagara to easily build these types of connections. This is what Tridium means by “device-to-enterprise application.”      

buildings and solar panels

The Internet Connection 

One big advantage the Niagara platform brings to building automation systems and devices is wireless connections. It achieves this by using the internet to connect all your devices and controllers. Thus, it sits firmly within the market of platforms that utilise the Internet of Things (IoT) to give building owners and managers granular access to every component of their systems.  

In hardwired connections, your BMS would communicate to, say, your HVAC controller through a wired connection. Hardwired connections limit your access. But Niagara wireless internet connection gives you access through web browsers from anywhere. Connection via internet opens up possibilities. For example, it makes connecting new devices much easier. Management is easier too. Check the status of your fire safety systems while at home or on vacation.      

Now, give Tritium’s definition another read: “Niagara Framework is a comprehensive software platform for the development and deployment of connected products and device-to-enterprise applications.” Hopefully, you understand it a bit better now.  

Summary  

Many systems make up today’s buildings. Fire alarms systems, HVAC systems, access systems and security systems to name a few. Today, most modern buildings have automated the management and operation of these systems. The Internet of things has streamlined management of systems, with sensors, devices, and equipment sending streams of data back for collelction and display to stakeholders.  

The Niagara Framework is essentially a system of systems, a software architecture designed to integrate multi-vendor building automation systems (BAS) under one umbrella platform. It improves flexibility in managing, connecting, and visualising of your properties and data.