The myth that IT/OT convergence is an effective strategy for manufacturing management is widespread throughout the automation industry. This misconception gained popularity over the last twenty years as factory floor systems increasingly deployed Ethernet technology. Given that IT systems inherently rely on Ethernet, a fundamentally flawed idea took root: the merging of the two organizations. This paper debunks the myth of IT/OT convergence as an effective manufacturing strategy and explains why IT and OT should be prioritizing cooperation rather than convergence to protect both operational safety and business continuity.
“Two Peoples Divided By A Common Technology”
The George Bernard Shaw phrase describing America and England as “two nations divided by a common language” can be restated to describe how IT and OT are two organizations divided by a common technology. Both organizations use Ethernet but operate it differently:
| Enterprise IT | Manufacturing OT |
|---|---|
| Uses dynamic DHCP addresses | Uses static addresses |
| Conditioned equipment environment | Harsh environment (EMI, vibration & moisture) |
| All connected networks | Mix of connected and isolated networks |
| VLANs organizing managed wwitches | VLANS organizing production areas |
| Centralized switch architecture | Distributed switches in electrical enclosures |
| Standardized / common Equipment | Many different types of equipment |
| Large messages & scheduled transactions | Small continuous packets in real time |
| User (office worker) not responsible for equipment | User (plant resource) responsible for equipment |
| Limited switch hierarchy | Multi-tiered switch hierarchy |
Additionally, the priorities of the organizations are different. Enterprise IT prioritizes confidentiality, integrity and availability. OT prioritizes availability, integrity and confidentiality. Where downtime is often a nuisance in enterprise IT systems, downtime is critical and costly in a factory floor OT system. It is not uncommon for downtime costs to reach a million dollars per hour in critical factory floor systems.
IT And OT Systems Are Different
Enterprise IT systems can be characterized as an unknown number of users every day, using an unknown number of applications connecting to various and unknown URLs on the Internet, executing applications and downloading unknown numbers and types of files. That creates a very challenging environment for Enterprise IT security specialists. It can be further characterized by a distinct separation between the enterprise network and the user applications. The enterprise network can exist without the user applications. User applications can often exist without a network connection.
Cybersecurity threats in this environment include malware, phishing, ransomware and other threats leading to data breaches, financial losses and disruptions of services.
Factory floor OT systems can be characterized by having a fixed number of users, using a fixed and well-known number of applications, and connecting to a fixed and well-known number of devices of known type and manufacture
Figure 1 – Enterprise IT networks tend to be flat. Production Networks are hierarchical as in this example of an eight Level production network in the lumber industry.
The factory network, combined with a control application, forms a production system. Neither the network or the control application can exist without the other. While cybersecurity threats to factory floor systems can also include data theft, sabotage and intentional or unintentional data leaks from insiders possessing legitimate access, the consequences of failure are fundamentally different.
An IT security breach may result in financial loss or data theft. An OT security failure can kill people. When a safety system gets compromised, when a pressure vessel’s controls are manipulated, when emergency shutdown systems are disabled – workers die. Equipment worth millions can be destroyed in seconds.
Every security decision in OT must be evaluated through this lens: will this change increase the risk to human life or catastrophic equipment failure?”
The number one threat to factory floor systems is the enterprise IT network. There are very limited opportunities for an attacker to reach an OT control network from anywhere but the enterprise IT network.
This isn’t hyperbole – a Fortinet study1 found that 75% of OT organizations experienced at least one intrusion in the past year, while Rockwell Automation’s Anatomy of 100+ Cybersecurity Incidents in Industrial Operations2 found that 80% of OT attacks pivot from IT networks.
IT/OT Convergence Makes This Problem Worse
This converged threat is compounded when enterprise IT attempts to impose its policies without understanding OT requirements. Restrictive IT policies applied to OT environments directly cause shadow IT in manufacturing: operators forced to choose between following policy and keeping production running creating workarounds that bypass security controls entirely.
Combining two organizations with different goals, applications and operating philosophies is asking to merge basketball and football teams. Both want to win games, but what’s important to them and how they move a ball around a playing field is completely different.
Personnel from each organization are skilled in the application of Ethernet, but the particular methods they use to meet their organization’s objectives are different: how they solve problems, the training they need and the focus they have and the tools they use are all different.
This is nowhere more apparent than in the choice of cybersecurity tools. IT cybersecurity tools are designed for flat networks and focus on ransomware, malware, phishing, social engineering, insider threats, data breaches, DDoS attacks, supply chain attacks, third-party exposure and vulnerabilities in cloud and IoT devices. OT networks require no such complicated cybersecurity tools. In fact, many enterprise IT cybersecurity tools are all but useless in OT systems with five, six or even seven hierarchical layers of switches.
Figure 2 – ICS Defender
OT threats are principally from the enterprise IT network. OT cybersecurity requires a fundamentally different approach, as the users, applications, devices and messages never vary. This predictability enables deny-by-default systems, such as the Dynics ICS Defender (https://dynics.com/cybersecurity/ics360defender/), which explicitly define allowed communications and block everything else.
The key distinction is that effective OT security tools are designed for deterministic environments with known users, applications and traffic patterns – not the unpredictable chaos of enterprise networks. Yet most vendors still push rebranded IT solutions.
Cooperation Not Convergence Is Needed
Over the past two decades, boosters have cited the widespread adoption of Ethernet and TCP/IP on the plant floor as proof that a full-scale amalgamation of IT and OT is both inevitable and beneficial. The logic is seductively simple: shared protocols imply shared management. Yet protocols alone cannot erase the profound differences in mission, lifecycle and risk posture that separate corporate networks from production lines. Unfortunately, the reality is less a seamless fusion and more akin to forcing a cat and a Roomba to cooperate simply because they both occupy the floor. Treating them as a single domain threatens both cybersecurity and operational resilience.
Instead of that full-scale amalgamation of IT and OT, a forward‑leaning alternative is required: disciplined cooperation. Unfortunately, this is often not the case. The enterprise IT organization often imposes requirements that hinder the OT organization from achieving its goals of availability, integrity and confidentiality, failing to recognize that overly restrictive policies drive the very shadow IT behaviors they seek to prevent.
The mission of OT must be respected. The OT organization must have the authority to choose the architecture, equipment and tools that meet the particular requirements of the production systems they operate and maintain.
However, with this authority comes responsibility. When IT defines specific data requirements from production systems, OT must be prepared to deliver. Meeting these requirements means establishing clear levels of service – defining what the network can reliably provide and committing to those specifications.
This requires OT organizations to have the expertise and tools to implement network architectures that satisfy both production needs and agreed-upon service expectations.
By embracing boundary‑respecting cooperation, shared vernaculars and mutual commitments to defined service levels, organizations can harvest the agility they crave without sacrificing the deterministic performance and safety their factories demand.
1Fortinet. (2023). “Fortinet Global Report Finds 75% of OT Organizations Experienced at Least One Intrusion in the Last Year.” Available at: https://www.fortinet.com/corporate/about-us/newsroom/press-releases/2023/fortinet-global-report-finds-75-percent-ot-organizations-experienced-intrusion-last-year
2Rockwell Automation. “Anatomy of 100+ Cybersecurity Incidents in Industrial Operations: A Research Study With Recommendations For Strengthening Defenses in OT/ICS.” Literature #GMSN-SP025A-EN-P. Available at: https://literature.rockwellautomation.com/idc/groups/literature/documents/sp/gmsn-sp025_-en-p.pdf
About the Authors
John S. Rinaldi
Real Time Automation, Inc.
John Rinaldi is Chief Strategist and Director of WOW! for Real Time Automation (RTA) in Pewaukee WI. With a focus on simplicity, support, expert consulting and tailoring for specific customer applications, RTA is meeting customer needs in applications worldwide. John is not only a recognized expert in industrial networks and an automation strategist but a speaker, blogger, the author of more than 100 articles on industrial networking and six books including Industrial Ethernet, OPC UA: The Basics, Modbus, OPC UA – The Everyman’s Guide and ETHERNET/IP.
River Caudle is Chief Strategy Officer for River Risk Partners in Gadsden, AL. With 20 years in networking, 17 of them directly in industrial automation trenches, River brings hard-won field experience from -40°F Canadian mining operations to 120°F steel mills. He’s the author of the Infrastructure Independence Manifesto and creator of practical frameworks including RIVER (troubleshooting), SHIP (network design) and SECURE (IEC 62443 implementation). An MBA from UAB combined with NIST cybersecurity certifications provides the business acumen to translate between boardroom and plant floor. River’s direct, often humorous approach to demystifying industrial networks has made him a sought-after speaker and consultant for organizations seeking vendor-agnostic expertise.
