Following on from an earlier post I wrote back in January covering the additional connectivity between traditional OT environments and the wider IT infrastructure, this week I've been reading about an additional step or change to the management and connectivity of OT systems - IIoT in the cloud.

This post by DVMobile talks around some defined phases of industry and the controls placed upon them. An interesting point for me here is the time spans. Phase 1 was in the 1790s, when steam and water power were the main drivers of industry. Phase 2 took place 100 years later when electricity became the main source and assembly lines became common place. From here we move to phase 3 in the '60s, when what we would recognise as OT control systems/SCADA became commonplace. The interesting jump comes next - we really don't see fundamental changes in OT infrastructure at a high level until what is called phase 4 in this post - interconnectivity between OT and IT, cloud control, machine learning and IoT/IIoT.

The pace of change in OT that I've seen reflects this - huge change and potential increase in attack surface in a very short timeframe compared to the slow, considered progress seen previously. IIoT breaks another boundary, spurred by the rapid adoption of cloud services, improved security and lower overheads. Cloud-based IIoT services allow greater connectivity and access for operators, but with the expected additional risks of more boundaries to secure, greater scrutiny required for data storage and processing, and tighter control required around accounts, privilege, and access.

I'm extremely interested to monitor the progress in this area, and hope that these changes bring some agility and greater functionality for OT admins and operators - without sacrificing the control and security that is prized by the industry.