Our guest is a management consultant, interim manager, university lecturer and author. And he is a proven expert on the topic of IT/OT convergence. I am therefore delighted that you have found the time to talk to us today.
Good morning!
IT/OT convergence describes the integration of machines into a company's IT structure. This makes it possible to determine in real time which machine processes are currently running, whether there are any faults and much more. The advantages are obvious: managers can react immediately to changes and make decisions based on up-to-date information. But how exactly should we imagine the convergence of IT and OT?
To answer this question, we first need to agree on a binding definition of the terms "IT" and "OT".
Information technology, or IT, refers to traditional data processing - for example in administration, companies and other organizations - using software on corresponding hardware. A distinction is often made between IT and TC, i.e. telecommunications technology. But I think that's superfluous. For me, telecommunications is part of IT.
"OT", or "operational technology", on the other hand, stands for the control and/or monitoring of machines and mechanical processes of all kinds - whether in industrial plants, buildings or elsewhere. Here, data is processed that machines supply to programmable logic controllers, sensors, data loggers, etc.
"The key point is to overcome data silos."
One difference is therefore the origin of the data: IT processes data that results from the processes of an organization, whereas OT processes data that originates from machines. So what does IT/OT convergence consist of?
Well, in my view, it's wrong to talk about convergence here. That would presuppose that IT and OT can be sharply differentiated from one another. But if you take a closer look, it is clear that OT - just like TC - is an elementary component of IT from the outset.
I would like to illustrate this with a project from the 1990s. Between 1994 and 1996, we connected many programmable logic controllers, also known as PLCs...
...i.e. the specialized computers used to control machines...
...of escalators and elevators to the Internet at a manufacturer of escalators and elevators worldwide. These sent process data to a central monitoring and process control center for the NSM, the network and system management, in Germany.
This control center evaluated the data and, if necessary, triggered a ticket, a service order, in a help desk system. This meant that the control center was informed of a possible failure of an escalator or elevator much earlier than the building technician on site. The ticket was then automatically sent to the building technician on site via the help desk - for preventive maintenance of the escalator or elevator.
This means: for me, the often-cited convergence of OT and IT does not exist.
In other words, the terms are misleading because it is not different technologies that are converging, but different data.
Exactly. The key point is to overcome data silos: it's about integrating different data into a holistic view.
However, it may make sense to stick to conventional language. The connection of the PLCs for escalators and elevators that you just mentioned is an early example of what is now known as the Industrial Internet of Things. What other projects do you think IT/OT convergence is indispensable for?
All of them! I firmly believe that the convergence of IT and OT for companies that are integrated - in whatever form - into local or global supply chains is indispensable in any project. Almost all manufacturing and trading companies are heavily dependent on these supply chains. Countless incidents in the recent past, which in the worst case have also led to insolvencies, have shown this.
Think of the China supply crisis due to the Covid-19 virus between 2021 and 2023 or the blockade of the Suez Canal by the container giant "Ever Given". Or my favorite example: the VW glove compartment lid crisis in February 2017, when the glove compartment lid manufacturer's plant in the Czech Republic burned down. But VW only received this information a few days later. As a result, VW could only react and only actively intervene after a delay. As a result, many VW Passat models had to be retrofitted with missing glove compartments. By then, 20,000 parking spaces had to be found in the shortest possible time, which VW finally found in East Frisia. Imagine how much capital was tied up - just because of a burnt glove compartment flap!
Companies need real-time data to be able to react quickly in such situations. And this requires vertical IT integration of the systems within a company, but also horizontal integration of the systems of all players along the supply chain. This is not just an issue for industry. It's no different for craft businesses or medium-sized production companies that are integrated into such supply and production networks.
You've been involved in convergence projects since the 1990s.
The answer is as hard as it is short: because Germany lags considerably behind the global standard. IT integrations have been state of the art for over 25 years. In the 1990s, I started integrating machines into NSM in various areas:
- In building technology, these included - in addition to the escalators and elevators already mentioned - air conditioning systems, extinguishing systems and people access control systems.
- In the food industry, the focus was on the integration of weighing systems for incoming goods, along the production chain and for outgoing goods of residual materials, semi-finished products and end products.
- In the energy sector, the IT integration of tank systems for climate-neutral fuels was required.
- In the healthcare sector, I worked on the production system for chemotherapeutics and various other medical devices.
- But also in automotive engineering: on the integration of Formula 1 cars to make them faster than the competition.
Although such integrations have been state of the art for over 25 years, Europe and Germany, as Hannover Messe 2023 showed ...
... whose main theme was the integration of information, telecommunications and operational technology, ...
... are still not beyond the state of the art of the 1990s. The paradigm is still the following: We collect or measure data, then transform it into a standardized, structured form and finally upload it to a central database, the data warehouse.
Such pre-structured data is relatively easy to evaluate - but only in the intended way. This severely limits the range of questions that could be answered using the data, as well as the speed and timeliness of the findings.
"AI is not intelligent."
This means that in order to make well-founded decisions, preferably in real time, you need data from all sources, which can be evaluated differently depending on the situation.
Exactly. To be able to react immediately to supply chain disruptions, for example, but also for innovation. In my opinion, the lack of flexibility of solutions such as data warehouses, data lakes and data visualization is the Achilles heel of AI - the second main topic of Hannover Messe 2023. AI statistically evaluates data in such systems from the past, for example to simulate scenarios and evaluate the probability of their results occurring using stochastic methods if necessary. This is certainly useful.
But AI systems cannot adapt to the current situation on these databases. They always move along the trajectories defined by the historical data. They do not deviate from the path, they are not innovative. Real-time must become the basis of AI through the use of enterprise data fabric systems or smart data fabric systems, for example.
What would have happened if Karl Benz had stuck with the idea that horse-drawn carriages were the measure of all things based on AI predictions? How likely would he have recognized the opportunity that lay in motorization? Would he really have acted entrepreneurially and replaced the horse with a petroleum engine?
AI is not intelligent. AI is nothing more than statistics spiced up with stochastics. Innovation requires the ability to interpret, intuition and emotion. AI can't do all that for us.
"If you hand over the implementation of digital transformation to IT, you're passing the buck."
So you're saying that real-time data is the more secure basis for intelligent reactions to ongoing developments.
Yes, that's right. To come back to your question: There are two main issues that concern me. We have just discussed the first, namely the question of how real-time data can be evaluated and - together with simulations and forecasts - used as a basis for real-time decisions This requires genuine vertical and horizontal IT integration that goes beyond the current limits of data warehouse, data lake or data visualization approaches.
And the second topic?
The other major topic is the implementation of digitalization and digital transformation. Digitalization, the procurement of internal data and possibly the procurement of external benchmark data, the use of artificial intelligence, the transformation to Industry 4.0 - as paradoxical as it sounds, none of this is the job of IT.
Those who hand over the implementation of their company's digital transformation to IT are passing the buck. In my view, teams from different areas of the company are the solution. This is another focus of my work: I support entrepreneurs and managers in building such teams.
Information technology is developing at breakneck speed. You have repeatedly suggested that IT is not really any further ahead.
In view of all the gossip in the newspapers and at trade fairs, you might think: ChatGPT. But the technology is not really new and has been in use in various forms for over ten years. But seriously, the noise drowns out what I consider to be the really big issues.
And what are they?
The biggest issue is that we are still accepting data silos, i.e. that we are not integrating and using data that we receive from a wide variety of sources and in different forms consistently enough. Basically, we are still working in information and telecommunications technology in the same way as we did in the 1960s: We collect data, format and structure it, store it in a central database, summarize it for import into something like a data warehouse and evaluate it as required. Accordingly, only around half of the entrepreneurs and managers I work with have ever heard of data lakes or data virtualization...
... these are the directories in which raw data of all kinds is brought together ...
...
And only 20 percent - also based on personal experience - have ever come into contact with the corresponding system architecture, the so-called Enterprise Data Fabric or Smart Data Fabric, which enables the creation and use of such raw data directories.
"The prosperity in Europe and especially in Germany has blinded us to the progress of other economic regions."
Compare this with China, Japan or certain parts of the USA. Enterprise Data Fabric and Smart Data Fabric are state-of-the-art there. Entrepreneurs and managers there use data analyses and simulations based on real-time data on a daily basis to make informed and well-considered decisions - in real time.
The RAMI 4.0.
... You mean the Industry 4.0 reference architecture model, which describes a standardized structure of networked production facilities ...
... is a good basis for implementing a real-time Industry 4.0.
However, industry in Germany and Europe is still a long way from implementing RAMI 4.0 stringently and consistently. Instead, many manufacturers are still clinging to their proprietary systems in 2023. Industrial protocols such as Profibus or Modbus have still not been overcome. At least some third-party manufacturers presented the first tentative attempts to overcome this situation at Hannover Messe 2023.
Every company has financial controlling. But does it also have process controlling of the same quality?
In China, I was able to visit a machining company where 340 milling benches are operated by 680 robots. The entire production plant is operated by a maximum of 40 employees per shift. Video systems monitor the milled surfaces and decide on the basis of the specified desired surfaces whether a milling head could be damaged in the near future or is already defective and needs to be replaced. If it needs to be replaced, the robots take over.
In this operation, the man-machine principle has been turned 180 degrees. Here, people serve the machine process. In Germany, on the other hand, and in Europe, the machines still serve the people.
The technology and efficiency are certainly impressive. But the fact that people are supposed to serve machines doesn't sound very attractive to me.
That may be. But the question remains: Who has the higher profitability in the medium term? Prosperity in Europe, and especially in Germany, has blinded us to the progress made by other economic regions.
I would like to address another critical point: IT/OT convergence means that previously isolated OT units are communicating with each other. They are networked. And that makes them vulnerable to cyber attacks. Critical infrastructure - energy supply, long-distance and local transportation, hospitals and communication providers - is already at risk. Isn't cyber security too big a problem?
First of all: a few years ago, there was still the proprietary "Post" data network, to which public administration and critical infrastructures in particular were connected. This network was abandoned in favor of the supposedly cheaper IP-based Internet. Whether this is really cheaper remains to be seen.
Now we have discussions about cyber security, among other things. In my view, it is initially a purely philosophical question: what risk of being attacked from outside and inside can I take as an organization? Every organization has to decide that for itself.
The second question is: What approach do I want to take to cyber security? In principle, there are two options: Either you work with whitelists. These regulate the exchange of data according to the motto: "Everything is prohibited unless it is explicitly permitted." Or you can opt for blacklists: "Everything is allowed unless it is explicitly prohibited." Personally, I'm a fan of whitelists.
How do you put this into practice?
A customer from the pharmaceutical industry was faced with the problem that its most valuable data was stored in the production data management systems. Actually, he should have networked these systems with administration and research and development in order to be able to evaluate the data for commercial or research purposes, for example. However, for security reasons, the customer decided to completely separate production from the Internet. The production was given its own, completely self-sufficient, self-contained network - sometimes with curious consequences: For example, one department still had two Windows 95 workstations because the manufacturer of a particular measuring device was unable or unwilling to update its software, but the device was almost impossible to replace.
But how were the other departments supposed to access the data without compromising security? The solution was a so-called one-way data bridge: data exchange between production and the other departments only went in one direction, namely from production to administration or R&D. This example illustrates what I consider to be the two most important principles of cyber security: guidelines are useless if they are not implemented consistently and without exceptions.
Finally, I would like to venture an outlook. In which direction should we continue to think in terms of IT/OT convergence?
My wife was the manager of a German trading company in China for 16 years and on the board of the foreign trade chambers in Guangzhou and Beijing. And I spent many years traveling in Anglo-American and South American markets. On our business trips, we have always had to realize that the integration of IT and OT as well as data analysis in real time is much more developed in these countries than in Germany and Europe.
A clear example is the simultaneous facial recognition of hundreds of people in real time in China.
Which is quite sensitive in terms of human rights.
Yes, certainly. But my point is that this country is at least 15 years ahead of us in the use of image recognition, video recognition, AI in the sense of statistics and stochastics and data interpretation in real time. The same applies to digitally monitored production and distribution processes.
I firmly believe that we need to consistently drive forward the use of data in real time and develop the willingness to allow machines to make certain decisions independently.
Thank you very much for talking to us!
You're very welcome!
Our interviewee has been working on the integration of IT and OT systems for around 30 years. In his current book project, he uses 20 practical examples to show how companies, authorities and other organizations can use data in real time. You can find more information about him in his profile.
