Preamble
The operational technology (OT) that underpins modern industry is at a critical juncture. For decades, a paradigm imported from enterprise Information Technology (IT) has been imposed upon the physical world of production, manufacturing, and critical infrastructure. This approach, driven by vendors and consultants, fundamentally misunderstands the principles of our domain. It has led to architectures that are fragile, business models that are extractive, and systems that are unnecessarily complex and insecure.
This is not a declaration of war on IT, but a recognition that OT and IT are distinct disciplines with different imperatives. We seek collaboration based on mutual respect for these differences. It is a call to return to the proven engineering practices that respect the unique demands of the physical world. It is a constructive argument for a new model—one based on operational reality, resilience, and the empowerment of the practitioner.
The Core Principles of Operational Technology
We hold these principles to be the foundation of sound industrial practice. They are not negotiable, as they are derived from the realities of controlling physical processes.
Availability is Paramount
The primary function of any OT system is to ensure the safe, continuous, and correct operation of a physical process. All other considerations—including data collection and security models—must serve this primary directive. The appropriate security model for OT is Availability, Integrity, and then Confidentiality (AIC), not the IT-centric CIA model.
Operational Reality Dictates Design
Industrial environments are not data centers. Network designs, hardware choices, and software architectures must be resilient to the specific environmental and operational constraints of the plant floor. Theoretical IT best practices do not supersede the practical realities of production.
Complexity is the Enemy of Reliability
Robust OT systems are simple, predictable, and deterministic. The addition of unnecessary features, dependencies, or communication paths introduces fragility and increases the attack surface. We must aggressively simplify our architectures.
Security is Achieved Through Deliberate Separation
The most effective security posture for OT is one of intentional, managed separation from untrusted networks, especially the enterprise IT environment. While data must flow from OT to business systems, bidirectional network integration between control and corporate networks creates unacceptable risk. Secure data exchange does not require network convergence. True security is an architectural property, not a product you can buy.
Every Boundary Must Be Formalized
Data flows between OT and IT domains must be documented, limited, and governed by formal agreements. These conduits are security perimeters requiring the same rigor as external interfaces. Informal 'visibility' requests that bypass this process are attacks on our architecture, whether intentional or not.
The Reality We Must Address
We recognize the legitimate business needs for operational visibility, efficiency improvements, and predictive analytics. These goals can and must be achieved through architectures that respect OT's operational imperatives rather than subordinating them to IT convenience. We understand that IT systems can provide valuable intelligence to operations—machine learning insights, predictive maintenance, advanced analytics—as long as everyone understands these are IT systems subject to IT availability expectations, not OT systems required for production.
A Call for a New Approach
The prevailing vendor-driven model has failed to deliver on its promises of seamless integration and enhanced security. Instead, it has created a cycle of dependency, complexity, and escalating risk. The term "convergence" itself has become tainted, implying a merger that fundamentally misunderstands both domains. We therefore advocate for a fundamental shift in how we design, procure, and manage operational technology.
We Will Champion Architectural Independence
We must move away from proprietary, all-in-one ecosystems that lead to vendor lock-in. We will design systems using open, interoperable standards that allow us to select the best tool for the job, regardless of brand. Our primary allegiance is to the operational requirements of the plant, not to a vendor's product roadmap.
We Will Build for Resilience, Not Dependency
We will design systems that can function indefinitely without external connectivity. The ability of a plant to operate safely and independently is a non-negotiable design requirement. External services may consume copies of operational data when available but must never be required for operations. Cloud services and remote access are tools that IT may leverage for analysis and insight, but operations must remain fully autonomous within its four walls.
We Will Demand Formal Integration Agreements
We reject informal IT/OT "convergence" in favor of selective integration governed by explicit agreements. Every data exchange requires:
- Data Exchange Agreements (DEA) defining what data flows, in what format, at what frequency, and what happens when unavailable
- Service Level Agreements (SLA) establishing responsibilities, availability requirements, and escalation procedures
- RACI matrices clarifying ownership of conduits, monitoring duties, and change control authority
These agreements transform vague requests for "visibility" into concrete, limited, and manageable data flows with clear boundaries and fallback procedures.
We Will Restore Standards to Practitioners
Standards like IEC 62443 are valuable frameworks, but their intent has been obscured by vendor influence and a cottage industry of complex consulting. We will work to make these standards practical and accessible, creating field-ready guidance that empowers practitioners to achieve better security outcomes without unnecessary cost or complexity. The inter-zone conduits defined by these standards are not suggestions—they are critical security perimeters.
We Will Empower the Practitioner
The most valuable asset in any industrial operation is the knowledge of the practitioners who design, implement, and maintain the systems. We will foster a community of practice dedicated to sharing knowledge, upholding high standards of engineering, and protecting less experienced professionals from predatory sales tactics. We will value practical experience and demonstrated competence over vendor certifications.
Our Commitment to the Future of Industry
This is our mandate. We are not Luddites resisting progress; we are the engineers, integrators, and asset owners demanding a more resilient, secure, and sustainable foundation for the future of manufacturing and critical infrastructure.
We invite vendors to join us, not as rulers, but as partners who respect the principles of our domain. We invite our colleagues in IT to collaborate with us as peers, recognizing the distinct and critical nature of our responsibilities. We share common languages and technologies, but our functional goals and operational realities differ fundamentally. Clear communication requires precise definitions and mutual respect for these differences.
We will no longer accept that "industrial" means "overpriced and insecure." We will no longer sacrifice operational stability for the illusion of digital transformation. We will build the future of OT on a foundation of sound engineering, operational reality, and a steadfast commitment to the practitioners who make it all work.
The path forward is not through convergence, but through deliberate, documented, and limited integration that respects the independence and criticality of operational technology.