28 Feb 2023

The difference between IT and OT

We live in a highly technology driven world. Critical infrastructures such as hospitals, energy plants or industrial production functioned largely electromechanically, pneumatically or hydraulically until fifteen years ago and relied less on integrated IT systems.
What moved the technological world was called Operational Technology - and had little to do with Information Technology (then EDP). They were two different specialist areas - with different requirements for the corresponding specialists. 
The difference between the OT and IT systems was the lifespan - and the possibilities to protect the systems. From a technological point of view, there wasn't that much IT behind OT back then, which was electromechanically controlled. Measured against today's requirements, OT lagged behind IT by many years.

OT systems with a longer life cycle 
Compared to file server-driven IT Windows systems, OT systems differ primarily in their life cycle. Today, an IT system has a life cycle of five years, after which people try to replace / renew this system again. And in the OT world, systems are used for fifteen years in the productive environment. 
As a result, all the relevant operating systems tend to be legacy systems. You can still find Windows NT systems, Windows 2000 systems, really old solutions that are no longer supported by the manufacturer. This poses a serious challenge in terms of security. The question is: How can I still operate these systems securely? 
Critical infrastructures, which are controlled by operational technology, are nevertheless clearly regulated in Switzerland. The Federal Office for Civil Protection divides them into 9 sectors (27 subsectors). Such as waste disposal, transport, health, energy - all sectors on which public life depends. "Our" energy sector, for example, includes the subsectors of electricity supply, oil supply, natural gas supply, and district and process heating. 

Federal government regulates Kritis standards
Kritis (short for critical infrastructure) ensure that these everyday things work so we can live - and function - our usual way of life. 
Especially with today's political situation in Ukraine, one realizes again what this means. It is all the more worrying that, in contrast to Germany, unfortunately not so much is regulated yet. Especially in the energy sector, where ALSEC is at home, there are still no mandatory safety standards, which operators of energy environments have to fulfill. But we are working under high pressure to change this decisively and purposefully.

Please read our latest blog entry

Article only available in German.

Schweizer Energie-Unternehmen setzen Sicherheitsstandards