Why is it virtually impossible to upgrade Operational Technology (OT)?

Process ManagementPerformance
1.6k viewscircle icon1 Upvotecircle icon4 Comments
Sort by:
CISO4 years ago

The problem is that these machines are supported by outside people for the most part, who we have to bring in. That's where it gets dicey because you need to give them access in a remote session. It’s not a good feeling when you know you have to give onsite people control over your system. So we created a second wireless network for when we have to bring the machine out of our locked network for servicing, etc. We only put the machines on that network so the technicians can have access. We always had a session going on and they can't really click anything, but we click on their behalf so there's no direct connection to the machine.

Lightbulb on1
vCISO and COO in Software4 years ago

Look at companies like Schneider Electric—the Pacific Gas and Electric Company (PG&E) is a huge customer of theirs but they don't want to use the updated firmware or the updated versions of it because everything's validated on a specific version. And we have the same problem in lab environments: Once we do the validation process, which is a total pain, you don't want to go through all that again. We do our best to avoid it and we end up on these laboratory information management systems that are five revs out of date. And we keep using them—that's the reality in biotech. Until we get the people to do it.

Lightbulb on2 circle icon2 Replies
no title4 years ago

How do you force them to upgrade? Because they're creating a huge attack surface. Is the company even supporting those machines anymore? And how are they supporting them on an unsupported OS? When those machines come up for renewal on their contract, that's a strong negotiation point right there.

no title4 years ago

Exactly. The complication is that we own the machine because we bought the robot and the machine that came with it, but we can’t update those machines without affecting the way the robot functions. So you're kind of stuck until the vendor says, "Okay, now we'll allow this update, but it requires this on the computer and it requires this on the robot," and they have to match because that's the way they validate it. It's brutal.

Content you might like

B2B SaaS companies — What is your current ratio of CSM to total paying customers?

< 1:1014%

1:10-2541%

1:25-5027%

1:51-10011%

1:101-2003%

1:201-10003%

>1:1000

View Results

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

Which process mapping software does your organization use to map out current processes and future workflows?

Read More Comments

We have a servicing organization within IT segmented by applications and has 3 different director teams supporting overall pieces which is creating confusion, misalignment and becoming harder to support one business area.  Components considered within this org are: PEGA products (NCompass, G&A), Genesys Cloud,  Google, Member Portal and Member Mobile.   How should i look at proposing a new target state Org considering all these aspects/products? Any ideas?

Does your contract lifecycle management tool deliver on their AI/ML promises?

Yes66%

No33%