IT helps in the evolution of controls

Over the past decade there has been a paradigm shift in the structure of how companies organize information technology (IT) and controls sectors, with the former having increasing influence in some areas traditionally run by the latter. As IT and operational technology (OT) data converge, so do the physical departments, and this has some major implications for the controls department.
By Corey Stefanczak January 6, 2016

With recent shifts for some companies, purchasing dollars are rolling away from the controls team toward the responsibility area of the IT department. Courtesy: LeidosToday, more companies than ever are relying on information technology (IT) personnel to perform the most vital part of their controls projects: procurement. This customer shift is reshaping the controls industry. Controls vendors and integrators must respond by approaching their market in different ways. A changing market brings challenges and opportunities, and some suppliers will fail to adapt to new customer needs. Others will take advantage of the shift in buying power to better compete in their fields. 

Driving factors

To understand the way IT is changing the controls market, it is helpful to know what has driven this shift over time. 

Ethernet as a bus

Ethernet has long been the standard IT communication medium. It has served as the dividing line between the controls and IT groups. Anything Ethernet-related was IT, and anything bus-oriented was part of the controls realm. However, this barrier has dissolved over the past decade.

Currently, most customers prefer Ethernet as their controls bus. It is easy to deploy with available staff or contractors. It fits into existing infrastructures, and IT groups manage it using proven tools and practices.

As a result, dedicated controls staff are no longer needed to maintain controls networks. In many cases, IT has assumed this role. They usually work directly with integrators to design networks for controls projects. 

Security is an IT thing

Recent cybersecurity attacks on controls technologies have made companies rethink security approaches used. Few organizations have a dedicated staff to manage security in this realm. Companies rely on the only cyber-security team they have: the IT group.

Unfortunately, there are few outside organizations that can help IT in this area. Cyber security for controls is a new field with little standardization. The current approach to this problem is to adapt procedures from the only place they can—IT standards.

IT now bears the responsibility of solution architecture for controls projects. Besides security, this obligation brings with it the full lifecycle requirements of a solution. IT groups must involve themselves throughout a controls project to meet these needs. 

Staff reductions

All organizations seek to improve the bottom line. Many companies have reduced staff in multiple areas to increase profits, and controls staff has been particularly affected because some of their responsibilities have shifted to IT. This has caused a snowball effect in some organizations where companies assign fewer responsibilities to their reduced controls staff, give the tasks to the IT group, then reduce the number of controls staff.

As technology blurs the lines between the two groups, controls staffs are being forced to work under IT constraints. Many IT groups have moved to a remote operations model, where onsite staff is no longer needed. Controls groups face similar challenges.

Money makes the decisions

These changes to the controls and IT environments have culminated into a driving factor: IT controls the money for some higher level projects. When IT is a primary stakeholder in computer and networking projects for controls, IT departments may receive some budget allocations that previously went to controls engineers. In some organizations, for networking and computer-based hardware, IT has become the primary buyer for operations technology (OT) personnel.

IT as the primary customer

IT-centric customers shift purchasing trends, changing the way vendors design and market products. These customers change how integrators sell their capabilities. And the shift changes what customers view as success. The following are some successful examples from an IT perspective. 


Support is the primary role for IT groups. They have invested in tools and processes to manage support activities. Innovations and standards, such as remote access, have reduced the burden on IT operations. IT groups expect controls products to fit into these existing support approaches. IT needs to be able to solve problems quickly using their support hierarchy. Common problems should have simple solutions that first-level support personnel can perform. Products need to provide useful diagnostics in standard ways. For example, products should support simple network management protocol (SNMP).

Products should also incorporate routine maintenance as a primary activity. IT should be able to track and update firmware with existing tools. Products should be easy to replace if a failure occurs. And support documentation should be available on the device itself (using Web-based standards, for example). Controls products should not place an extra burden on the staff that supports them. 


The adoption of IT security standards within controls products has been a slow process. The most important IT security need is for devices to integrate with common authentication schemes. Products should support Lightweight Directory Access Protocol (LDAP) for user access.

Managing credentials for a large amount of devices is the second biggest IT need. This applies to devices that do not provide LDAP integration and have their own security measures. Vendors should offer a simple way to update device security information en masse. 


Controls products are notorious for long part numbers and many options. This makes the procurement process difficult for IT personnel. IT expects standard ordering schemes and reduced options to simplify the buying process.

Computer and networking products for OT can be difficult to purchase because some do not include everything "in the box." Instead, customers buy each component as a separate item. IT often thinks of their products as appliances rather than bundled sets of items. For example, IT-related products, or those expected to integrate with IT communications, should have integrated 120 V ac power and Ethernet connectivity. 


IT staff often expect that devices are easy to install and configure. Products should assist the user during the installation process by using standard techniques. Networked products should incorporate auto-discovery. IT prefers convention over configuration to accommodate the most common deployment scenarios.

IT views external configuration and deployment tools as a liability to their technology debt. They expect devices to have integrated Web servers and hosted Web applications for ease of management. This allows IT to reduce their application maintenance footprint and manage devices in a standard way. 


With IT redefining success for the controls industry, controls vendors and integrators have to shift their approach to meet changing customer needs. The following text provides some considerations to help meet these needs. 

Involve IT early

If IT isn’t the primary customer for a controls project, they may be a key stakeholder. Integrators should treat IT as a partner (rather than a support group) and plan the project with them as a team.

Make Ethernet the control bus

Ethernet is the standard IT communication medium. IT is able to deploy, support, and manage Ethernet using existing tools. Unless a specific requirement eliminates it as an option, system integrators should use control systems that communicate via Ethernet. 

Support SNMP

SNMP is the IT standard for device management. Vendors should provide SNMP-enabled devices that integrate with existing IT technologies and applications. 

Prefer web applications

Web applications reduce the maintenance burden on IT groups. Vendors should support Web applications on their devices. Integrators should promote Web-based products for their solutions. 

Consider DDC

Commercial digital direct control (DDC) vendors usually present products in a way IT can understand. In general, DDC products are more IT-friendly than programmable logic controllers (PLCs). Integrators should consider if a DDC product can meet their customers’ needs. 

Use IT terminology

People feel more comfortable when addressed in a language they comprehend. Vendors and integrators should omit or explain controls-based terms when working with IT groups. 

Elevate security

Security is a primary concern for IT—it should be for vendors and system integrators, too. Vendors should offer products that integrate with LDAP and provide standard security offerings. Integrators need to understand the security implications of the solutions they recommend.

Provide transactional interfaces

IT acts as the gatekeeper between the controls systems and business systems. Controls data is usually time series focused. Vendors should provide transactional application programming interfaces (APIs) to their time series data. For example, a historian may provide an SQL interface as a transaction API.

Be open

No one likes limitations. IT expects to support and upgrade their systems on their own. Vendors should not restrict these activities through closed licensing models. Integrators need to ensure IT understands the impact of selected products. 

Think cloud

IT groups are investing in cloud applications that reduce their support burden. Although adoption within the controls industry is slow, it is inevitable. Suppliers should consider cloud platforms, and integrators need to understand their implications. 

Be the IoT expert

The Internet of Things (IoT) is the buzzword of today. Since it’s a new buzzword, it seems as if it’s a new innovation. But the controls industry has been doing IoT for many years. When working with IT groups, integrators should be IoT experts and understand the impact of their solutions. 

Corey Stefanczak is senior system architect at Leidos. Courtesy: LeidosWhat’s next?

These market changes present unique opportunities. Agile product vendors and advanced integrators can prosper in the new marketplace. The good news is that the road is already paved with information technology examples, standards, and expectations that are well known. Those suppliers who move from controls-centric selling to IT-based marketing will compete better within the changing landscape.

– Corey Stefanczak is senior system architect at Leidos, #4 System Integrator Giant for 2015 and a prior System Integrator of the Year winner. Edited by Eric R. Eissler, editor-in-chief, Oil & Gas Engineering,

Key concepts

  • Get IT involved in projects early to ensure smooth transitions.
  • Get the controls department on the cloud, this will help everyone involved to share data.
  • With IT redefining success for the controls industry, controls vendors and integrators have to shift their approach to meet changing customer needs.

Consider this

As IT and OT data converge, so do the physical departments, and this has some major implications for the controls department.

ONLINE extra

See related articles about IT/OT convergence and software-related processes below.