M. DAVIS, Valmet Inc., Owings Mills, Maryland (U.S.)
In the processing industries, operational technology (OT) systems that control and automate physical industrial operations have traditionally been isolated from information technology (IT) systems that manage data and enterprise-level functions. This separation was largely driven by cybersecurity concerns, leading to strict controls on OT networks and limiting their ability to connect with broader IT infrastructure.
However, this division has hindered the ability to achieve critical automation advancements. Integrating OT and IT systems enables continuous data flow, unlocking full operational visibility, accelerating decision-making and allowing for proactive problem-solving. It also lays the foundation for artificial intelligence (AI)-driven process automation, which depends on secure, real-time access to external data to deliver real-time monitoring, predictive maintenance and adaptive control.
This shift is accelerating the development of systems that support secure IT/OT convergence, prompting leading distributed control system (DCS) providers to design solutions with cybersecurity and connectivity as foundational elements.
Modern DCSs (FIG. 1) must now enable open yet secure communication across all levels of the automation architecture—bridging OT and IT environments—while protecting critical assets and data. The objective is to advance toward intelligent automation that enhances operational efficiency, increases asset utilization and delivers tangible cost savings across the production landscape.
Integrating OT and IT. OT systems in the process industries encompass the hardware and software used to control, monitor and automate physical industrial processes.
These systems are critical for ensuring the safe, efficient and continuous operation of equipment such as pumps, compressors, reactors, valves and other machinery commonly found in industries like oil and gas, chemicals, power generation, water treatment and pharmaceuticals.
However, automation systems have traditionally functioned as isolated, highly secured environments—effectively digital fortresses with strict controls preventing any external data exchange. While this architecture has provided strong protection against cyber threats, it also created a major limitation: no digital data could enter or exit the OT network.
Without this connectivity, linking production systems with business technologies such as analytics tools, cloud platforms and enterprise resource planning (ERP) systems was not possible. However, connecting these environments delivers tremendous benefits by enabling continuous data flow, delivering end-to-end operational insight and allowing organizations to identify patterns, address problems proactively and make better, faster decisions.
AI-driven tools also require access to external information for effective implementation within closed, automated systems. These systems must securely exchange data beyond their immediate environment to harness the full potential of AI, particularly generative AI.
With generative AI, even a single well-crafted prompt can potentially expose sensitive intellectual property such as proprietary processes or datasets. Therefore, organizations must strike a careful balance between enabling access to pre-trained models and external insights while enforcing strict data protection measures to safeguard their competitive knowledge and ensure responsible AI deployment.
With AI-driven tools set to transform process automation, the emphasis is shifting to the DCSs that serve as a foundational component of OT, providing the essential control infrastructure that enables safe, stable and efficient operation of continuous industrial processes.
Digitalization initiatives have pushed DCSs towards higher levels of connectivity and automation. Today, DCSs are expected to provide open and secure connectivity at all levels, including between OT and IT systems.
However, this shift introduces a new layer of complexity: securing the convergence point where data from physical operations intersects with enterprise IT systems. This is where modern DCSs play a pivotal role.
Cybersecure by design. To meet these challenges, the author’s company has launched the newest generation of its DCSa from the very first lines of code to deliver cutting edge cybersecurity, user interface, data storage and management, and other advanced features
Introduced in 2024, the company’s DCSa takes a modern and proactive approach to cybersecurity, enabling companies to effectively prevent and respond to evolving cyber threats.
The DCSa was built with IT/OT convergence in mind, offering seamless connectivity from sensors to the cloud via edge technology and industrial-standard interfaces. The integration enables enhanced digital intelligence, paving the way for AI-powered tools at every level. The company’s new DCSa has been engineered with security at its foundation, empowering customers to stay ahead of cyber threats as OT environments become more interconnected and complex.
The author’s company approached the task by adopting the cybersecurity philosophy known as “security by design.” This school of thought emphasizes incorporating security measures from the very beginning of a product’s development cycle, rather than adding them later in response to threats. The DCS’s product development process was validated with the Security Development Lifecycle Assurance (SDLA) certification in 2020, and its cybersecurity is also externally certified according to ISO 27001 and IEC 62443 standards.
The company recently reached a significant milestone in industrial cybersecurity by becoming the first fully web-based system to receive the ISASecure System Security Assurance (SSA) Security Level 1 certificate. The external assessment conducted by exida, a product certification and knowledge company specializing in automation system safety, alarm management, cybersecurity and availability, ensured that the DCSa meets the strict security requirements and levels specified in the ISA/IEC 62443-3-3 standard.
At the core of the proprietary DCSa is the Trusted Information Framework (TIF), which serves as the backbone for communication and data management. Built upon the TIF foundation, the DCSa architecture includes measures such as role-based access control, authentication, encryption, endpoint protection and comprehensive audit trails.
It incorporates endpoint protection measures such as system hardening, antivirus software and application whitelisting to reduce the risk of malware, unauthorized access and system compromise.
Encryption protocols, access controls and VPN tunneling are used to secure data transmissions by encrypting communications and restricting access to authorized users, protecting sensitive information from interception or tampering. These measures support secure remote access, enabling approved personnel to monitor, operate and maintain mill systems from any location while preserving the confidentiality and integrity of all communications.
For IT teams, the company’s DCSa provides centralized user management and active directory (AD) integration, enabling role-based access control and authentication. Additionally, the system offers authorization, audit trails, secure communication, encryption mechanisms, content-signed software and comprehensive logging.
IT security integration helps security teams stay alert to potential threats. If needed, the DCSa can deliver intrusion detection and prevention mechanisms to monitor network traffic and detect potential security breaches in real time. Centralized log management enables comprehensive analysis of security events, facilitating timely response and mitigation measures.
To support enterprise-level visibility, the DCSa integrates with any customers' security information and event management (SIEM) solutions, providing valuable information to security operations center teams. Customers are supported by the company’s extensive cybersecurity services.
The future is now. The integration of OT and IT systems today depends on systems that can provide secure, real-time communication across multiple layers of an organization’s infrastructure. DCSs serve as critical enablers, tasked not only with managing process operations but also with ensuring secure data exchange between the plant floor and enterprise systems.
The growing reliance on AI tools and remote connectivity adds urgency to this shift. Ensuring that such technologies can be deployed safely and effectively requires a foundational approach to cybersecurity—one that is embedded into system architecture rather than added as an afterthought. HP
NOTES
Valmet DNAe
Mike Davis is a Senior Manager, Product Management, Automation Solutions for Valmet Inc. in Owings Mills, Maryland (U.S.). Valmet is a leading worldwide provider of process technologies, automation systems and services with > 220 yrs of experience in the industrial sector.