IT/OT convergence in UK manufacturing: what it means and how to manage it

What IT/OT convergence actually means

IT – information technology – covers the systems most people think of when they hear the word "computers": business applications, ERP platforms, email, file servers, databases and the networks that connect them. OT – operational technology – is something different. OT is the hardware and software that monitors and controls physical processes on the factory floor: PLCs (Programmable Logic Controllers) that sequence machine operations, SCADA (Supervisory Control and Data Acquisition) systems that oversee plant-wide production, HMIs (Human-Machine Interfaces) that give operators real-time control, plus CNC machines, robotics, conveyor systems and the industrial sensors that feed them all data.

Historically, these two worlds were separate by design. OT systems were isolated from business networks – physically, organisationally and culturally. The OT network was the engineer's domain; the IT network was finance and admin. They ran on different protocols, were maintained by different people and answered to different business priorities. OT prized uptime and determinism above everything else; IT prioritised connectivity and capability.

IT/OT convergence describes the breaking down of that isolation. It's not primarily a technology trend – it's a business pressure. ERP systems need real-time production data to calculate accurate job costs and delivery commitments. Predictive maintenance programmes require continuous sensor feeds from production equipment. Customers increasingly demand production traceability: which batch, which shift, which quality check. Supply chain integration requires live inventory and throughput data to trigger replenishment and adjust scheduling. Each of those requirements pulls OT systems into the same connected world as IT – whether or not the underlying OT architecture was designed for it.

What convergence enables: the commercial case

The business case for connecting IT and OT is real and, in competitive markets, increasingly compelling. Real-time OEE (Overall Equipment Effectiveness) dashboards become possible without operators manually entering data at shift end – the production systems report directly into analytics platforms, giving managers accurate availability, performance and quality metrics continuously rather than retrospectively.

Predictive maintenance is one of the clearest value drivers. Sensors monitoring vibration, temperature, current draw and cycle times can detect degradation patterns before they produce a failure. A bearing that's about to fail shows it in the data weeks before the machine stops. Connecting that sensor data to a maintenance management system means planned intervention rather than emergency repair and unplanned downtime – which in high-utilisation facilities can cost multiples of the maintenance work itself.

Automated reordering becomes practical when production consumption data feeds directly into procurement systems. Rather than a buyer reviewing stock reports weekly and raising purchase orders manually, the ERP sees materials consumed in real time and triggers replenishment against agreed parameters. Quality control data flowing directly from production into customer delivery documentation reduces administrative overhead and provides an auditable record that customers in regulated industries increasingly require.

Energy monitoring and optimisation is a growing driver, particularly given energy costs in UK manufacturing. When production equipment reports its consumption in real time, energy managers can identify inefficient processes, optimise shift scheduling around tariff periods and build the data foundation for ESG reporting. None of that is possible without connecting the OT layer to business systems.

The business case is real – but it requires the infrastructure and governance to realise it safely. That's where most manufacturers find the gap.

The security implications of a connected factory

OT systems were designed for reliability and determinism, not security. A PLC installed in 2008 to control a production line was built to run continuously for years without interruption – not to defend itself against network intrusion. Many run firmware that hasn't been updated in a decade, not because the manufacturer is negligent, but because the vendor who certified the system on that firmware version either no longer exists or requires full re-testing before any update can be applied to a production environment.

The protocols that OT systems use – Modbus, PROFINET, OPC-DA and others – were designed for deterministic communication between known devices in a controlled environment. They have no authentication. A device that can reach the network can read or write to a PLC without presenting any credentials. That was fine when OT networks were air-gapped. It's a fundamental problem when those networks are connected to corporate IT infrastructure that's reachable from the internet.

Remote access into OT environments – for vendor support, for engineers working off-site – is often implemented as an afterthought. A VPN connection added when a vendor needed to diagnose a fault remotely, left running permanently, with credentials that haven't changed since installation. These aren't edge cases; they're the norm in facilities that have connected OT systems reactively rather than architecturally.

The consequence is that a ransomware actor who reaches the OT network doesn't just encrypt files – they can stop production. They can corrupt PLC programmes that represent years of engineering configuration. They can disable safety interlocks. The attacks on critical infrastructure in manufacturing globally – including well-documented incidents in the automotive and food processing sectors – follow a consistent pattern: initial compromise via the IT network, lateral movement to OT-adjacent systems, then either disruption or extortion. The attack surface that IT/OT convergence creates is real, and attackers have learned to exploit it.

Who owns IT/OT: the governance challenge

The security problem has an organisational dimension that's just as significant as the technical one. IT teams own cybersecurity policy – firewalls, patch management, access controls – but typically don't understand OT systems well enough to apply that policy to a SCADA environment without risking production. Operations and engineering teams own OT and understand it deeply, but don't think in terms of network security: their job is to keep production running, not to manage attack surfaces.

OT vendors sit in a third category. The company that supplied and maintains the CNC machines or the SCADA platform has its own remote access requirements, its own maintenance windows, its own certification constraints. IT can't simply impose standard security controls on vendor-managed systems without potentially voiding warranties or breaking certified configurations.

The result is a boundary that nobody fully owns. IT has authority over the network but defers to engineering when it comes to OT systems. Engineering owns production but doesn't see security as its remit. Vendors do what's necessary to support their kit. Each party has a reasonable position, and the gap between them is where the exposure sits.

The practical answer is a joint IT/OT steering group with clear, documented accountability for the boundary between the two environments. OT-specific security policies that operations teams have genuinely reviewed and signed off – not policies written by IT and handed to engineering as a fait accompli. Vendor access controls that IT manages technically but that operations understands and has agreed to. The governance doesn't need to be complex, but it does need to exist, and it needs to have named owners rather than assumed responsibilities.

The infrastructure that makes convergence safe

The Purdue Model – developed for industrial control system architecture – provides the conceptual framework most OT security practitioners still use, even where it's been adapted for modern network realities. The core idea is separate network zones: enterprise IT at the top, manufacturing operations (MES, historians, engineering workstations) in the middle, and OT control systems (PLCs, SCADA, HMIs) at the bottom, with controlled connections between each layer.

Data moving upward from OT to IT – production metrics, sensor readings, quality data – can be handled through unidirectional gateways or data diodes. These allow information to flow in one direction only, so OT systems can report into business systems without creating a two-way attack path back into the control layer. That's the architectural principle behind safe convergence: you can get the data you need without creating a route by which a compromised IT system can reach OT.

Any human or vendor access into OT zones should go through jump servers – dedicated, hardened systems at the IT/OT boundary that log all sessions, enforce authentication and provide an audit trail. Nobody accesses a PLC directly from a laptop; they authenticate to the jump server, which connects them through a controlled session that can be terminated, recorded and reviewed.

Passive monitoring of OT traffic is the right approach for visibility into the control layer. You can observe network traffic, build a baseline of normal behaviour and alert on anomalies without actively scanning or probing production systems – which carries the risk of disrupting deterministic processes. Industrial firewalls at the IT/OT boundary that understand OT protocols can inspect traffic and enforce policy without the performance constraints of general-purpose firewalls not designed for industrial environments.

Where UK manufacturers are on this journey

Honestly: most SME manufacturers have some degree of IT/OT connectivity but little of the governance or security architecture that should accompany it. Systems have been connected opportunistically – to solve a specific operational problem, to enable a vendor support arrangement, to feed data into an analytics tool – without a deliberate architectural framework governing how that connectivity is structured and secured.

That's not a criticism. It reflects how IT/OT convergence has happened in practice across most facilities. The commercial pressure to connect preceded the security discipline needed to do it safely. The result is a landscape where data flows exist that nobody has fully mapped, where vendor access arrangements haven't been reviewed in years and where the IT and OT teams are often having the ownership conversation for the first time.

The starting point isn't a full convergence programme. It's an inventory: what OT systems exist, what networks they're connected to, what data flows in and out, and where the exposure sits. That inventory is often more difficult than it sounds – systems accumulate, connections get made without documentation, and the people who made early decisions may no longer be in the business.

From that foundation, the sequence is: prioritise the highest-risk connections (anything that provides a path from a public-facing system into OT), implement basic segmentation, establish vendor access control, and build toward a sustainable architecture in planned phases rather than trying to retrofit everything at once. Most manufacturers find that addressing two or three specific exposure points materially reduces their risk profile, even before a full architecture programme is complete.