Transforming IT and OT Through Service Management

The increasing use of renewable energy, together with the modernization of power grids, is driving a greater need for enterprisewide data sharing in electric utilities. Concurrently, integrating systems that support distributed energy resources (DER), predict energy demand and enable comprehensive system planning introduces new cybersecurity and data integrity risks. To address these challenges, solution architecture teams must collaborate across disciplines, transforming how information technology (IT) and operational technology (OT) work together to share data across previously separate areas. Utilities must evolve into organizations that manage risks and governance on an enterprisewide level, with reporting structures aligned to support this transformation.

OT network applications are crucial for supporting key business functions needed for managing the electric grid. To maintain security and efficiency, it has been best practice to logically separate sensitive OT systems from corporate IT services, as this separation allows for tailored controls for each environment. However, the growing demand for data across an electric utility’s entire enterprise necessitates closer technical integration between IT and OT systems and drives the convergence as a strategic priority for electric utilities, enabling improved operational efficiency, enhancing decision-making and fostering innovation.

IT and OT transformation involves not only integrating IT systems but also aligning service management processes, governance and cyber risk management. Traditionally, these domains operated in silos, with IT focused on data management and cybersecurity while OT concentrated on controlling and monitoring industrial operations. However, modern needs for comprehensive, enterprisewide insights and optimized performance, as well as the utilization of advanced analytics, require data from both IT and OT systems.

This paper explores the key drivers behind IT and OT transformation, the benefits it offers, and the challenges electric utilities may face during the transformation process. Whether you are a business leader, IT professional or OT engineer, you will gain knowledge and strategies needed to harness the full potential of IT/OT transformation.

Challenges and Benefits

Transforming your company starts with identifying and working through the key differences and similarities between IT and OT, including the following:

• Priority analysis. OT teams prioritize reliability within their areas of understanding, such as power generation plants, system protection, transmission control, distribution control and telecom. Each of these areas focuses on maintaining dependable systems, which is crucial since we all rely on having power available 24/7. Necessarily, OT maintains a primary focus on maintaining the continuity of physical processes, rather than securing interconnected and integrated systems that share data.
• Separate infrastructure and coordinated operations. OT systems have traditionally operated in silos and sometimes rely on outdated technology, network protocols, and even analog devices. IT often refreshes equipment and software at least every three to five years, while OT systems might last decades.
• Alignment of governance and organization. IT and OT typically do not share a governance structure or an organization structure. There are challenges in merging IT and OT processes, tools and teams when organization structure, tools and governance structures are different.
• Service level distinction. Managing a unified IT and OT network presents several challenges due to differing requirements for service management and support, latency, reliability, the 7x24 nature of OT utility infrastructure, and security, as well as the differences in communication protocols, diverse OT technologies and a lack of familiarity with OT control systems. Sometimes those unfamiliar with control networks, if assigned a task on that network, may design or implement changes in a way that causes an operational impact.
• Culture enablement. Cultural differences between IT and OT often lead to friction, with OT teams feeling that IT does not fully understand its critical concerns for reliability, safety and operational risks. Conversely, IT teams may perceive OT as resistant to change, rigid in its approach and unwilling to embrace innovative solutions.

IT/OT transformation provides several advantages:

• Process alignment. An integrated process model across the enterprise for IT and OT drives inherent efficiencies enabled through alignment and coordination.
• Collaboration. Common service management terminology, knowledge documentation and processes enable IT and OT resources to work more effectively together to manage interactions and shared workflows in alignment with business requirements.
• Common services. Standardized common services provide a consistent, reliable and more supportable foundation to operate OT services, and establish effective security controls and reliability.
• Integrated governance. Expanding governance to encompass the entire business, including the coordination of IT and OT technology investments and data governance, enables a more cohesive and efficient operation. As data becomes increasingly vital to a growing number of business processes, this integrated approach provides consistent management and protection of the source, integrity and sensitivity of data, leading to improved decision-making and operational resilience.
• Unified enterprise architecture. Business solutions with a single integrated enterprise architecture that encompasses both IT and OT requirements maintain seamless data integration and coordination. This approach enhances efficiency, reduces complexity and improves the overall effectiveness of business operations by aligning technology investments and data management practices across the entire organization.

The Approach

The foundation of IT/OT transformation is service management. Establishing common terminology or nomenclature and standard processes provides an improved basis for communications across IT and OT. A service-based model utilizing integrated tools, common nomenclature and common processes promotes efficient and effective communication and collaboration across IT, OT and the business. The framework below (Figure 1) includes the key components of an enterprisewide service management strategy that is instrumental for IT/OT transformation.

Service management is vital for OT and IT departments in electric utilities for several reasons:

• Enhanced reliability and efficiency. Utilities that adopt service management for OT systems know that physical and technical assets are maintained and operated efficiently, reducing the likelihood of failures and downtime. When they do occur, activities are orchestrated across the organization to provide efficient and effective resolution.
• Improved incident response. OT departments that adopt a structured approach to service management can respond more quickly and effectively to incidents, thus minimizing the impact of disruptions to critical services.
• Resource optimization. Service management drives resource allocations by criticality and priority. Creating standard processes and procedures enables utilities to avoid redundant efforts and see that those resources are used where they are most needed.
• Regulatory compliance. Electric utilities must comply with various regulatory requirements or face penalties or legal issues. Utilities that deploy service management — and document processes in alignment with industry standards and compliance — avoid legal issues and penalties.
• Customer satisfaction. Reliable and efficient service management leads to fewer outages and better service quality, which directly impacts customer satisfaction. Satisfied customers are more likely to trust and support their utility provider.
• Support for OT transformation. Service management provides a framework for integrating new technologies smoothly into existing operations, including management of the life cycle of digital assets and seeing that digital assets deliver value.
• Knowledge management. Service management practices help capture the knowledge of experienced utility resources, which is essential as many in the workforce approach retirement. Knowledge management maintains continuity and the transfer of critical knowledge to newer employees.

Overall, service management is about creating a structured, efficient and reliable operational environment (Figure 2) that supports the core mission of electric utilities: delivering safe, reliable and continuous power to customers.

Service Catalog

The service catalog provides a common structure for service management across IT and OT. The service catalog provides a centralized repository where customers of IT and/or OT services can browse and request services, providing a clear and organized view of available services and their associated features, availability targets and offerings (Figure 3). The services contained in the service catalog have standard implementation procedures, support procedures and documented features, and they have been reviewed for compliance. The services can be effectively, efficiently and reliably delivered in support of the day-to-day needs of the business.

The service catalog benefits the utility by documenting services and their associated processes, reducing duplication, and promoting standardization and consistency in service delivery. By streamlining service request processes with clearly defined available, documented and supported processes and procedures, an organization can deliver services predictably and reliably. Further, by providing a clear and accessible list of services, the catalog helps users understand what support they can expect, leading to improved expectations, understanding and efficiency.

The service catalog provides a breakdown (Figure 4) of the following:

• Business services. Business services deliver value to the business by facilitating outcomes that support business capabilities. In many cases, business services are supported by application services and associated procedures.
• Application services. Application services refer to the services that provide functionality and support for business services leveraging software applications. These services are designed to meet specific business needs closely aligned with business requirements and objectives, and they are delivered through applications that rely upon technical services and infrastructure.
• Technical services. Technical services provide the foundational infrastructure and platforms required to deliver application services and their associated business services. This includes network, storage, computing, security and database services.

Figure 4: Elements of the service catalog.

Why is the service catalog important for both IT and OT?

The service catalog provides a foundational component of IT/OT governance and compliance, as it provides a clear record of services and their management processes while also enabling insights into services that could be consolidated or used across the enterprise rather than deployed and supported by each individual department or team. An integrated IT/OT service catalog provides building blocks that can be assembled by solution architects into secure enterprise solutions that deliver effective automation to meet business requirements.

Configuration Management Database (CMDB)

Configuration management is a process within service management that involves identifying, tracking and controlling configuration items (CIs) or assets — such as physical components, hardware, software, documentation and network devices — and the interrelationships that are essential for delivering a business service. When documented and maintained, the CMDB provides the information necessary to assist in identifying the root cause of incidents, analyzing chronic problems, managing risk and understanding the impacts of changes planned in the environment.

Why is the CMDB important for both IT and OT?

Technology is embedded in critical infrastructure to enable awareness and proactive management of anomalies. Bringing together data across IT and OT systems enables efficient and effective management of these anomalies. A single integrated CMDB provides input, receives updates from every service management process, and provides a source of information about every CI. The holistic view made possible by the CMDB provides understanding of what data or integrations may be impacted by an IT and/or OT outage. It also helps security architects design the necessary risk mitigation controls when examining cybersecurity risks.

Demand Management

Business customers often express desires or needs based on market trends, user efficiency concepts, or regulatory or business needs; these are called demands. Demands may require research, application development or infrastructure changes and may require approval from organizational governance.

Why is demand management important for both IT and OT?

Working with service owners, demand management is a planning methodology used to forecast and manage the demand for business, application or technical services. It involves understanding business needs and seeing that the service organization can meet those needs efficiently and effectively. These demands allow department heads to forecast workloads and timelines in alignment with corporate priorities.

Service Request Management

Service requests are formal requests to provide information, advice, a standard change, or access to an application or technical service. These requests could be routine, predefined and low-risk activities, or they could be more complex and require approval and scheduling from a business-driven change advisory board (CAB). Service requests include the necessary input as defined in the service catalog. This approach streamlines the configuration and implementation of services.

Why is service request management important for both IT and OT?

Both IT and OT manage the delivery of services to business customers. As technology continues to proliferate, coordination of service delivery across IT and OT becomes more critical. A key benefit of service request processes is the requestor’s ability to monitor the progress of a service request’s completion in alignment with stated completion expectations.

Event Management

Event management focuses on monitoring and managing events throughout their life cycle to maintain the reliability of application services and technical services. Key areas of event management are focused on detecting alerts, changes in state or other anomalies; logging the events; correlating events to see related events; and triggering incident management processes, notifying personnel and automating resolution.

Why is event management important for both IT and OT?

Effective event management helps organizations maintain operational resilience by quickly identifying and responding to events that could disrupt service. This means application services, technical services or business capabilities like power delivery are restored swiftly after incidents like storms, equipment failures or cyberattacks. Some potential service incidents can be identified before they cause an outage or other business impact. Additionally, event management helps with compliance by showing events are logged and promptly handled. Event management adds efficiency and even can enhance safety by providing situational awareness of the health of a system or service.

Incident Management

Incident management defines a process within an enterprise’s service management that focuses on identifying, analyzing and resolving incidents that disrupt or reduce the quality of business services. An incident is any unplanned interruption or reduction in the quality of a business service, application service or technical service. The primary goal of incident management is to restore normal service operation as quickly as possible to minimize the impact on business operations.

Why is incident management important for both IT and OT?

Implementing incident management helps to minimize downtime, improve efficiency, and promote knowledge sharing across IT and OT that can lead to faster problem-solving and skill development. Satisfaction grows across the enterprise as trust deepens through transparency and improved overall responsiveness and system reliability.

As a component of incident management, alert management involves receiving an alert, assessing the alert, prioritizing it, and responding to various operational events and incidents to maintain the reliability and safety of the operational technology.

Problem Management

Problem management identifies, analyzes and resolves the root causes of incidents to prevent their recurrence.

Why is problem management important for both IT and OT?

Effective problem management helps maintain the reliability and stability of the electric grid by promptly identifying and addressing problems to prevent outages and maintain consistent service. Proactively managing problems reduces the need for costly emergency repairs and minimizes downtime. This leads to more efficient operations and better allocation of resources. Effective problem management helps organizations meet these requirements, avoiding penalties and maintaining their reputation.

Change Management

Change management — focused specifically on changes to IT and OT application services, technical services, integrations, systems and/or infrastructure — involves a structured process to see that changes are planned, tested, implemented and reviewed in a controlled manner. When implemented effectively, change management can bring visibility to planned changes and prevent potential conflicting changes through the forward schedule of changes report and change approval process.

Why is change management important for both IT and OT?

Implementing change management processes significantly increases the chances of changes being executed with minimal risk and disruption to critical business operations. It enhances visibility into system modifications that could affect other integrated systems. Additionally, change management supports compliance and helps avoid financial penalties by documenting governance through the approval and implementation of changes.

Importance of Metrics for IT and OT Service Level Management

Historically, metrics are not used to measure service levels within the OT environment. Metrics serve as an input into service level review meetings and provide objective information in relation to subjective input. Metrics provide feedback on the reliability of a service and the efficiency and effectiveness of service management processes (Figure 5).

IT and OT business service owners, business customers, application owners and technical services owners can examine metrics over time and use subjective feedback to direct teams to areas requiring focus to improve service reliability and delivery. The strategies that emerge from the analysis form the service improvement plan (SIP).

The service owner documents the SIPs as part of the service level management process. Service owners will structure the document to enhance the quality and efficiency of a specific service or process. With each service level review there will be SIP updates, creating a culture focused on service delivery and improvement instead of maintaining the status quo.

Frequently, service level review meetings that focus on metrics are unproductive. The metrics on the surface may look great, but subjective input provided by consumers of a service often highlight missed expectations or undocumented requirements. These meetings must highlight the service improvements needed to align with business needs, which may be changing more than ever.

Service Management Roles

Service management requires a variety of roles for effective service delivery, support, security and governance. The roles work together and interact (Figure 6) to see that IT and OT services are delivered effectively, efficiently and in accordance with business needs.

Integrating IT and OT Governance

The integration of IT and OT governance into an enterprisewide governance organization is essential to streamline operations, enhance security and improve overall efficiency. By merging these governance structures, organizations can achieve a unified approach to managing IT and OT assets and data, thereby maintaining consistent policies, standards and procedures across all technology domains.

By integrating IT and OT governance, organizations can foster a more resilient, secure and agile technology environment. Some benefits include:

• Improved business outcomes resulting from the comprehensive view across IT and OT.
• Improved risk management through a holistic view of vulnerabilities.
• Greater visibility into operational processes, helping to identify and address issues more quickly.
• Enhanced compliance with regulatory requirements.

Optimized resource allocations across IT and OT.

Conclusion

The service management model provides a guide for understanding and implementing IT and OT transformation in the electric utility sector. By leveraging these experience-based insights, utilities can effectively address challenges and maximize the benefits of this transformation while managing the organizational impact. This will minimize challenges and accelerate the process to better position utilities to meet rapidly evolving business requirements. The strategies outlined will empower business leaders, IT professionals and OT engineers to drive innovation and achieve operational excellence.