Case Study

Bridging the gap between information technology and operational technology


The Challenge

Our client wanted to understand the steps they needed to take to safely integrate new technology within their operations and bridge the ‘air gap’ between operational technology (OT) and information technology (IT).

Traditionally, companies have focused on an ‘air gap’ when it comes to keeping their plant safe from a cyberattack. This ‘air gap’ assumes that their OT and IT are separate. But as technology becomes more sophisticated with laptops, iPads and mobile phones now being used more than ever in plant environments, this is no longer the case, or even desirable.

As an early mover in this space, our client had developed standards and frameworks for their local operations to follow when it came to bridge the ‘air gap’ between their OT and IT. However, with the increase in the uptake of new technology and inconsistent operational technology industry documentation, they struggled to understand the existing networks in the OT environment to confidently set up cyber protection measures for their plant.

Our client needed advice from a team who understood how their control systems worked and what their operational requirements were in a modern hydrocarbons facility.

Advisian Digital solution

Before we began, our team identified and connected the key stakeholders across the plant’s IT and OT. Once this was established, we implemented our three-step process to IT and OT security integration:

  1. Discovery - map and document existing OT networks. Conduct a gap analysis, prioritize areas of concern and outline steps for remediation. Can been completed on a live plant with no upsets.

  2. Remediation - organize the network and documentation using the findings and CAD drawings generated in the discovery phase. This provides ongoing assurance and sets up a framework for management of change.

  3. Maintenance - set up frame services agreements with local IT-based companies. Work with Advisian Digital to provide asset management and disaster recovery plans, as well as day-to-day system hardening and general support.


  • Minimum disruption - the discovery phase can be completed on a live plant. Our team completed mapping and reports for six sites, including two offshore platforms.

  • Error reduction - implementing cyber security in the OT space is relatively simple once the discovery phase is complete.

  • Benchmarked performance - standard network documentation is developed in line with global IT standards.

  • No lost time - management of change can take effect immediately post discovery phase.

  • Clear documentation - documentation considers the differences between IT and OT, such as static assigning of IP addresses.

  • Contract negotiation and future work scope - documentation produced enables operators to explore frame services agreements with IT companies.