Internet of Things 5 min read

Integrating IoT with SCADA: Architectural balance of IT/OT convergence

How to combine the flexibility of cloud-based IoT analytics with the strict availability requirements of SCADA systems without risking the shutdown of critical industrial processes.

Modern industrial efficiency requires the convergence of information technology (IT) and operational technology (OT). However, integrating flexible IoT solutions into conservative SCADA environments creates a challenge: how to combine modern data flows with legacy systems without compromising cybersecurity or operational continuity. Building such a bridge requires a clear understanding of the fundamental differences between the two environments and the implementation of rigorous engineering standards.

Conflict of priorities: why classic IT approaches are risky for OT environments

In classic IT systems, data confidentiality is traditionally the top priority. In operational technology, priorities are structured differently. NIST SP 800-82 guidelines clearly emphasize that in OT environments, system availability is more critical than confidentiality. Any unplanned shutdown of an industrial controller due to a network failure or forced security patch can disrupt the technological process.

Legacy industrial equipment has limited computing resources. As NIST experts note, legacy constraints often make it impossible to install standard software updates. Therefore, the security of such systems must be ensured at the architectural level, rather than relying solely on simple patching, which is standard in IT.

Edge-to-cloud architecture: data processing distribution

To achieve the reliability of IoT solutions, in accordance with AWS Well-Architected IoT Lens recommendations, the architectural balance must be established at the design stage of device, edge, and cloud interaction. The main rule is a clear separation of responsibilities to ensure process continuity.

AWS IoT Lens advises keeping critical operations and real-time process management at the local level (Edge). The cloud should be used as a platform for long-term storage of aggregated data and historical analysis. This approach guarantees the functionality of the local control loop even in the event of a complete loss of connection to cloud services.

Comparison criterionEdge computingCloud computing
Latency criticalityMilliseconds (real-time process control)Seconds or minutes (historical analysis and trends)
Security priority (per NIST SP 800-82)Maximum availability and control integrityConfidentiality and analytics scalability
Data volume and filteringPrimary filtering, deduplication, and normalizationLong-term storage, model training
Autonomy during connection lossFull functionality of the local automation loopTemporary loss of business metric visualization without stopping OT

Standardization of interfaces: the role of OPC UA in overcoming incompatibility

One of the obstacles when merging networks is the heterogeneity of protocols in legacy equipment. Translating unstructured data from old industrial sensors directly into IT systems complicates their interpretation.

To solve this problem, the OPC Foundation positions OPC UA (Unified Architecture) as a platform-independent architecture that ensures secure and reliable interoperability in industrial systems. A practical scenario is the normalization of data from old industrial sensors using the OPC UA protocol directly before they are transmitted to SCADA or MES systems. This creates a universal bridge that allows cloud platforms to work with structured data without the need to support dozens of proprietary formats.

Security without stopping processes: network segmentation according to ISA/IEC 62443

Integration should not reduce the security level of the control loop. According to NIST SP 800-82, network segmentation between IT and OT environments is a fundamental measure of industrial cybersecurity. IoT integration does not automatically improve security; it requires the implementation of strict architectural controls.

The primary standard for ensuring such controls is the ISA/IEC 62443 series, which is currently used in over 20 industries that utilize operational technologies. Segmentation guarantees complete isolation of OT control networks from general corporate IT traffic. Telemetry data transmission must occur exclusively through strictly controlled channels, preventing direct access from external networks to industrial controllers.

Practical steps for building a reliable telemetry layer for SCADA

For the successful implementation of an IoT and SCADA integration project, it is recommended to follow this architectural algorithm:

  • Asset audit: inventory of devices and identification of specific constraints of legacy equipment.
  • Data normalization: implementation of edge nodes for collection, primary processing, and translation of data via OPC UA.
  • Strict segmentation: logical and physical isolation of OT networks according to ISA/IEC 62443 requirements.
  • Lifecycle management: implementation of specialized provisioning processes and continuous monitoring of large fleets of IoT devices.

For the implementation of such technically complex integration scenarios, the expertise of Softengi (a member of the Intecracy Group alliance) can be engaged. Softengi specializes in custom development of IoT and embedded solutions, as well as the integration of industrial data based on edge and cloud architectures. The company, certified to the ISO/IEC 42001:2023 standard, helps enterprises design reliable telemetry layers that allow them to reap the benefits of flexible cloud analysis without violating industrial cybersecurity requirements or operational continuity.

FAQ

How to integrate IoT sensors into an existing SCADA system without the risk of stopping the production line?

The process is achieved through a two-tier Edge-to-Cloud architecture. Critical control remains at the local level, while primary aggregation and data filtering are performed on edge nodes before transmission to the IT environment to avoid overloading the controller network.

Which ISA/IEC 62443 standard requirements are critical when merging IT and OT networks?

One of the most critical controls is strict network segmentation. Its goal is to completely isolate operational technology (OT) control networks from the unpredictable traffic of general corporate IT networks.

How does OPC UA solve the problem of incompatibility with proprietary protocols of legacy equipment?

OPC UA acts as a platform-independent architecture. It normalizes disparate data from legacy industrial equipment into a standardized format before transmitting it to modern SCADA, MES systems, or cloud storage.

Data sources

Sources & materials

Materials and sources used in this article.

  1. Amazon Web Services: AWS Well-Architected IoT Lens — docs.aws.amazon.com
  2. NIST SP 800-82 Guide to OT Security — csrc.nist.gov
  3. OPC Foundation: OPC Unified Architecture — opcfoundation.org
  4. ISA/IEC 62443 Series of Standards — isa.org