The global skills and competency framework for the digital world

#43 What about automation / engineering skill sets? change request pending

Skills focused Operational Technology? With industry 4.0 and IT/OT convergence bringing IT and OT skill sets closer than ever, it would be great to see how these skills sets might work closer together with in the SFIA framework.

Comment from Mark Boulton on SFIA User Forum LinkedIn group

Current status of this request: pending

What we decided

Will be kept in the backlog of change requests and considered during continuous consultation.

Matthew Burrows
Sep 07, 2021 10:59 AM

• This paper https://otcsalliance.org/wp-content/uploads/2021/01/OTCSA-DTX_Whitepaper-3-August2020.pdf references NIST NICE to define roles in a converged OT/IT environment
• The SFIA Foundation website includes a mapping of SFIA skills to these roles, showing which skills are most relevant https://sfia-online.org/en/tools-and-resources/sfia-views/sfia-view-information-cyber-security/mapping-nice-work-roles-to-sfia-skills

Matthew Burrows
Sep 07, 2021 11:01 AM

When Gartner introduced the term “Operational Technology”, it was used to refer to the types of systems – i.e. Industrial Control Systems. These systems are technology-based, and my experience of this is that the activity performed on these systems is the same activity as performed on many other technology or IT systems. You’ll notice in SFIA that we often refer to systems, and long ago extended beyond only thinking about information systems. A few examples:
• https://sfia-online.org/en/sfia-7/skills/systems-integration-and-build Doesn’t mention ‘IT systems’, just ‘systems’, so applies equally as well to OT as IT
• https://sfia-online.org/en/sfia-8/skills/information-security Does mention ‘information systems’ and is called generically ‘information security’, but all of the activities apply to OT systems as you have to do all of these things on OT as well as IT
• https://sfia-online.org/en/sfia-8/skills/real-time-embedded-systems-development very relevant to OT systems
• https://sfia-online.org/en/sfia-8/skills/security-operations directly relevant and inclusive of OT
• https://sfia-online.org/en/sfia-8/skills/threat-intelligence looks at security threats to the organisation, not just to IT systems
• https://sfia-online.org/en/sfia-8/skills/vulnerability-assessment again, talking about networks, systems and applications in the widest sense, so includes OT and IT
• https://sfia-online.org/en/sfia-8/skills/vulnerability-research

Of course, we can always do more in SFIA, and this is dependent on people raising change requests and contributing to new versions of SFIA - as you have done Mark.

A good area for further development and support. I would argue that SFIA skills cover the activities performed on OT systems, and therefore is a good framework to use to assess the skills of individuals working in this space – however, I’m not an OT expert. It would be good to get further input from OT specialists so they can identify any skills which are not covered by SFIA, or any areas in which we could further improve SFIA to support OT.