The convergence of information technology and operational technology in Corrections: a driver for innovation
Convergence of technology has been a constant feature in the industry for decades. With recent progress in technology, the pace of convergence has accelerated significantly giving birth to new concepts such as ‘Smart Cities’ and ‘Smart Nations’ as well as new product types such as the Internet of Things (IoT). The correctional industry is not spared from technology convergence either. Like in other industries, technology in corrections can be split into two main categories: Information Technology (IT) and Operational Technology (OT).
IT systems are implemented to enable corrections organisations to gather and manage information on offenders in a more productive, effective and efficient manner resulting in improved business processes and better offender case management. IT systems are usually desktop systems in the office where staff access information about the offender, their needs and about the treatment rendered. Emails and other collaboration tools were also implemented to improve workflow and productivity.
Concurrently, different technologies are also implemented to support ground operation in prison. These technologies address real-time needs to ensure smooth operations, security and safety within the prison facilities. Those OT systems such as electronic locks, surveillance cameras and radio communications are facilitating ground operations and often managed by local security staff or dedicated experts.
Several prisons around the world have already embarked on a convergence journey as they are already using computers to control doors, gates and other security elements which provide better situational awareness and operational control. Typically, these systems are called Integrated Security Management Systems (ISMS). Most of the OT systems, however, are still designed and delivered as siloed packages with no or limited integration to other OT or IT systems.
Analysts (Pettey, 2017) says that the benefits derived from managing IT and OT convergence include optimised business processes, enhanced information for better decisions, reduced costs, lower risks and shortened project timelines. Besides those potential improvements IT and OT convergence and integration could bring, the current technological evolution simply forces IT and OT managers to start the conversation on how to keep both systems secure and up to date.
This article explores how the IT and OT worlds are rapidly converging and the potential benefits that could be reaped from bringing them together in corrections. In a context where OT is traditionally used to limit and control physical movements and monitor the behaviour of people, we will look into how recent technological evolutions combined with an improved IT/OT alignment and integration could be leveraged as enablers for correctional innovation.
When Gartner (2011) uses the term operational technology, it is mainly referring to an independent world of physical-equipment-oriented technology that has been developed, implemented and supported separately from the IT organisation. It consists of hardware and the supporting software systems that manage, monitor and control those physical devices and the operational processes they support. OT is mainly found in industries that manage critical infrastructures, such as water, oil and gas, energy, and utilities, but also in automated manufacturing, pharmaceutical processing, defence, public safety, traffic & transportation and more broadly OT forms the foundation of many building management and control systems.
Traditionally, OT systems and IT systems are from different traditions. As expected, OT systems are developed using their own appliances, standards and protocols. This OT world has its own engineers and operators who are using a particular language with terms such as PCD, PLC, DCS, SCADA, SIS, ICS. In most organisations, the responsibility to manage and maintain those systems is carried out by separate divisions and often there is a limited understanding outside of what they are doing and how it all works.
This situation is not uncommon in correctional agencies: the majority of OT used in prisons has been implemented to support one of the most important goals: providing security control and a safe environment for both prisoners and staff. The important roles that communication systems, CCTV, Access Control or Perimeter Detection systems are playing in modern prison management cannot be underestimated in the way they enable the continuous surveillance, management and control of movements and activities and the internal communications in a prison executed by a reduced number of operating staff. However, the management of those technologies as well as the knowledge about them is, in many jurisdictions, owned only by some specialists or is even completely outsourced. The skillsets needed is vastly different from that of IT, and as such, most IT organisations are ill-equipped to manage them.
The nature of the OT systems, however, is changing rapidly: underlying technology — such as platforms, software, security and communications — are becoming more like IT systems, speaking the same communication language (IP-based) and becoming more interoperable.
Increasingly, devices and complete systems which used to work in silos should now be able to communicate with other systems over an internet-based network. New and smarter devices are also being developed every day: a door lock becomes a smart system whose functionality can be remotely configured or customised, a camera that incorporates sound and temperature sensors provides video analytics system data for recognising people and behaviour. HVAC systems that measure temperature, performance and energy consumption while allowing users to regulate the comfort remotely from their own smartphone. With the convergence of technology, all electronic devices suddenly become a kind of sensor which can create information and can be managed from within the same technological ecosystem.
In many sectors, the process of this evolution has created new opportunities, elaborated new business models and even disrupted whole markets. With labour costs increasing and a growing shortage of skilled resources, businesses are continuously looking for improvements in areas where OT and IT silos are breaking up. In addition, industries and governments in many nations worldwide are facing increased economic and regulatory pressures to establish a more holistic approach to managing safety, traceability, cybersecurity, access control, and privacy protection. A good example of this is the new GDPR which has come into force in 2018. With this new regulation, correctional services will have to consider carefully how the privacy of visitors is protected in their IT system. Personal data refers to anything that can uniquely identify an individual, not just written information. This includes CCTV and employee monitoring, which will typically be considered high-risk activities under this EU General Data Protection Regulation (Irwin 2017). The overall management of personal data within an organisation will need both data processors and data controllers to work closely together across the boundaries of IT or OT.
Ambitions of Information Technology
As the nature of OT is changing, so are the needs, challenges and ambitions of IT. Today’s IT consumers are no longer the desktop workers who use a few customised systems to manage the information needed for their work. Consumerisation and smartisation of IT have raised their expectations which includes flexibility, mobility, purposefulness and fit-for-purpose. It has also exponentially expanded the number of devices, such as tablets, smartphones, smart TV’s and wearables, that the IT organisation needs to manage and support. Today’s IT solutions also need to reach and serve a much larger audience compared to only a group of administrative office workers of yesteryears and whose output is no longer limited to the presentation of some fancy reports and dashboards for decision makers: prison security staff or probation officers are using mobile devices to help them with their work in the field whilst kiosk-systems and in-cell technology allow offenders to access an increasing amount of digital services.
In recent years, a host of powerful and accessible technologies in the IT world such as social, mobile, artificial intelligence, cloud, containerisation, API-platforms and IoT-ecosystems are pushing society and organisations to change. Where traditional IT projects and solutions were imposing discipline on business processes and were managed and executed by some group of experts, the digital revolution is challenging IT organisations to enable engagement and facilitate flexibility within the entire organisation and beyond. The IT organisation that has traditionally been put in the back room to support organisational efficiency needs to step up and change, as organisations are confronted with something new and completely different: the digital sphere.
Digital transformation or digitalisation of an organisation goes much further than satisfying some user demands or needs. It is no longer enough to implement silo projects that standardise business processes and are often associated with cost-cutting, improving efficiency and operational excellence (Ross, 2017). The way this new context could affect an organisation can be understood by analysing the new ecosystem in which innovation and change currently take place. As the role of IT is changing from an information technology supplier towards a partner within this organisational context, the traditional technological parts and pieces they are using will also need to partner and communicate with the larger technological ecosystem used within the organisation. In many ways, the IT organisation can help the entire business to transform using their technical know-how as well as their comparatively deep understanding of processes in each line of business. Therefore, IT providers need to embrace OT and adapt their services portfolio to avoid the business going to look for and acquire quick and often not adapted solutions elsewhere.
However, IT organisations are often unfamiliar with the newest OT developments or the way OT technology is delivered and managed and how the convergence of OT and IT is changing the technology landscape.
As technology races ahead, many of our skills and organisations are lagging behind. The IT organisation needs to understand new concepts, new possibilities and learn how to speak the OT language and vice versa. For instance, in the Security Triad of Confidentiality, Integrity and Availability, the OT may place priority on availability only. When merged into a broader IT/OT integrated framework, an underestimated importance of confidentiality and integrity could have immediate consequences on business operation, safety and privacy. Both the IT and OT organisation, therefore, need to learn and understand each other’s specific concerns which are sometimes drastically different. Incorporating the integral knowledge of technological capacities into one IT/OT organisation will make them the preferred business partner for helping organisations embrace new technologies.
Embracing Digital Technology: A New Strategic Imperative
In the past decade, there was a trend of outsourcing system implementation and some businesses even go to the extent of outsourcing their entire IT organisation, including planning and governance capabilities. They became totally reliant on others to plan and run their technological system. Today, it is the other way around, where organisations are strengthening their IT organisation. Some have even started to build in-house development capabilities. In the digital age, the need for agility to meet increasing challenges in a VUCA world had demanded that organisations change their mindsets towards technology, technology professionals and the approach in which technology is capitalised. A few years ago, Peter Sondergaard stated as a keynote speaker on the Gartner Symposium (Gartner, 2013) that every company is becoming a technology company. The fact that technology supports and even runs more and more business processes and enables them to carry out their work confirms this statement. As such, businesses can also quickly fail if their technology systems cannot match the demands and challenges.
Fortunately, the advancement in technology also provides means for an enlightened organisation to catch up and even ride the wave as leaders. Concepts such as Enterprise Architecture (EA) enables a business to build capabilities in a well organised and strategic manner as each piece of the puzzle slowly falls into place. The reality is that there are limited resources and very few organisations can implement everything at once. The discipline of EA enables businesses to strategize and implement the system over time and hold onto their end vision and objectives while doing so. This can be supported by using architecture models and tools such as micro-services, SOA and API-based integration platforms, where complex problems are broken down into multiple simple functionalities that solve the problem. Each of these functionalities could also be used by others to solve similar problems or combined with one another to provide complete solutions. This reduces the cost of building and maintaining the system. It also simplifies governance where an upgrade or security patch can instantly be applied across the organisation.
In addition, many organisations have realised the importance and value of data. In both the IT and OT world, data and analysis of data are key developments making headlines. The synergy between IT and OT can be illustrated in use cases of smart surveillance systems that not only analyse what cameras see, but they also correlate information with the case management system, and other IT systems, to identify wanted criminals or detect incidents.
For example, wanted criminals were detected attending a concert of their favourite artist and were promptly arrested (SCMP, 2018). Another example is the case of the mini-van that crashed into pedestrians in front of a Starbucks outlet, in central Shanghai, China, where police used surveillance together with information from other IT systems information to determine that the driver was illegally transporting gas and smoking in the van (GBTIMES, 2018).
The potential to reap operational benefits from the synergy of IT and OT is yet another impetus to break down these silos.
The problem of the silo and fragmented business solutions and their supporting systems can only be overcome when the organisations’ management provides strong sponsorship and enforces a disciplined implementation of the corporate architecture. EA brings together business and technology by creating a common understanding of articulated visions, goals, current state and gaps that need to be covered to achieve the future organisations’ state. EA can, then, articulate short, mid and long-term technology strategies and roadmaps which, when endorsed, garner buy-in from senior leaders. Leadership buy-in is crucial to the success of a digital transformation journey to overcome the existing fragmented and decentralised responsibilities that had created many ad-hoc, sometimes duplicating, systems of a variety of brands, and integrate with other systems and facilities that are extremely difficult and costly.
Breaking down the walls between OT and IT in corrections
The advancement in technologies, frameworks and methodologies available today not only provides us with the means to implement new capabilities but does so in very cost-effective ways. In a correctional environment where OT and IT often are living separate lives, a major gain can be achieved if those silos of separated technologies with their own specific functions, objectives, actors and mainly proprietary soft- and hardware are forced to be broken.
As the core of the correctional work is done outside the offices of administrative workers and their desktops where traditional IT systems find their place, new technology that supports both correctional professionals and the offenders also needs to be outside the realm of the traditional desktop. In the Internet of Things (IoT) paradigm, many of the objects that surround us will be on the network in one form or another. Radio Frequency Identification (RFID) and sensor network technologies are rising to meet this new challenge, in which information and communication systems are invisibly embedded in the environment around us. Turnstiles and door locks, cameras, climate control sensors, our existing detection and communication systems and newly delivered prison equipment are all potential ‘sensors’ in the future corrections technology ecosystem: they could become ‘smart’.
The term ‘smart’ itself is loaded with different meanings depending on the context in which it is used (Knight & Van De Steene, 2017). The ISO-37151 definition helps us with two important characteristics of smart in the context of technological systems: Smart: characterises a system “[…] with enhanced technological performance that is designed, operated, and maintained to contribute to sustainable development and resilience […] of the organisational entity.” Where this enhanced technological performance refers to the intelligent, ‘self-acting’ products and services, artificial intelligence, and thinking machines that are used within those systems, the two notions sustainability and resilience are no less important to understand its true value which transcends the pure technological one. Governments and public agencies at all levels are embracing the notion of smartness to distinguish their new policies, strategies, and programmes for targeting sustainable development, sound economic growth, and better quality of life for their citizens (Center on Governance, 2003). As such it is important to understand technology is an enabler but not a precondition for achieving smart infrastructures or systems.
When smart assets and infrastructure are introduced, it becomes necessary to figure out new ways to divide ownership and responsibility for the development, management, maintenance and usage of that new integrated infrastructure in order to create real business value out of it. A prison could become a smart ecosystem by turning those new technological opportunities into the development of user-focussed services supporting the overall organisational strategy. A smart prison could become a breeding ground for innovation pushed by the continuous need to improve prison management and pulling in new technologies as well as maximising the use of existing technology (Knight & Van De Steene, 2017). The fact that a single device or system has some IoT-enabled capabilities makes it potentially a smart device only within an interconnected technological ecosystem where it supports a well-defined and purposeful business functionality.
To enable integration, maximise capabilities and increase efficiency, the people responsible for the different technologies in our correctional organisation should be able to collaborate much more closely so their services should work together or even merge at some point.
Together they can enlarge their service portfolio by, for example, delivering offender management functionality on mobile security devices or using prisoner and staff localisation information to feed programme management, staff planning or the prison intelligence data warehouse. And even more, this convergence of technologies can enable many new functionalities to support correctional processes.
As the knowledge about technological opportunities, together with the technologies themselves and the way they are delivered, are able to merge, the new integrated architecture can be used as a technological ecosystem to support business transformation and innovation. Although this convergence itself will not lead towards any kind of correctional transformation or prison reform, a more integrated approach can enable and introduce new functions and features. If this improved collaboration between different technological departments is followed by business-wide dissemination of the possibilities and the role technology can play throughout the organisation, it could enable new ways of thinking and working. This could be successfully made use of and even lead towards change if it is understood, supported and carried out by the entire organisation and sponsored by its leaders.
Where convergence between OT and IT can enable many new technology-driven possibilities, they can only become reality and lead to positive change when they become part of the ongoing conversations on correctional transformation and reform.
This article outlines a case for the integration of IT and OT. This move requires a more holistic approach where two disparate team structures, different programming languages and skills must be integrated. What is needed is a common strategy and architecture, increased interoperability, shared processes and a common Internet protocol (IP) and language. The ability to manage corrections facilities, monitor offenders through video surveillance, RFID or the use of biometrics, provide remote health services and to bring this all together in an integrated way demands this approach.
The implications of the integration of IT/OT are significant. Probably the most significant is the cultural change required to bring these two groups together. It involves changing a culture that has been in place for most of the IT and OT staff’s careers. Additionally, this change will require a redesign of the organisational structure with a shared common purpose and strategy. New leadership is required that builds this shared strategy and direction forward. Beyond that, this convergence will require the adoption of new technical solutions, languages and skills. This will require a significant effort to retool new processes, skills and capabilities. As operations become increasingly reliant on technology, coupled with technology rapidly changing the way operations are carried out, senior management in corrections agencies will also need to consider how their organisation empowers their technology office.
Finally, the increased importance of digital technology in our society will also influence and even drive and define many future solutions within the corrections space. Understanding the digital world and building a deep awareness of its capabilities and implications for Corrections is the only way forward. For many correctional agencies, these forces require a fundamental change. Change that will take Corrections to the next level.
 Process Control Domains  Programmable logic controllers  Distributed control systems  Supervisory Control And Data Acquisition System  Safety Instrumented Systems  Industrial Control Systems General Data Protection Regulation  ‘Processor’ means a natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller  ‘Controller’ means the natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data  VUCA stands for Volatile, Uncertain, Complex and Ambiguous  Service Oriented Architecture  Application Programming Interface
Brynjolfsson E. & McAfee A. (2012). Race Against the Machine: How the Digital Revolution is Accelerating Innovation, Driving Productivity, and Irreversibly Transforming Employment and The Economy, The MIT Center for Digital Business, Research Paper
De Marez, L. & De Moor K. (2007). The Challenge of User-And QoE-Centric Research and Product Development in Today’s ICT-Environment, Observatorio (OBS) Journal 3 (2007), 001-022
Gartner, Inc. (2011). Special Report on IT and Operational Technology Alignment, Retrieved from here
Harp, D.; Gregory-Brown, B.; Morris, M. (2015). Bridging the Divide, IT/OT Integration. NexDefense White Paper – Retrieved from here
International Organisation for Standardisation (2015). ISO-37151, “Smart Community Infrastructures – principles and requirements for performance metrics”, ISO, Geneva 2015.
Knight & Van De Steene (2017). The Capacity and Capability of Digital Innovation in Prisons: towards Smart Prisons – Advancing Corrections Journal, Ed. 4 – 2017 – International Corrections and Prisons Association
Knight & Van De Steene (2017). Digital transformation for prisons: Developing a needs-based strategy – Probation Journal, Volume: 64 issue: 3, 1-13
Irwin, L. (2017): How will the GDPR affect CCTV and workplace monitoring. IT Governance European Blog Retrieved from here
Petty, C. (2017). When IT and Operational Technology Converge. Gartner. Retrieved from here
Raskino, Mr. (2013): Every Company is a technology company – more and more evidence…, Gartner Blog Network, Retrieved from here
Ross, J. (2017). Don’t Confuse Digital With Digitization. MIT Sloan Management Review, Column September 29, 2017, Retrieved from here
GBTIMES, 2 Feb 2018: 18 injured in central Shanghai van explosion, Retrieved from here
South China Morning Post, 12 Apr 2018: Facial recognition tech catches fugitive in huge crowd at Jacky Cheung Cantopop concert in China, Retrieved from here
Simon Bonk is the Chief Information Officer at Correctional Service Canada (CSC). In his role, he’s responsible for engaging with partners to identify opportunities where the enablement of technology and information management services can address business challenges. He manages a workforce of approximately 550 employees and contractors.Mr. Bonk’s expertise also lies in IT financial management, which helps to shine a light on how IT investments align with the mandate and priorities of the business.
Steven Van De Steene is an Enterprise Architect and Technology for Corrections Expert. He does research on the use of technology in corrections and works as a consultant in the area of innovation and technology strategy for prisons and probation services. Steven is a Board Member of the International Corrections and Prisons Association (ICPA) where he is the Board liaison member for the ICPA Technology Solutions Group. Prior to his current position, he was the IT Director of the Penitentiary Institutions in Belgium and chair of the Technology Expert Group within EuroPris.