Globalisation and other competitive pressures are accelerating the need for industrial operators to improve what and how information is shared across their enterprises. Better information sharing drives better decision making, exposes process inefficiencies, facilitates best-practice collaboration and uncovers new competitive opportunities.
Seamlessly and securely enabling this type of information sharing within and among sites and beyond to external partners, suppliers and customers creates a connected enterprise. Achieving a connected enterprise, however, requires a holistic understanding of complexities, the opportunities of emerging technologies, information, control and networking technologies, and personnel roles and related responsibilities.
“We call it the connected enterprise,” Mark Daniels, field business leader, architecture and software, UK & Ireland at Rockwell Automation says. “Some people would describe it as an evolution, because it has become easier and more attainable over a length of time. Others see it a little bit more revolutionary. I’m in the former camp. I think it’s a continuation of a strategy we’ve seen for a long period of time. It’s just the convergence of IT and operations technology. The cost, as well as some of the technology challenges involved have been reduced. Take those two things added together, a lot more now is possible than it was maybe even five years ago.
David Pickles, managing director at Bilfinger Industrial Automation Services believes that plant managers need to keep up with an increasingly complex environment and having the right control system strategy requires a multi-disciplinary approach. “This requires getting the right team in place,” he explains. “It’s no longer good enough to think just like an engineer or an IT specialist. You need to be able to understand how a control system bridges the two sides.”
There are a number of solutions here, from looking to better integrate the teams, to hiring in external specialists who can provide advice. “At Bilfinger Industrial Automation Services, we have built up our own capabilities by recruiting more IT graduates as well as those with engineering degrees that we have traditionally sought,” Pickles continues. “Having the skills to use and manipulate data is as important as the control system itself.”
Driven from the top
This drive for greater enterprise integration is both driven from above by senior management and from the shop floor by control engineers. “It varies a lot in different places, but if I was to draw the perfect connected enterprise customer scenario, it would be driven down from senior management,” Daniels adds. “We’re seeing, as an organisation, that the best successes are where the end-user organisation has got a clear vision of what they want to achieve. That typically starts at a senior level in production, in engineering, and certainly in IT.”
That involvement of IT in the control landscape is one of the major changes that this integration has thrown up. “IT is far more prevalent where customers are taking up the opportunity to work more with the connected enterprise,” Daniels admits. “The companies that have been successful are those that have figured out how to engage their IT function and their engineering function, and collaborate in a meaningful fashion.
“It used to be the case that the IT people were in the Ethernet world, and the industrial networks were a little bit different. I’ve seen many organisations where the control systems are owned by one set of people, and the enterprise function run by the IT people. The big change now is that everybody’s pretty much on Ethernet.”
This collaboration landscape is where the senior management really have to set the tone, and the direction. “What I’ve seen be successful is what we call a ‘golden meeting’,” Daniels continues. “That is typically between the IT function and the engineering function. It also features people such as ourselves, but also other players, such as Microsoft and Cisco. If you get those kind of capabilities and resources into a meeting, where you can actually look and identify what a particular customer is trying to achieve, then it becomes very clear, very quickly, that the only way you’re going to do that is by functions collaborating together.
“As soon as you do that you’ll start to make progress. I have also seen a job function pop up with a number of customers. I loosely call it ‘the information engineer’ whose responsibility is to provide information and data from the industrial shop-floor area, but make that meaningful and usable in the IT space. To get value out of it, you’ve got to, A, extract it, B, contextualise it, and probably C, present it to people who can then do something with it. I think that the function of the information engineer is quite a key one, and I’ve seen that used in a number of places as a bridge between the IT and operations function.”
Daniels concedes that the connected enterprise will look different for every customer. It will depend on what they’re doing, what technology and infrastructure they have to date, where they see value, and where they see challenges in what they have. “A big part of the challenge now is to turn that kind of general sentiment of, ‘yes, we can get a lot more data. Yes, it’s very much easier for software products to take that data and do something with it.’ But really to sit down with customers and help them to understand where the value can be unlocked. And that’s going to be an evolving journey.”
Future focus
In such a fast moving landscape gazing into the future is always difficult. But Big Data, the Internet of Things and Artificial Intelligence will all shape tomorrow’s control environment. “We are in the era of big data, but the next version of connected systems will use self-learning algorithms to manage systems and processes,” Pickles says. “For businesses looking to get ahead, the control system of the future will become the smart brain of the operation and not just their eyes and ears.”
The one thing that is clearly happening now is that the pace of change is accelerating. “That means it’s very hard, with a crystal ball, to understand where you will get to,” Daniels says. “What I have seen a lot in the last couple of years is that the crossover from commercial technology into the industrial world is at an all-time high. Going back to when I first started in the working environment, you found things in the work-life might drift into home-life. Now, it’s absolutely the other way round, so the whole kind of tablet world, the connected home, all the things that we take for granted at home are rapidly appearing in the work space.
“I think we’re going to see a lot more of mobile-type technology. We’re going to see a lot more use of things like wireless technology over the next five years. I think, as well, and it’s my personal view, that you’re going to start seeing this kind of app approach coming in more than it is today. So, where in the home-life, you’ve got a device, but it’s really the apps that run on the device that give you the value, I think we’re going to see that more and more in the industrial space. So, vendors are going to try to make it easier for their customers to use the technology, and try to package things up. So it’s more that configuring an app gives you something in OEE, for example. I think we’re going to see a lot more of that over the next five years.”
With all this change on the horizon it seems clear that the control engineer in ten years’ time will need very different skills to today’s incumbents.
Fit for purpose
David Pickles, managing director at Bilfinger Industrial Automation Services highlights three key areas to look out for in your control system
Remote access: To get the most from a control system, remote access is a must so the right engineers can access data to find and analyse problems as soon as possible. Control systems need to be available to clients 24 hours a day, 365 days a year. This is where remote access to control systems saves significant time and money as engineers are able to fix or find a solution to keep a plant running without needing to physically be on site.
Monitoring: When it comes to effective monitoring it is not enough to sit back and wait for a system performance monitor to tell you a problem has occurred. A better strategy is to use the control system to predict faults before they happen. For example, if you know a piece of equipment has the risk of failing, on average after 200,000 uses, then a control system should be used to predict when this will occur and the team can then schedule appropriate action long before an intervention is required.
Real time: In the past, few people saw all the possibilities from accessing data in real time. This hunger for connectivity has led to specific problems for older systems and one of the biggest challenges with legacy systems data capture is when the basics, like an Ethernet port, are not present. To ensure the long term success of a new project, obsolescence and maintenance must be considered at the very start of a new project or build. When you are building a system to last twenty years you need to have a plan to upgrade or replace control systems as requirements change.
Keeping it safe with a multi-layered security approach
For all the benefits of connecting the site and production assets, it also introduces greater risk in the form of internal and external threats both malicious and accidental – from hackers, viruses, uneducated employees, and well-meaning contractors, among others. The security approach should be multi-layered – using both physical and electronic defences – to help ensure threats can be stopped at multiple levels within the production zone using multiple safeguards. A single technology or methodology simply won’t suffice against the multitude of threats that exist.
Best practice approach includes a Defence in Depth strategy, which is recommended in the IEC 62443 standard series (formerly ISA 99), the National Institute of Standards and Technology (NIST) Special Publication 800-82 and the US Department of Homeland Security’s external report INL/EXT-06-11478. The multi-faceted strategy includes the following key areas of security that must be addressed in your plant:
• Policies and Procedures: Managing the differences between manufacturing or industrial operations and IT enterprises and their associated risks to achieve production and business goals involves more than technology. It also requires policies, procedures and behaviour, such as a robust password policy that requires passwords to expire and be reset, and a role-based access-control policy.
• Physical Security: Network-based authorisation using guards, gates, RFID readers and other mechanisms to enforce the access of people (employees, suppliers or other visitors) on your physical premises. This includes role-based access to locations, such as facilities, control rooms and cabinets, and technology, such as control panels, devices and cabling. Physical security also includes non-network protective measures, such as locking electrical cabinets and blocking open ports.
• Network Security: Protecting your network infrastructure with firewalls, intrusion detection and intrusion prevention systems (IDS/IPS), and security-enabled managed switches and routers. Leveraging technologies like virtual private networks (VPN), virtual local area networks (VLAN), access control lists (ACL) and others.
• Computer Hardening: Mitigating external and internal threats to plant-floor computers, including industrial computers and human machine interfaces (HMI), using antivirus software, patch management, the disabling of auto updates, application removal, host-intrusion-detection systems and the blocking of unused ports.
• Application Security: Infusing security into industrial control system applications using authentication, authorisation and audit software.
• Device Hardening: Reconfiguring the default settings of embedded devices to make access more restrictive. Using devices that conform to industry standards, and using strong passwords and use encryption where possible.