Industrial producers continue to launch initiatives that focus
on just in time manufacturing, and enable greater process
efficiencies and upstream visibility. The success of these initiatives
depends on implementing data solutions that cross the IT and
OT divide. This session will discuss how to overcome technical
and enterprise challenges between these two teams, helping
companies gain insights they need to remain competitive.
Audience Questions:
How many of you have or are working towards having connectivity between your controls and enterprise networks?
How many of you have policies specifically around control systems?
How many of your organizations promotes communication between the leaders of the Controls and Enterprise networks?
The goal of The Connected Enterprise is to have all systems accessible to gather information to make intelligent manufacturing decisions. Connecting our manufacturing systems is not as simple as plugging in a switch to the Internet and all of our systems into that switch like we might do at home. In manufacturing Availability is king when it comes to prioritizing the importance of Confidentiality, Integrity, and Availability designated as the three pillars of information security. (CLICK) With such high importance on Availability we rely heavily on consistency in our processes. We do not like to take chances by making changes to processes we know are tried and true, and create the possibility of issues which effect our system Availability. The idea of being able to get more up to date information on how efficient a line or process it makes executives salivate at the thought of their ROI rising, but engineers cringe at the thought of making major changes to systems that are established and working.
When properly implemented The Connected Enterprise can give us next to real-time analysis of or processes. What you see is an example of a manufacturing line which is taking measurements of a product its creating. There have been parameters set showing variation from an ideal size. In this case if there is a variation up to 2 and two to -2 that is the good range, 2 to 7 and -2 to -7 as acceptable, and above 7 or below -7 as unacceptable. Each data point shown represents a specific measurement taken at that time. In the actual graph you would be able to click on a particular square and see what the parameter is, the time stamp when it was made, and an image of the product that is being measured. In this example, we see a group of product that is falling outside what is deemed as acceptable. Through the analysis of data in the Connected Enterprise we can go back and possibly correlate this change to potentially a speed, temperature, pressure, additive, or other parameter change to the making process. By having this next to real-time look into the making process we can finely tune our systems to increase production efficiency.
With our ideal setup in the Connected Enterprise we gather our data from our various sensors, depending on what we are looking to analyze. We aggregate that data and match it with an image that aligns with the timestamp of when the sensor collects the data, and finally we store that data in the database with all of the records. From here we can set up queries within the database to give us our analytical data that we are looking to better understand.
The Purdue model was created to segment an enterprise into multiple layers. It has been highly adopted within the Industrial Control Systems industry as what an ideal connected enterprise looks like. There are many different variations of this model, but the idea of creating layers is the main consistency. As the Purdue model relates to the Connected Enterprise the Demilitarized Zone, DMZ, or sometimes referred to as layer 3.5 is really designed as a place where there is commonality between what is happening within the corporate side of the organization and the controls system side. Because of the sensitivity of the systems and data within controls systems we want to limit the direct interactions between users on the corporate network. For this reason any information that needs to be accessed by the corporate network should be sent to a system in the DMZ that does not have access to make changes in the controls system zones. The DMZ is a location that is used as a stop gap to ensure unintentional changes are not made in the Controls area.
As we begin to usher in the Connected Enterprise in hopes of quickly reaping the benefits we need to take a step back and understand how we can actually implement it in a safe and secure manner. Like mentioned earlier as Control Systems tend to have longer lifecycles, around 15 to 20 or more years, new technology quickly becomes more than it can handle. Imaging being give a cell phone from the early 2000s and asked to rebook you flight home. You might be able to do it, but you are going to have to become creative if you aren’t just calling customer service. This is a similar concept as what we are asking older control systems to do, by retro fitting them into the Connected Enterprise. The concept of networking all of the control systems together and operating it in the same way as an enterprise network sounds like a simple task to a regular IT guy, but in practice some regular IT tasks could cause downtime or serious damage to the processes. A ping sweep is common practice in the corporate environment to help get a better understanding of what systems are on the network, but if the same ping sweep is done in a controls system network some PLCs or control systems will stop functioning because they do not know how to properly handle the request.
Also, as we start collecting data we need to determine what information we want to collect and how frequently we are looking to collect it. The more data points we start to collect the more traffic is going to be traveling around the network. Some processing can be very time dependent. If we do not have the proper infrastructure in place this new traffic could add additional latency to the network causing these time sensitive processes to function improperly. This of it as if you town would all of a sudden reroute all traffic through your neighborhood. How would that effect your travel efforts?
As we talked about earlier in an ideal situation we want to limit the traffic that flows between the corporate network and the controls network. This process can take months to accomplish because we want to make sure a good sampling of traffic is captured before restrictive firewall rules are put into place. If rules are implemented without being properly vetted, data that is critical but does not occur frequently may start to be stopped by the firewall.
So how to we go about addressing this solution? First off, we need to make sure that we communicate to management the importance of adequate networking hardware. Without the proper hardware in place the controls network will cripple itself with all of the additional traffic sent around with our new Connected Enterprise. Next we need to understand what data we are really interested in. This is going to be different from organization to organization and even from system to system. By focusing efforts on specific information we are being more precise about the additional traffic that is added rather than just grabbing everything and sorting it out later. Finally we need to make sure we communicate that at most budget points this type of conversion or upgrade is going to take time to make sure everything works properly. If the connecting the sides of the organization is done improperly it could cause larger issues in the future.
Policies and procedures are another obstacle that tend add additional complication into the control systems network. As we begin to connect the control systems network with the corporate network executives realize we need to have appropriate policies and procedures in place to effectively manage the systems. There the issue comes into places is many times the policies that are put into place are the ones that are already in place for the corporate network; however, many of these policies to not fit properly as written. Many corporate policies have requirements such as performing regular vulnerability scanning. While these are good practices to do they will cause havoc to a controls system. Like we talked about before many older control systems do not know how to handle unknown requests and will simply freeze up or even shutdown or restart without warning.
Patch management is another example of policies that do tend not to work as written in a control systems environment. Most IT policies stat that all patches should be applied to systems within X number of days. If this practice is followed with all control systems many systems would begin to fail. This is due to specific software having dependencies to specific versions.
A better way to achieve similar results is to have a testing environment where patches can be applied and run for a period of time to see if there are any negative repercussions to installing a certain patch or patches. Once a patch is verified to be safe, it is then important to patch systems to reduce the attack footholds an attacker would have to your organization.
Ownership of the connected portion of control systems is also another area that can be highly contested within an organization. Within some organizations the IT or OT portions of the organization will disagree on who should be in control of the connected enterprise. In some cases both want control and in others neither want to take ownership. Ideally there should be healthy cooperation between both parties in order to most effectively mange the Connected Enterprise. Many times people within the IT world do not fully understand the sensitivity of systems in a controls network and try to manage them just like a regular IT system. This creates a sense of distrust from the engineering group, and a reluctance to allow the IT individuals to make any changes which might effect the network infrastructure within the controls network. In this same sense many engineering individuals do not want to create governing policies so it is left on the plates of the individuals in charge of the IT department. This generally causes the controls network to fall under the same policies that were set fourth for the enterprise. So what can we do? (CLICK)
The best thing to do is to have an open mind and have both groups work together. Creating a group comprised of individuals from both sides of the organization that meet on a regular basis to discuss and solve issues can help bridge the gap between the two sides of the organization. Realistically there needs to be a strong cohesion between the two teams to have a truly successful Connected Enterprise.