No network is an island – integrating legacy systems with modern industrial networks
06 September 2016
In a nugget of wisdom that has survived for centuries, English poet John Donne famously noted: “No man is an island.” His point was that nobody is self-sufficient and everyone relies on others in a functioning society.
Engineers and plant managers have traditionally operated industrial networks as islands, physically segregated and protected from other areas of their plant or systems for security and resilience reasons. However, as companies begin to take advantage of the industrial internet of things (IIoT) to create harmonious automated systems by connecting the operational technology (OT) domain to the information technology (IT) world, Donne’s prophetic quote has become true of industrial networks.
It is no secret that the IT and OT worlds are converging in industrial environments. The prevalence of connected sensors in the industrial world has ultimately led to increased value associated with additional smart data from real-time monitoring, analysis and optimisation. The benefits of IIoT have forced plant managers to reconsider traditional industrial networks: particularly, the idea that these networks should be segregated.
Although connecting industrial networks together and to the outside world makes perfect sense, it does entail a whole raft of challenges from a systems integration point of view, especially when dealing with legacy systems.
Operational technology and IT: worlds collide
Despite the OT and IT aspects of a plant converging, the two are still very different from each other. When integrating them in an industrial plant, you are effectively working with two different departments, each with its own priorities and performance criteria.
IT will always focus on network security, performance, server space and data-transfer speeds. Conversely, the OT side is primarily manufacturing focused, where systems need to be reliable and resilient; uptime is key and everything else is secondary.
Different languages, interfaces, media, hardware and software create a few challenges when bringing the two worlds together. However, by using an experienced systems integrator that is capable of working within both IT and OT environments — as well as across different system vendors to produce a compatible solution — plant and IT managers can achieve seamless integration, without impacting production, integrity or performance.
This way, the systems integrator can fulfil the needs of both IT and OT without sacrifices — first time, every time — because the ability to apply the correct level of technical excellence, project delivery capability and process knowledge is key.
One problem we often see in industrial plants is undocumented and unlabelled legacy systems and networks. These have grown in a piecemeal fashion over many years, using several technologies and vendor components. As industrialised networks and operational technology systems tend to be extremely robust, re-investment can be sporadic — specifically in some of the utilities sectors we work in. In these environments, it is common to work on new network components alongside elements that are decades old.
Undertaking an industrial network upgrade
One of the first things that must be done when undertaking an industrial network upgrade is to work with customers to understand any concerns, constraints and aspirations relating to their IT/OT infrastructure. Listening is always the most effective and efficient starting point. Once we understand what systems exist, where they are and how they interconnect — or not, as the case often is — the best approach is to perform a physical and logical systems health check.
By approaching a system, site or campus with a clean sheet of paper, we can confirm system connectivity, status and health in order to understand data flows, performance, redundancy, autonomy and security. It is not uncommon for a network to be connected to the remnants of a legacy system that has been completely or partially removed years ago.
These anomalies, if not corrected, can increase network traffic, slow down network performance and create potential security risks; especially if the strategy is to converge IT and OT.
The focus when working on a live system is ensuring that everything remains operational while migrating from the old setup to the new. This is critical when working in process industries, such as water treatment, where continuous production is necessary.
One issue to highlight with legacy systems is that they tend to work on closed, proprietary communication protocols. Migrating from closed to open protocols, such as Ethernet, offers an interesting challenge, specifically when upgrading large and complex systems. Our approach is very much dependent upon the level of acceptable process disruption and required levels of plant visibility, control and data acquisition needed during migration.
Systems integrators can introduce a simple migration tool, such as a protocol converter, to allow seamless communications between old and new, until the migration is complete. Detailed planning at an early stage of the design phase is imperative for this.
Secure that zone
Eugene Kaspersky, the CEO and founder of Russian cyber security firm Kaspersky Lab, recently spoke out about the state of cyber security in industrial networks. Kaspersky argued that plant managers often do not even realise they have been hacked — especially when it came to SCADA systems — and remonstrated the need for clear guidance for companies on how to build cyber security systems.
Converging IT and OT networks to facilitate highly interconnected IIoT applications can leave companies more vulnerable if not implemented efficiently and consciously. Bringing the IT and OT community together at an early stage of design allows for collaborative planning, creating effective solutions and policies, while protecting information from attack.
Industry education is paramount to increase cooperation between plant manager, IT managers and their collective supply chains.
This brings us back to the dichotomy between IT and OT. As the IT world leads in identifying new security breaches and implementing resultant patches and upgrades with lightning efficiency, the OT world requires validation and vendor approvals prior to implementation.
This is primarily due to industry’s cautious nature and differing operational technology priorities — remember, the focus is reliability and up-time.
With the acceleration of IIoT and the ever-growing convergence of these worlds, we find plant managers increasing their reliance on their IT colleagues, systems integrators and vendors to plug this gap.
Room for more
As with security patching, innovation in operational technology does not move anywhere near as fast as it does in the IT space. If plant managers choose to upgrade to a modern industrial solution, they need to believe OT will be remain compatible, scalable and suitable for years to come, not just secure.
Challenges arise when looking at how to design an industrial network fit for purpose that will still be suitable five or ten years down the line. Building a scalable, secure and high-availability network that can grow with the plant will inherently reduce potential latency issues and bottlenecks in the future. It will also provide the flexibility required for both plant managers and IT managers alike.
As more and more companies invest in IT and OT infrastructure in a bid to take advantage of IIoT, fewer networks are remaining as islands and instead, find themselves fully integrated into the wider plant environment and corporate information space.
As the pace of technological change continues to increase against a backdrop of tried and true legacy systems, it is as important for system integrators to be familiar with both older systems as well as those enabling IIoT applications. This ensures standardisation, best practice and vendor neutrality. Consequently, future system developments are likely to require less time and money.
With over ten years’ experience of successfully delivering industrial network projects in both the OT and IT space, Boulting Technology is increasingly finding itself acting in the role of trusted advisor. By understanding networks, available technology, security concerns, process risks and systems integration, Boulting is ideally placed to provide unbiased advice and assist clients in mapping out the daunting journey towards IT and OT convergence.
Security, performance and reliability have always and will always be mission critical to clients, but the epidemic demand for smart sensors, increased smart data and accessible analytics calls for highly interconnected and converged systems. This requires using a different and smarter approach to networks – the industrial internet of things.
Robin Whitehead, strategic projects director of Boulting Technology. Boulting Technology is a leading supplier of systems integration, industrial network solutions, LV motor control centres, switchgear, control panels and telemetry. Please visit www.boultingtechnology.co.uk.https://www.engineersjournal.ie/2016/09/06/operational-technology-industrial-networks/https://www.engineersjournal.ie/wp-content/uploads/2016/09/System-integration-1024x882.jpghttps://www.engineersjournal.ie/wp-content/uploads/2016/09/System-integration-300x300.jpgTechdata,industry,infrastructure,internet of Things