The Industrial Internet of Things promises great operational intelligence advantages and improved throughput. However, there’s still a lot of work to do to make IIoT networks and storage safe and secure, IIoT devices compatible, software interoperable, and an IIoT system dependable and cost-effective.
One organization that’s been instrumental in defining automation standards is the Open Group’s Open Process Automation Forum (OPAF), which focuses on developing a standards-based, open and secure, interoperable process control architecture. OPAF consists of end users, suppliers, system integrators, standards organizations and academia.
In the Q&A below, Kevin Fitzgerald, a global solutions architect and Schneider Electric Fellow and representative of OPAF, answers questions on IIoT and the OPAF’s role in IIoT technologies. Fitzgerald has more than 30 years of experience in the process automation and business operations fields, with a focus on the food, pharmaceutical, chemical and energy industries. Fitzgerald joined Schneider Electric as a principal engineer and project manager for the Foxboro Company in 1987. Since then he has held various roles of increasing responsibility and scope, including director of professional services, senior program director and director of business value consulting.
FE: What are the general benefits that related IIoT technologies can bring to a manufacturer?
Kevin Fitzgerald: Industrial manufacturers are always under pressure, both to lower the capital and lifecycle costs of their process control systems and to improve the profitability of their operations. Many of their installed control systems are closed and proprietary. That means integrating them with best-in-class, third-party components is costly, and it makes them expensive to upgrade and maintain. Additionally, today’s systems generally lack the intrinsic cybersecurity needed to protect equipment assets and other capital investments.
But emerging IIoT technology can help change all that. IIoT will make control far more flexible. It will open interoperable and secure-by-design process automation that resolves all the issues I mentioned above.
The Open Process Automation Forum (OPAF) is reinventing what a DCS or PLC looks like in a federated environment, where different vendors’ offerings will work together to the long-term benefit of the end user. That is our goal and vision. IIoT can ensure future automation systems that are heterogeneous in nature, while providing intrinsic security, multi-vendor interoperability, future-proof innovation and an easy pathway for systems migration. It will help end users reap far more value and profitability from the operations they control.
FE: Sensors are a vital part of an IIoT system. Since digital industrial networks became available for sensors and actuators, sensors could also send data about their condition besides the parameters (e.g., flow level, pressure, etc.) they monitor. What other digital information could they transmit that would be of value?
Fitzgerald: OPAF envisions a future open control system that will take information and data from any device and optimize it for better decision making. It will empower the workforce to be more actively involved and responsible for good business outcomes.
For example, secondary measures will be key, such as differential pressure or sensor temperatures. We will be able to collect and communicate data about the overall health status of the instrument or sensor, which will drive new levels of reliability and overall operational integrity and profitability. This new level of control and new control functions will drive incredible value.
FE: Should wired industrial Ethernet-based sensors be given discrete IP addresses on subnets to improve security or should they just use DHCP? What about wireless sensors? Why? Should every sensor on a digital network have a password? What other security improvements can be added that aren’t being done today?
Fitzgerald: Much depends on the scale and relevant policies of a given client. While DHCP might be “easier” (more common place for standard back-office IT integrations) for both wired and wireless integrations, discrete IP addresses associated with given subnets provide additional needed security and robustness of operations. As this technology becomes more common place, sensor/actuator security protocols will be built in to the system. Wireless HART type capabilities offer an interesting example of today’s implementations and garner well for future similar designs. It must be stressed, however, that to start, care must be taken not to overburden an implementation with IT security policies and protocols. It is clear that alignment of IT and Operations (the classic IT/OT “divide”), needs to be reconciled as projects move beyond initial pilots.
FE: Considering the lack of security provided by house/home entry and appliance control systems, should wired industrial Ethernet-based actuators (e.g., for valves, motors or other devices) be given discrete IP addresses on subnets to improve security? Would DHCP ever be used in this instance? Is it a good idea to use wireless Internet protocols/networks for actuators? Should all actuator electronics have passwords—or should that remain at the controller level (PLC/PAC)?
Fitzgerald: This is a tough question that I leave to the experts in the field. In my own view and experience, final control elements should be secured and perhaps tied to the process automation system or secure fieldbus-type networks. We need to delineate measurements and their use in active control for the IoT sphere. I believe in time IIoT based actuator operation will happen, but very secure protocols and restrictions must be in place to ensure that no accidental or cyber threats can be activated. I believe passwords on final control elements is a bit cumbersome and other more secure restriction’s and limitations are possible.
FE: How can/should controllers and control systems be protected in an IIoT environment? What techniques should be used to ensure interoperability when devices, sensors and controllers come from several different manufacturers? What controller data should be passed upwards to the cloud?
Fitzgerald: For OPAF, the future of process automation enabled by IIoT means a system that is intrinsically cybersecure and multi-vendor interoperable.
Until then, traditional cyber measures, like the ISA.IEC 62443 standard, are essential to protect the industrial automation control systems at all levels. This includes not only firewalls and password type access, but strict permissions on read/write capabilities and accessibility to different levels in the system. This will extend to developing zones and conduits that articulate who and what type of interface exists to the various levels of the system, whether from a corporate enterprise network or the cloud. Active network monitoring for intrusion detection as well as updates to antivirus and malware applications are also key elements of any such strategy.
FE: In an IIoT environment, what is the role of the “cloud”? Is it for storage, decision-making,…what else? Should storage space provided by vendors like Amazon, Microsoft and IBM, and the like be used for cloud storage? How safe is this (uptime and security)?
Fitzgerald: The cloud is often the “home” for analytic evaluations and assessments. As such, process automation systems generally remain on premise, with the cloud used for performance improvement and analysis applications. Given this, it is possible that Amazon, Microsoft and others could be used as a data storage area, independent of corporate data warehouse or data stores. It really depends on the corporate IT strategy relative to cloud applications and data center storage. Use of the cloud and related data center type storage is becoming more common for a variety of businesses as indicated in a recent McKinsey Consulting assessment. Again, however, there is a need to separate process and machine control from the level of analytics and data assessment. The time scales are very different between these two domains and active system security at the plant is critical from a safety, maintenance and general operations point of you.
FE: Should data stored in the cloud be backed up on-site? What precautions should be taken to prevent loss of Internet connection? When loss of a connection occurs, then what?
Fitzgerald: This really depends on the type of data you are considering. Overall, there needs to be a data use strategy that allows some local retention to support process trending and continuous improvement initiatives, but the robustness of data centers and the cloud is becoming quite strong. Relating to loss of communications, the approaches we have employed for years with remote ERPs connected to local execution systems, including various store and forward mechanisms, will remain quite relevant. The plant should be capable to run and operate securely if Internet or level 4 business communications is lost. There will be a time limit to this autonomy, but barring a catastrophe, this should be acceptable. Again, IIoT and the Cloud, in particular, function at different time scales than active machine operations and plant process control. This difference in time domains has a direct impact on the merits of where and when to use cloud-based computer operations.
FE: Maintenance and asset management really benefit from IIoT technologies. What other applications (e.g. supply chain, PLM, etc.) benefit from IIoT/cloud environments? How are they cost-effective compared to an on-site control/MES/ERP system? How can an IIoT/cloud-based system foster expansion to new plants/geographic locations?
Fitzgerald: At the end of the day much of the focus for IIoT will remain on asset and operational reliability and how that it impacts profitability, including extensions to quality management. However, open system platforms that are interoperable, portable and inherently secure will create huge benefits for end users. The combination of well-defined interoperability standards and an open platform will enable new control/automation products that can be fully and easily integrated into future open process automation systems, significantly reducing the distinction between independent and integrated software offers. End users and SIs will be able to leverage best-in-class components when they build and maintain high-value process automation systems.
It will open new levels of technology and software innovation and will lower the costs and risks associated with upgrading and replacing software. This means end users and SIs will more easily, readily and cost effectively adopt best-in-class software components, leading to greater value for end users who are updating in-place process automation and deploying new process automation systems.
Operating data can already be tied to IIoT-based supply chain efforts for material movements, but whether this is a fad or a fleeting interest remains to be seen. Note that today such tracking exists within UPS or FedEx capabilities, and it has been in place before the IoT rage. A new OPAF compliant system will be the differentiator that makes this IIoT approach that much more valuable. IIoT capabilities will be used to populate asset information when these serialized assets are put into service, and hence provide better tracking. This can also be tied into PLM to better predict end-of-life and service issues as well as issues with the product that could enhance future designs. There is also the interest of extending today’s capabilities for remote monitoring of equipment/machine assets by the manufacturers to ensure uptime and continued top level performance. Both the users as well as the OEMs can benefit from this approach.
FE: An IIoT/cloud-based system can let users access data on tablets and smart phones? What are the benefits? Most of the time, users will read data—not directly affect control of a system—or would they? How do you assure that the right people are accessing data and/or making changes to controls (directly or indirectly)?
Fitzgerald: Security is paramount for tablet access in the plant environment. As for control system activation, plant level access is perhaps an option, but still security and safety is essential. Issues concerning machine lock out/tag out and associated operating state must be enforced to avoid mistaken start conditions, particularly with people not being near or in-proximity to the process. There must be standard user logins along with active directory configuration with all its IT (constraints) in place. This is the price of technology. Non-resident plant users will/should never have active control access to plants. To insure this there must be local lock-out provisions.
FE: What would you like to add?
Fitzgerald: Manufacturers are generally better positioned than others to take advantage of the IIoT because an effective IIoT strategy, one that drives new levels of value, requires data. And because process industry end users rely heavily on things like sensors, actuators, pumps and other assets, they have more data than they literally know what to do with. The problem is how to make these assets intelligent and interoperable, considering that many of them were installed and have been operating on proprietary systems long before we entered the digital age. Obviously ripping and replacing them won’t work. OPAF’s approach will allow end users to migrate their legacy assets and control systems into an IIoT environment via a standards-based, secure and interoperable process control architecture that can be leveraged by end users from multiple industry segments.
Open, interoperable and secure-by-design process automation systems architecture will help end users reap far more value and profitability from their operations! We believe the systems that result from our work will reduce total cost of ownership; empower the industrial workforce to be more actively involved and responsible for good business outcomes; solve system integration issues; enable continuous innovation; and enable faster, more cost-effective upgrades. In short, we believe it will enable end users from every industrial segment gain better, faster ROI from their systems and assets.
For more information on IIoT, be sure to read FE’s January 2018 Automation Series feature.