Cybersecurity has become one of the primary challenges for IT/OT convergence. But the ongoing effort to integrate information technology with factory automation systems faces a wide range of challenges including connectivity, data collection, cloud integration, applications and updating issues.
IT-OT convergence encompasses the integration of information technology (IT) and operational technology (OT) systems. IT systems are used for data-centric computing; OT systems monitor and control automation processes and devices, and provide vital connections to enterprise and manufacturing systems.
Connecting information technology with manufacturing operations enables efficient use of the data generated in the modern smart factory. IT-OT network connectivity means linking plant or machinery automation with IT as seamlessly and fully as possible.
For this IT-OT technology trends and solutions update, we reached out to industry experts to gain their perspective on the state of convergence in modern factories. Vivek Bhargava, Product Marketing Manager at Cisco and Dr. Al Beydoun, ODVA President and Executive Director, share their thoughts on questions about key technologies, trends, applications and the challenges of the ongoing quest for effective IT-OT convergence.
Industry Experts Q&A
What are technology area(s) that represent potential solutions to IT-OT Convergence, and how are they contributing to both the importance of these initiatives and make an impact for industry?
Vivek Bhargava, Product Marketing Manager, Cisco: Historically, IT and OT teams have worked in separate domains with different priorities. But rapid digital operations transformation requires skills in networking and security that IT has perfected over decades in the enterprise space. OT, being more focused on safety, efficiency, and continuity, generally lacks these skills. For the organization to achieve positive outcomes, it is important the IT and OT teams collaborate and share their skills.
While there are several cultural, communications, budget, and leadership challenges that must be addressed, technology can help bridge the gap between IT and OT by helping them build a common framework, share expertise, and develop trust.
In my opinion, there are three technology areas that stand out that can help IT and OT collaborate better: network equipment, operations security, and machine-to-cloud communications.
Dr. Al Beydoun, ODVA President and Executive Director: 5G is a technology that can help break down traditional barriers between IT and OT through connecting devices and their associated data with higher level systems, including the cloud, for analysis and action. Unlike previous generations of mobile technology, 5G is designed to move beyond simply connecting mobile/cellular phones. 5G now includes Quality of Service (QoS) for message prioritization, the ability to be used for Augmented Reality and Virtual Reality (AR/VR), and even real time control for automation. In fact, the 5G Alliance for Connected Industries and Automation (5G-ACIA) is working to enable 5G for use in more and more industrial automation applications.
Some of the potential quick wins for 5G in industrial applications include connectivity into discrete machines and process skids for 24/7 status and maintenance management purposes, direct sensor connectivity for vibration and temperature measurement, and machine control for remotely located process equipment. The ability to have constant remote access enables the population of operations dashboards with critical machine health information.
This can make it much easier to see when an issue arises and this awareness can allow for quicker and therefore lower cost resolution. 5G connected applications include Automated Guided Vehicles (AGVs) that can carry components and finished goods around industrial operations and other standard automation applications on the plant floor such as tool changers.
However, there are still challenges that remain to be solved regarding the high amount of electrical noise and reflections from metal equipment such as moving robot arms. Some potential solutions to undesired interference are Massive Multiple In Multiple Out (MIMO) that provide a large number of 5G antennas from a single base station and Coordinated Multi-Point (CoMP) that provides MIMO across multiple 5G base stations for greater coverage.
What specific technical benefits do these solutions provide, and how can it make a difference in implementing new levels of enterprise/automation integration?
Bhargava: Network equipment: Building modern OT networks starts with equipment that brings together the best of enterprise-grade and industrial-strength features which can be a catalyst for better IT-OT integration. Such devices provide the scale, flexibility, and performance perfected over decades by IT, but are hardened for harsh environments, equipped with support for industrial protocols, and offer extremely high availability. Cisco networking equipment even have essential services built in that further boost IT-OT collaboration such as visibility and secure remote access. IT can now gain OT’s trust and better help them with building, scaling, managing, and securing their network.
Operations security: With increased connectivity, OT can no longer ignore security threats or software vulnerabilities. Technology advances in visibility, segmentation, threat detection and remediation, that IT has been using, can be applied to OT too. Cisco industrial networking equipment can double as security sensors by running Deep Packet Inspection (DPI) within themselves. The visibility it provides into assets and network traffic helps IT teams define and enforce access policies, segment the network without disruption to operations, and help OT keep operations secure, fostering trust and even better collaboration.
Machine-to-cloud: More operations are utilizing the cloud for applications such as SCADA, Historian, and Manufacturing Execution System (MES), as well as analytical applications that operate on real-time data. The insights these provide facilitate data-driven decisions. IT has been running applications in the cloud for many years now and has developed secure and robust ways for data exchange. Technologies such as Secure Access Service Edge (SASE), SD-WAN, Security Service Edge (SSE), and Full Stack Observability (FSO) ensure that this exchange is secure and meets required SLAs.
Beydoun: 5G is designed to connect to many different types of devices that can allow for minimizing energy consumption in battery powered sensors with low-band radio frequencies while minimizing latency for automation equipment with high-band radio frequencies. Private 5G networks also open up the possibility of transporting data from a user to an edge compute device for processing and then back again for usage.
The value of this approach is that the user’s device can be much lighter due to not requiring as heavy of a battery to support built in processing capabilities. An example use case is Augmented Reality (AR) where a user could have a wearable that would allow them to access devices status and maintenance instructions connected to the plant equipment. This use case can result in reduced training requirements for workers and decreased time required to repair down equipment.
Provide technical details and on how the technology works to help educate readers on new possibilities for address the challenges of IT-OT integration.
Bhargava: Network equipment: Commonality between enterprise and operations networking equipment such as the operating system, configuration and control protocols make it easier for utilizing the common set of tools and leverage the skills IT already has, making it easier for IT to help OT. Equipment that provides insights into the traffic with network telemetry (NetFlow) capabilities, automation of tasks with configuration with RESTCONF, NETCONF, etc., APIs, and support for software-based segmentation capabilities as well as remote access to industrial assets, help place IT in a better position to make the OT network scalable, flexible, and high performing.
Operations security: Cybersecurity is on top of everyone’s minds and both teams realize the need to protect operations. Tools that perform deep packet inspection (DPI) on network traffic can provide granular visibility into connected assets, traffic patterns, and vulnerabilities. This insight can be used to make operations secure by addressing vulnerability issues, defining, and enforcing segmentation policies, continuous monitoring for identifying potential threats, and taking proactive actions to mitigate these threats.
For example, Cisco Cyber Vision sensor resides withing Cisco industrial switches, performs DPI, and provides insights that can be used by Cisco Identity Services Engine (ISE) and Cisco DNA Center to set policies that are enforced by Cisco industrial switches.
Machine-to-cloud: Cloud technologies under the umbrella of SASE architecture deliver converged networking and security-as-a-service capabilities. The architecture includes SD-WAN which brokers between WAN links such as MPLS, 4G/5G, etc., for the best possible connection, helping improve application performance. Another part of SASE is SSE which provides a set of security services to defend against threats and enforce user, data, and application access policies.
FSO helps identify performance issues that IT teams can quickly address before they become a problem. It goes beyond visibility of performance in a single part of the network but provides insights into the entire “technology stack” that includes endpoints, operations network, enterprise network, SD-WAN, and even cloud applications. This is another area that operations can benefit from IT expertise.
Beydoun: 5G networks are able to accomplish the task of multiple specialized networks through a technology called network slicing. Portions of a network can be optimized for a specific application and operate independently. These slices can be more efficient by being tailored to exactly what they need to accomplish. Network slicing can divide up a network in a way similar to Virtual Local Area Networks (VLANs).
Today, 5G offers the ability to enable IT/OT collaboration as a direct connection from added sensors or existing machine diagnostics to higher level systems such as Supervisory Control and Data Acquisition (SCADA), Computerized Maintenance Management Systems (CMMS), Enterprise Resource Planning (ERP), and cloud environments for data evaluation and response. While many of today’s 5G enabled applications are currently supplements to existing automation network infrastructure, that is likely to change as further technology enhancements to adapt 5G to industrial automation take place and additional successful use cases are proven.
Given the challenges of IT-OT Convergence, from a technology perspective, what is your take on the importance of this issue for your customers and plans currently in progress.
Bhargava: Most of our customers recognize the importance of bridging the gap between these traditionally separate domains due to the increasing adoption of digital transformation, Industry 4.0, and the Industrial Internet of Things (IIoT). However, not everyone is where they need to be. Technology certainly helps.
For example, Unilin Group, part of Mohawk industries, and maker of flooring, MDF boards, and insulation panels, adopted Industry 4.0. IT quickly realized that they needed visibility, segmentation, and control. This realization spurred the IT team to standardize on Cisco Catalyst IE3400 switches at scale and run Cyber Vision for visibility and to define segmentation policies.
Bcause the budget was owned by OT, IT demonstrated to them the value, benefits, and potential savings to make the case for change, partnered with the OT team, and together they defined and enforced security policies that do not disrupt production. Read the Unilin case study.
Another customer that comes to mind is Gwinnett County DOT in Georgia, USA. To effectively manage traffic across a network of 2650 miles (about the width of the United States) of roads and 750 traffic signals, their OT teamed up with IT to digitize their vast network with Cisco Catalyst IE3400, Cisco Catalyst IE3300 and other switches. They decided early on that the DOT network would not be in a bubble, and that it would be tied to their IT network, which would give them the flexibility to access it from anywhere in the county. Read the Gwinnett County DOT story.
Several other customers have similar projects in progress, and we hope to report on their achievements in due course.
Beydoun: Public 5G networks offer lower cost and convenience through sharing the costs of a pre-configured standard network with others. However, Private 5G networks are ideal for industrial use by ensuring higher potential levels of application customization, security, and reliability. Private 5G networks for automation are in the process of being deployed now. In fact, the EtherNet/IP industrial network has been shown to be ready to use with 5G through a proof-of-concept test between Ericsson, Qualcomm, and Rockwell Automation.
A test plan was developed and executed to show reliable EtherNet/IP and CIP Safety communication with the goal of zero faults. The test cases were run from a Rockwell GuardLogix area controller over 5G (3GPP Release-15, NSA, on-premise, mmWave spectrum) to Rockwell FLEX 5000 I/O devices across 12 different areas with a range of requested packet interval (RPI) settings. RPI is the rate at which the controller and the I/O exchange data. The test was successful and shows that a private 5G network can support default EtherNet/IP and CIP Safety RPI settings as a result of low latency and jitter. The supported RPI settings will allow for wireless industrial applications such as stationary (static, nomadic, rotating parts) skids, machines or equipment that use EtherNet/IP standard and safety I/O communications.