Modernizing industrial control systems (ICS) can feel alot like trying to give Frankenstein a makeover. There are so many components that comprise the system, from different vendors, with varying protocols modems, sensors, software, gateways, IT, OT, historians, HMI, and the list goes on. Removing old systems, upgrading, and enhancing, and integrating them back together again can be challenging…..but it can be much easier if the right questions are answered prior to embarking on this journey. In this short article, we’ll explore 5 key questions engineers and managers MUST answer before major work begins.
DOES THIS UPGRADE SUIT OUR OVERALL BUSINESS STRATEGY?
While the end goal for manufacturers is to extract maximum profits from investment in people, equipment and facilities, developing a 5-to-10 year outlook for your industrial control systems can provide a path for increased safety, reliability and profitability. Here are a few considerations.
1. Flexibility. Since ICS tend to remain in place for 10-20 years, the ICS architecture must allow for future add-ons. As technology advances, you’ll be able to incorporate these additional features with less cost and effort.
2. Mobile Technology. Discuss with your team how this could help them save time. The decision to incorporate mobile technology into your ICS can be a huge win for your organization, but its integration must be well planned in order to maximize the benefits.
3. Plan for Data Analytics. As more and more companies move to cloud-based data storage, you will be prepared to take advantage of machine learning algorithms that can give your business a competitive edge.
WHAT DEFINES A SUCCESSFUL INTEGRATION?
Thinking about the finished result before beginning complex projects, can be helpful for everyone involved. Are you seeking the modernization to lower cost, reduce downtime, improve productivity, provide redundancy, or replace obsolescence? The answer is likely all of the above, but you must be clear in communicating these outcomes. Although the details are yet to be defined, imagining how your organization will operate after the integration, gives team members a vision for the future as they begin their planning.
DO WE HAVE THE RIGHT EXPERTISE AT THE TABLE?
Having a clear plan is a must for these types of projects. But the next critical piece is assembling the right team with the proper expertise.
Here are 6 significant dream team components:
Executive Sponsor – She must help create and sell the vision.
Project Manager – You must have a great one and give her the proverbial “Thor Hammer” to make decisions.
Operations, Engineering and Maintenance – Must all have a seat at the table, as they are critical stakeholders.
ICS Consultant – Develop a relationship with an ICS consultant who specializes in your types of projects and is an expert in designing clear and effective roadmaps. He can help uncover lots of hidden challenges.
System Integrator – Be sure your system integrator has processes and procedures to properly design and test the systems to catch errors prior to installation.
Key Automation Vendors— Bring in key automation vendors and leverage their engineering teams' expertise to help maximize value from your purchase.
HOW WILL WE PROTECT AGAINST CYBER ATTACKS?
With the proliferation of cyber attacks like from Stuxnet, CrashOverride\Industroyer, WannaCry, ExPertr, and many others, everyone is scrambling to strengthen their systems to make them more cyber secure. And if you were to search for terms like ICS Cybersecurity software and ICS security, you’ll find a host of vendors selling many different solutions.
Consider these suggestions before you engage with vendors that sell cybersecurity solutions.
1. Develop a complete network architecture layout drawing for your control system. If the network spans multiple locations, be sure the overview drawing clearly shows all the system links. Your cybersecurity solutions must be comprehensive and include your entire control system infrastructure.
2. Include protection for wireless devices and networks. There are many techniques for bridging wireless networks, so be sure your entire network is protected from attacks.
3. Have a plan for patching and updating. This can be a significant effort after a project is completed, so plan the budget and manpower accordingly.
4. Schedule regular vulnerability assessments. These are a must and should be taken seriously. Once secure doesn’t mean always secure, and the only way to verify is through periodic assessments.
5. Automate reporting as much as possible. Hundreds of man-hours can be saved yearly when reporting is automated.
WHAT IS YOUR IN-HOUSE TRAINING PLAN TO ENSURE FUTURE SUCCESS?
Training is often considered during the final phases of ICS modernizations, but should be planned from the outset.
Here are 3 tips for developing a long-term training plan.
• Dedicate at least 1 person from each stakeholder group to discuss the training needs of each department.
• Prior to signing a contract with manufacturers or system integrators, have a clear plan for your training needs. Oftentimes vendors will throw in training at reduced prices to get the deal done.
• Consider the option of in-house personnel working on the design, in conjunction with the vendor, to develop resident expertise. This can help reduce support costs and build towards a more technically qualified in-house workforce.
Karonn Blue P.E., PMP is an Industrial Control System (ICS) Engineer specializing in helping organizations successfully design, secure and integrate robust ICS solutions. After spending over 15 years in engineering, leadership, and consulting for industrial control systems, I know the challenges faced by owners of critical infrastructure and what it takes to ensure these systems remain safe, reliable and compliant. Our team continually seek ways that technology, global best practices, and strategic partnerships can help protect your assets as your business and threats continually evolve. If you have questions or to set up an appointment to discuss your organization's SCADA/ICS situation and needs, Contact me at: kblue@LLBLUEeng.com