IT support of industrial control networks

Ask most plant personnel what they think of IT support for their industrial control systems (ICS) and you’re likely to receive a barrage of complaints in response. But why?

09/17/2013

Flash is required!

Jason Montroy discusses the relationship of IT and OT, and suggests how networks can support remote monitoring and services.



It’s no secret these days that information technologies (IT) and operations technologies (OT) are continually merging. In the past, two different groups built and managed the dichotomy: OT ran the plant; IT managed the plant’s information. Today, modern OT resides within IT networks. While it’s still clear that IT should support the business network and operations should manage the OT systems, it’s less clear who should manage the OT network.

Some argue that IT should manage plant networks because they consist of similar and/or identical equipment and technology that IT is already supporting on the business side. However, others typically argue that daily plant operation depends on that equipment and technology, and it cannot be handled in the exact same way the business network is supported. They contend that management of the OT network should stay in the plant because it is ultimately responsible for any failures that arise. Both approaches can be problematic.

While traditional IT staffers can support the equipment, they often don’t understand how their daily tasks can affect plant production and process safety. To illustrate possible ramifications, consider this real-life example: IT staffers at an offshore support desk deployed OS patches to a fleet of equipment in an ethanol plant, just as they would in a typical business network. However, the group of rebooted machines contained both the primary and backup HMI servers for the alcohol area of the plant. The result? Control room operators lost control over the equipment. The plant processes continued to run, but they had no control over what it was doing. If the plant was a car, the operators were driving it blindfolded, with no steering.

On the flip-side, while OT or automation staffers know very well managing IT equipment can affect plant production and process safety, they often lack the technical knowledge that it takes to support the business networks properly.

That said, let’s talk about two important things that must be done by those who support the network regardless of who they are.

• Know the risks – It’s absolutely imperative that every single person who supports a plant network be aware of the inherent risks involved with manufacturing technology. As we discussed above, very real ramifications can result in treating OT systems the same way you treat your IT systems. If this is not done, you are asking for trouble. I’ve dealt with clients who have handled this in different ways. One chose to train an entire IT organization the basics of process control technologies. Another chose to build a team within their IT organization that would only support manufacturing IT. The latter ended up being a much more sustainable solution.

• Establish and adhere to a formal management of change (MOC) process – An effective MOC process will identify the need for change. Assess the impact on plant operations. Bring the right players to the table to approve the change. Schedule the change at the optimum time to reduce risk and define the best method of execution. Going through these steps before each and every change will greatly reduce the risk of a downtime event or process disruption.

How are your plant networks supported?

This post was written by Jason Montroy. Jason is the Client Relationship Manager at MAVERICK Technologies, a leading automation solutions provider offering industrial automation, strategic manufacturing, and enterprise integration services for the process industries. MAVERICK delivers expertise and consulting in a wide variety of areas including industrial automation controls, distributed control systems, manufacturing execution systems, operational strategy, business process optimization and more. 



Sonny , NC, United States, 09/18/13 11:17 PM:

We have good support from IT for the majority of the network (fiber and managed switches). We (OT) do our own industrial switches that then connect to the plant LAN, on a seperate VLAN. IT does not support the OS on our VLAN. They do support security software. Working smoothly