Cloud computing and mobile are well-entrenched tools for typical enterprise-based businesses, but uptake for plant and distributed manufacturing and process applications has been slower. Nevertheless, the tailwinds and potential benefits of leveraging cloud and mobile systems are undeniably pushing industry toward more widespread adoption. Security, however, is a looming obstacle that technologists are struggling to address in a way that will truly unleash the potential of cloud and mobile for plant and field-based applications.
Obstacles vs. Opportunities
|M.G. Bryan Equipment Co., a heavy equipment and machinery OEM for the oil and gas industry, is using cloud computing for remote asset management of high-tech fracturing equipment. Designed and integrated with Rockwell Automation, M.G. Bryan’s new equipment’s control and information system leverages Microsoft Corp.’s Windows Azure cloud-computing platform to help provide secure, remote role-based access to real-time information, automated maintenance alerts, and service and parts delivery requests.|
“Many companies we advise are under constant threat—both malicious, from hackers and viruses, and accidental, from uneducated employees and well-meaning contractors, among others,” says Brad Hegrat, business manager for Industrial Security at Rockwell Automation. “A breach at a critical moment could trigger a cascade of negative events, and nobody wants that on their watch.” At the same time, Hegrat says many manufacturers and industrial process organizations are looking to cloud and mobile solutions as cost-effective enablers of information access and productivity. Ultimately, he says the emergence of cloud and mobile solutions will likely improve the security of data, as it will force manufacturers and industrial process organizations to bolster their methods for protecting data, whether it be accessible via the cloud, a mobile device, or more traditional means.
Muthuraman Ramasamy, industry analyst for Industrial Automation & Process Control at Frost & Sullivan, says that while process and discrete manufacturers have traditionally been laggards when it comes to new technology adoption, there is significant pressure on such organizations to be more nimble, agile and flexible, which is causing them to look at cloud and mobile solutions as potential game-changers for the efficiency of their business. But with more connected devices and systems comes more potential points of vulnerability, an issue that demand improvement going forward, according to Ramasamy. He says, “While [Secure Sockets Layer] certification continues to make inroads across a variety of applications, industry still needs to adopt high-profile security standards to facilitate easier transition of mainstream applications to move to the cloud.”
As manufacturers and process organizations become more data and information-technology driven, Hegrat says systems will need to be secure by design. He says manufacturers need to account for security from the beginning so it touches on all layers within the organization—device, controller, process, mobile devices, enterprise, and the cloud. “Applications will be in clouds, either on-premise or off, public or private,” says Hegrat. “The data must be delivered to be valuable, so validating the data and managing its access becomes the real concern, rather than focusing only on which devices or platforms it sits on and who has access.”
A Technological Advantage
|With M.G. Bryan’s cloud-based solution, data can be pulled from the cloud via mobile devices and Web browsers to produce reports and dashboards on the condition of individual vehicles’ drivetrains and on hydraulic fracturing performance, as well as process performance and maintenance trends related to entire fleets.|
According to Ramasamy, the move toward mobile workforce solutions is the most significant trend within the industrial automation sector today. He says the potential benefits of connectivity include operational efficiency, increased performance optimization, and anywhere-anytime access. “As margins become wafer-thin, investments will definitely continue to happen in technologies that provide end-users the competitive edge,” says Ramasamy.
Hegrat says cloud and mobile solutions are particularly well suited for organizations that have distributed assets over wider geographies or those hamstrung by cost constraints that make it difficult to justify investment in traditional on-premise computing hardware. Since cloud computing platforms are shared, they come at a fraction of the price of bringing similar capability in-house. They also offer the benefit of streamlining the technology upgrade process, making system scalability an inherent part of the process rather than having to weigh the cost-benefit of each and every possible upgrade.
“These new technologies will enhance manufacturers’ abilities to drive greater productivity and quality, significantly enhance their ability to collaborate (within the four walls of a plant and beyond), and enable new, services-based business models for their customers,” says Hegrat. “And when integrated with GPS, [Radio Frequency Identification] and barcode technology, for example, these technologies also offer entirely new capabilities in quality and asset management.”
Despite the clear benefits of cloud and mobile solutions outlined here, the security concerns remain. As such, end-users need to consider the pros of such new technologies as cloud computing and mobility against the cons of potential new security vulnerabilities. Whether it is worth it for manufacturers to leverage these technologies will vary by company or even plant. Before rolling out either cloud-based or mobile solutions, Hegrat says companies should perform a full risk assessment. “Some producers might be wary of enabling mobile users with full read-write functionality in the control system,” he says. “Plants must have robust security for a legacy environment if they expect their cloud and mobile data to be secure—if employing technologies in either area forces a company to improve security overall, that’s a good thing.”
For most end-users, the first logical step when employing cloud and/or mobile solutions is to focus on information-centric applications rather than more sophisticated control-based uses. Hegrat says this tends to allay much of the concern end-users have around intellectual property and allows them to concentrate on new, high value-add solutions that enhance their current capability.
Still, whatever the focus, security must remain a priority, and end-users must design their security program in a thoughtful way. “A balanced security program should have rules for devices, technology and people, following the ISA 99 standards,” says Hegrat. “Manufacturers may be able to tell employees they aren’t allowed to surf the Web from an HMI, but in order to effectively prevent them, companies need to put a technical control in place.”
Hegrat says most plants are concerned with stolen phones and IP leaks. To prevent this, he says some companies bar mobile devices from the plant floor. It is also possible to prevent access to the system by removing mechanisms that allow mobile device plug-ins to the system—blocking wireless access and USB ports or requiring certificates to get on to the system environment will accomplish this.
The root concern most end-users have with mobile and cloud-based solutions is the lack of control. BYOD (Bring Your Own Device), whereby employees are bringing personal mobile devices into the workplace is one example of the complicated issues that need to be addressed when employing mobile solutions. “BYOD by its very nature requires that IT relinquish some level of control, which can be frightening,” says Hegrat. “Unless the device becomes a supported IT asset and implements all virus/theft/security protocols, this device is inherently less controlled, and less secure.”
While security is an issue to be considered when implementing cloud and/or mobility solutions, Ramasamy says it should not be used as an excuse not to move forward, as the larger realities of doing business in the modern world will force movement in this direction one way or another. “The traditional way of doing things within manufacturing is notoriously conservative, which hampers the developmental process of adopting new technologies,” he says. “As the skilled workforce retires, the industry will be forced to adopt next-generation solutions such as cloud and mobility for the digital natives.”
Hybrid Cloud Computing
| What Is ISA99?
ISA99 is a standards committee under the auspices of the Instrumentation Society of America that is focused on fostering best practices for Industrial Automation and Control Systems. The defined purpose of the ISA99 committee is to develop and establish standards, recommended practices, technical reports, and related information that will define procedures for implementing electronically secure industrial automation and control systems and security practices and assessing electronic security performance. The products of the committee are intended for professionals involved with designing, implementing, or managing industrial automation and control systems as defined in the committee scope. This guidance also applies to users, system integrators, security practitioners, and control systems manufacturers and vendors.
You can find the ISA’s WIKI on ISA99 @ http://isa99.isa.org.
Regarding cloud computing specifically, the concept of storing data on a public database that is hosted externally is hard for many manufacturers and process organizations to get over. And for some applications, a traditional remotely located cloud-based solution is not realistic. As such, the concept of public/private (or hybrid) cloud computing has gained some attention.
Hybrid cloud computing describes the use of a combination of servers that are on-premise or off-site and publicly or privately owned. Using a hybrid system can enable a more dynamic and flexible solution, but does contain some in-company infrastructure. For example, Hegrat says a hybrid cloud computing system would benefit a control system in SCADA applications, like an oil and gas pipeline. “Supervisory control critical to operations and safety could be handled on a privately owned server on-site near the control center,” he says. “Telemetry, like condition and vibration monitoring, could be run from a publically owned, off-site cloud.
“High-speed, high-precision motion control applications are an example of applications where use of a purely off-site cloud doesn’t seem feasible,” says Hegrat. “However, a hybrid approach where motion control was done locally and outputs or variances are logged and sent to a public cloud would seem more likely to succeed.”
The Big Picture
Ultimately, digital security is a larger issue than just mobility and cloud computing. However, the emergence of mobility and cloud computing may serve as the tipping point for bringing the security issue to the fore in manufacturing and industrial process environment. “For the most part, a security mechanism does not differentiate between traditional applications and those on the cloud or that use mobile solutions,” says Hegrat. “It’s important that manufacturers patch end points and leverage firewalls regardless of approach.”
Hegrat says security best practices will continue to emerge as more applications leverage new technologies (such as mobile and cloud), more penetration tests are performed, and more new security technologies come online for the cloud and/or mobile devices.
“Companies must build their security from the inside out,” says Hegrat. “There is no security product that can be purchased and bolted on to an enterprise or injected into a network once the decision has been made to employ the cloud or connect tablets to plant information.”
Looking ahead, Hegrat says companies need to be prepared to address intellectual property leakage, as this will continue to be one of the primary digital security concerns in the years to come. In some ways, he says moving data outside the plant makes it more vulnerable to attack, exposing it to increasingly sophisticated social engineering practices designed specifically to get access to confidential data. However, Hegrat says companies shouldn’t avoid new technologies altogether as a result.
“We anticipate that the rate of mobile and cloud adoption will continue to grow with advancements in deep packet inspection (DPI),” says Hegrat. DPI acts as a network gatekeeper, whereby all packets of network data are filtered, and each part is examined to ensure there are no viruses or spam and that the packet complies with protocol. With this level of detail, Hegrat says end-users can see in real time what is going on in specific data streams and make decisions based on actions inherent in the data stream itself.
“The ability to better track sessions in a network environment will also improve security for cloud and mobile applications, as well for an enterprise in general,” says Hegrat. “This allows administrators to see the conversations taking place between system actors—a controller, a line operator, a printer, etc. This contextual awareness will allow administrators to better protect against corrupted actors by providing the visibility needed to take action.”
“The ROI and tailwinds of the market are really strong,” says Ramasamy. “Thereby, the industry is geared more towards solving the security-related challenge.” However, he says it will likely be at least five years before mainstream process improvements via cloud and mobility solutions are seen.